Rusty Russell <rusty@xxxxxxxxxxxxxxx> wrote: > Right. I think we need to use different names for generated vs supplied > files The problem with supplied files is people who do allyesconfig, allmodconfig and randconfig just to test things finding that their builds break. The kernel build magic is not really set up to handle external files like this. I suppose make logic can be used to conditionally include stuff that might not exist. > BTW, you missed a Signed-off-by: on your "MODSIGN: Use the same digest > for the autogen key sig as for the module sig" patch. Please update. Done. I've also added a patch to convert the system clock to a struct tm and to produce a struct tm within the ASN.1 decode and then compare those rather than time_t values as a way to deal with the validity time overflow problem. We may have to be able to handle certificates that we haven't generated that stretch beyond 2038 (I wonder if we might find such in the UEFI key database for example. Another way of dealing with this could be to make mktime() within the kernel produce a u64 rather than an unsigned long, and then compare those. David -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html