Re: [RFC][PATCH 2/2] modsig: differentiate between ephemeral and persistent key names

From: Rusty Russell
Date: Sun Dec 02 2012 - 21:46:06 EST

Next message: Rusty Russell: "Re: linux-next: build failure after merge of the modules tree"
Previous message: Rusty Russell: "Re: [net-next rfc v7 2/3] virtio_net: multiqueue support"
Next in thread: Mimi Zohar: "Re: [RFC][PATCH 2/2] modsig: differentiate between ephemeral andpersistent key names"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> writes:
> Using the same name for ephemeral and "persistent" keys results
> in deleting the "persistent" key. This patch renames the normal
> kbuild asymmetric key pair name to "default_signing_key" and the
> ephemeral key pair name to "ephemeral_signing_key".

I like the idea: I was always uncomfortable with the mixing of
persistent and temporary keys. But it's a bit misguided, because surely
persistent keys don't belong in the build tree at all.

How about we do something like:

# Default to temporary keys
MODKEYPREFIX = ./temp_signing_key

MODSECKEY = $(MODKEYPREFIX).priv
MODPUBKEY = $(MODKEYPREFIX).x509

Then encourage people to do:

make MODKEYPREFIX=...

We could also use a config option to set the path, but that's probably
less convenient.

Cheers,
Rusty.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Rusty Russell: "Re: linux-next: build failure after merge of the modules tree"
Previous message: Rusty Russell: "Re: [net-next rfc v7 2/3] virtio_net: multiqueue support"
Next in thread: Mimi Zohar: "Re: [RFC][PATCH 2/2] modsig: differentiate between ephemeral andpersistent key names"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]