The module-signing.txt documentation states that the kernel will use an existing
x.509 key pair for module signing should they exist in the root of the source tree.
However, user provided signing keys are unexpectedly overwritten during build if the
last-modified times on the key pair are older than the "x509.genkey" target dependency.
This fix stops this unexpected behavior, and warns if the key pair was not found.
Signed-off-by: Abelardo Ricart III <aricart@xxxxxxxxxx>
---
diff --git a/kernel/Makefile b/kernel/Makefile
index 1408b33..10c8df0 100644
--- a/kernel/Makefile
+++ b/kernel/Makefile
@@ -168,7 +168,8 @@ ifndef CONFIG_MODULE_SIG_HASH
$(error Could not determine digest type to use from kernel config)
endif
-signing_key.priv signing_key.x509: x509.genkey
+signing_key.priv signing_key.x509: | x509.genkey
+ $(warning *** X.509 module signing key pair not found in root of source tree ***)
@echo "###"
@echo "### Now generating an X.509 key pair to be used for signing modules."
@echo "###"
--
To unsubscribe from this list: send the line "unsubscribe linux-kbuild" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
