Re: [PATCHv2 RFC 1/1] Explicit check for existing X.509 module signing keypair

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Added David Howels and keyrings@xxxxxxxxxxxxx to Cc

Michal

On 2015-04-10 02:37, Abelardo Ricart III wrote:
> 
> The module-signing.txt documentation states that the kernel will use an existing
> x.509 key pair for module signing should they exist in the root of the source tree.
> However, user provided signing keys are unexpectedly overwritten during build if the 
> last-modified times on the key pair are older than the "x509.genkey" target dependency.
> This fix stops this unexpected behavior, and warns if the key pair was not found.
> 
> Signed-off-by: Abelardo Ricart III <aricart@xxxxxxxxxx>
> ---
> 
> diff --git a/kernel/Makefile b/kernel/Makefile
> index 1408b33..10c8df0 100644
> --- a/kernel/Makefile
> +++ b/kernel/Makefile
> @@ -168,7 +168,8 @@ ifndef CONFIG_MODULE_SIG_HASH
>  $(error Could not determine digest type to use from kernel config)
>  endif
>  
> -signing_key.priv signing_key.x509: x509.genkey
> +signing_key.priv signing_key.x509: | x509.genkey
> +       $(warning *** X.509 module signing key pair not found in root of source tree ***)
>         @echo "###"
>         @echo "### Now generating an X.509 key pair to be used for signing modules."
>         @echo "###"
> 

--
To unsubscribe from this list: send the line "unsubscribe linux-kbuild" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Linux&nblp;USB Development]     [Linux Media]     [Video for Linux]     [Linux Audio Users]     [Yosemite Secrets]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux