Re: [PATCH v2] certs: Fix wrong kconfig option used for x509_revocation_list

[David Howells]

Eric Snowberg <eric.snowberg@xxxxxxxxxx> wrote:

> >> @@ -11,7 +11,7 @@ hostprogs-always-$(CONFIG_ASN1)				+= asn1_compiler
> >> hostprogs-always-$(CONFIG_MODULE_SIG_FORMAT)		+= sign-file
> >> hostprogs-always-$(CONFIG_SYSTEM_TRUSTED_KEYRING)	+= extract-cert
> >> hostprogs-always-$(CONFIG_SYSTEM_EXTRA_CERTIFICATE)	+= insert-sys-cert
> >> - hostprogs-always-$(CONFIG_SYSTEM_BLACKLIST_KEYRING)	+= extract-cert
> >> +hostprogs-always-$(CONFIG_SYSTEM_REVOCATION_LIST)	+= extract-cert
> > 
> > Hmmm...  We have extract-cert listed twice.  Does that matter, I wonder?
> 
> Isn’t this necessary, since one could build with either 
> CONFIG_SYSTEM_REVOCATION_LIST or CONFIG_SYSTEM_TRUSTED_KEYRING, without 
> the other being defined?

Well, it could be handled with its own Kconfig, say CONFIG_BUILD_EXTRACT_CERT,
but that would seem like overkill.  I think make should handle a dependency
being listed multiple times for a target, but it might make sense to list them
next to each other.

David