Re: [PATCH] MODSIGN: Change default key details [ver #2]
From: Linus Torvalds
Date: Mon May 04 2015 - 14:45:35 EST
On Sun, May 3, 2015 at 6:45 PM, Linus Torvalds
<torvalds@xxxxxxxxxxxxxxxxxxxx> wrote:
>
> I'd much rather see "x509.genkey" be generated with a move-if-changed
> pattern, so that it only changes if (a) it didn't exist before or (b)
> it actually has new content.
Hmm. Something like the attached, to make the .x509.list file be
properly generated?
That still leaves the problem that the X509_CERTIFICATES variable
itself seems to be badly defined, in that it ends up randomly having
the "./" in front of the filename due to confusion between
"signing_key.x509" being both in
X509_CERTIFICATES-y := $(wildcard *.x509) $(wildcard $(srctree)/*.x509)
(when that .x509 file was pre-existing), and
X509_CERTIFICATES-$(CONFIG_MODULE_SIG) += $(objtree)/signing_key.x509
where I think that "$(objtree)/" comes in.
DavidH, comments?
Linus
kernel/Makefile | 14 +++++---------
1 file changed, 5 insertions(+), 9 deletions(-)
diff --git a/kernel/Makefile b/kernel/Makefile
index 60c302cfb4d3..205bdc2b11e7 100644
--- a/kernel/Makefile
+++ b/kernel/Makefile
@@ -135,13 +135,6 @@ ifeq ($(X509_CERTIFICATES),)
$(warning *** No X.509 certificates found ***)
endif
-ifneq ($(wildcard $(obj)/.x509.list),)
-ifneq ($(shell cat $(obj)/.x509.list),$(X509_CERTIFICATES))
-$(info X.509 certificate list changed)
-$(shell rm $(obj)/.x509.list)
-endif
-endif
-
kernel/system_certificates.o: $(obj)/x509_certificate_list
quiet_cmd_x509certs = CERTS $@
@@ -151,9 +144,12 @@ targets += $(obj)/x509_certificate_list
$(obj)/x509_certificate_list: $(X509_CERTIFICATES) $(obj)/.x509.list
$(call if_changed,x509certs)
+define filechk_x509_list
+ echo $(X509_CERTIFICATES)
+endef
targets += $(obj)/.x509.list
-$(obj)/.x509.list:
- @echo $(X509_CERTIFICATES) >$@
+$(obj)/.x509.list: Makefile FORCE
+ $(call filechk,x509_list)
endif
clean-files := x509_certificate_list .x509.list