Re: [GIT PULL] Asymmetric keys and module signing

[Rusty Russell]

David Howells <dhowells@xxxxxxxxxx> writes:

> Rusty Russell <rusty@xxxxxxxxxxxxxxx> wrote:
>
>> I noticed the Cert number didn't change with rebuilds: "distclean"
>> didn't remove some files:
>> 
>> $ git clean -f -f -x -d
>> Removing extra_certificates
>> Removing signing_key.priv
>> Removing signing_key.x509
>> Removing signing_key.x509.keyid
>> Removing signing_key.x509.signer
>> Removing x509.genkey
>
> I'm not sure whether distclean should remove those, since they can be
> externally supplied, or whether x509.genkey should have a Makefile dependency
> on kernel/Makefile.
>
> I lean towards 'yes' when I'm altering kernel/Makefile trying to get things
> right, and 'no' when I'm doing a make distclean to change my config or
> changing kernel/Makefile for some unrelated reason.

Right.  I think we need to use different names for generated vs supplied
files, then, because 'distclean' really must delete generated files.

But it turns out you do try to clean these files, it just doesn't work.
See below.  I've applied this, as well, to my tree:

        git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux.git modules-next

BTW, you missed a Signed-off-by: on your "MODSIGN: Use the same digest
for the autogen key sig as for the module sig" patch.  Please update.

Cheers,
Rusty.