'make clean' removes files listed in 'targets'. It is redundant to specify both 'targets' and 'clean-files'. Move 'targets' assignments out of the ifeq-conditionals so scripts/Makefile.clean can see them. One effective change is that certs/certs/signing_key.x509 is now deleted by 'make clean' instead of 'make mrproper. This certificate is embedded in the kernel. It is not used in any way by external module builds. Signed-off-by: Masahiro Yamada <masahiroy@xxxxxxxxxx> Reviewed-by: Nicolas Schier <n.schier@xxxxxx> --- (no changes since v1) Makefile | 2 +- certs/Makefile | 9 +++++---- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/Makefile b/Makefile index 0a6ecc8bb2d2..4e8ac0730f51 100644 --- a/Makefile +++ b/Makefile @@ -1503,7 +1503,7 @@ MRPROPER_FILES += include/config include/generated \ debian snap tar-install \ .config .config.old .version \ Module.symvers \ - certs/signing_key.pem certs/signing_key.x509 \ + certs/signing_key.pem \ certs/x509.genkey \ vmlinux-gdb.py \ *.spec diff --git a/certs/Makefile b/certs/Makefile index d1e0dad038ca..bb1763150547 100644 --- a/certs/Makefile +++ b/certs/Makefile @@ -22,12 +22,11 @@ $(eval $(call config_filename,SYSTEM_TRUSTED_KEYS)) # GCC doesn't include .incbin files in -MD generated dependencies (PR#66871) $(obj)/system_certificates.o: $(obj)/x509_certificate_list -targets += x509_certificate_list $(obj)/x509_certificate_list: scripts/extract-cert $(SYSTEM_TRUSTED_KEYS_SRCPREFIX)$(SYSTEM_TRUSTED_KEYS_FILENAME) FORCE $(call if_changed,extract_certs,$(SYSTEM_TRUSTED_KEYS_SRCPREFIX)$(CONFIG_SYSTEM_TRUSTED_KEYS)) endif # CONFIG_SYSTEM_TRUSTED_KEYRING -clean-files := x509_certificate_list .x509.list x509_revocation_list +targets += x509_certificate_list ifeq ($(CONFIG_MODULE_SIG),y) SIGN_KEY = y @@ -84,18 +83,20 @@ endif # GCC PR#66871 again. $(obj)/system_certificates.o: $(obj)/signing_key.x509 -targets += signing_key.x509 $(obj)/signing_key.x509: scripts/extract-cert $(X509_DEP) FORCE $(call if_changed,extract_certs,$(MODULE_SIG_KEY_SRCPREFIX)$(CONFIG_MODULE_SIG_KEY)) endif # CONFIG_MODULE_SIG +targets += signing_key.x509 + ifeq ($(CONFIG_SYSTEM_REVOCATION_LIST),y) $(eval $(call config_filename,SYSTEM_REVOCATION_KEYS)) $(obj)/revocation_certificates.o: $(obj)/x509_revocation_list -targets += x509_revocation_list $(obj)/x509_revocation_list: scripts/extract-cert $(SYSTEM_REVOCATION_KEYS_SRCPREFIX)$(SYSTEM_REVOCATION_KEYS_FILENAME) FORCE $(call if_changed,extract_certs,$(SYSTEM_REVOCATION_KEYS_SRCPREFIX)$(CONFIG_SYSTEM_REVOCATION_KEYS)) endif + +targets += x509_revocation_list -- 2.32.0