David Howells <dhowells@xxxxxxxxxx> writes: > Rusty Russell <rusty@xxxxxxxxxxxxxxx> wrote: > >> Right. I think we need to use different names for generated vs supplied >> files > > The problem with supplied files is people who do allyesconfig, allmodconfig > and randconfig just to test things finding that their builds break. The > kernel build magic is not really set up to handle external files like this. I > suppose make logic can be used to conditionally include stuff that might not > exist. > >> BTW, you missed a Signed-off-by: on your "MODSIGN: Use the same digest >> for the autogen key sig as for the module sig" patch. Please update. > > Done. > > I've also added a patch to convert the system clock to a struct tm and to > produce a struct tm within the ASN.1 decode and then compare those rather than > time_t values as a way to deal with the validity time overflow problem. We > may have to be able to handle certificates that we haven't generated that > stretch beyond 2038 (I wonder if we might find such in the UEFI key database > for example. OK, cherry-picked to replace my hack. It's in linux-next, and I will push in the next two days. Thanks, Rusty. -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html