On 2015-02-13 13:15, David Howells wrote: > Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> wrote: > >> When it happens, I can do a rebuild, and the build will say >> >> X.509 certificate list changed >> >> which is kind of odd, since the list should *always* be just that >> single key for me (ie "./signing_key.509"). > > Did you by any chance set aside a build tree that went wrong? If so, could > you have a look to see what's in: > > <builddir>/kernel/.x509.list > <builddir>/kernel/x509_certificate_list (note this is binary) > <builddir>/x509.genkey > > and make sure that: > > <builddir>/signing_key.priv > <builddir>/signing_key.x509 > > both exist. I wonder if the problem might perhaps be due to one of > signing_key.priv or signing_key.x509 getting removed somehow - but not both. It could also be due to the usage of realpath when building the certificate list: X509_CERTIFICATES-$(CONFIG_MODULE_SIG) += $(objtree)/signing_key.x509 X509_CERTIFICATES-raw := $(sort $(foreach CERT,$(X509_CERTIFICATES-y), \ $(or $(realpath $(CERT)),$(CERT)))) If signing_key.x509 hasn't been generated yet, it will be stored as as ./signing_key.x509. In a later make invocation, realpath will resolve it into /home/.../signing_key.x509. But then, it should fail every time, because of the := assignment. Michal -- To unsubscribe from this list: send the line "unsubscribe linux-kbuild" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html