What's the word on this? On Mon, 2015-04-13 at 15:16 +0200, Michal Marek wrote: > Added David Howels and keyrings@xxxxxxxxxxxxx to Cc > > Michal > > On 2015-04-10 02:37, Abelardo Ricart III wrote: > > > > The module-signing.txt documentation states that the kernel will use an > > existing > > x.509 key pair for module signing should they exist in the root of the > > source tree. > > However, user provided signing keys are unexpectedly overwritten during > > build if the > > last-modified times on the key pair are older than the "x509.genkey" target > > dependency. > > This fix stops this unexpected behavior, and warns if the key pair was not > > found. > > > > Signed-off-by: Abelardo Ricart III <aricart@xxxxxxxxxx> > > --- > > > > diff --git a/kernel/Makefile b/kernel/Makefile > > index 1408b33..10c8df0 100644 > > --- a/kernel/Makefile > > +++ b/kernel/Makefile > > @@ -168,7 +168,8 @@ ifndef CONFIG_MODULE_SIG_HASH > > $(error Could not determine digest type to use from kernel config) > > endif > > > > -signing_key.priv signing_key.x509: x509.genkey > > +signing_key.priv signing_key.x509: | x509.genkey > > + $(warning *** X.509 module signing key pair not found in root of > > source tree ***) > > @echo "###" > > @echo "### Now generating an X.509 key pair to be used for signing > > modules." > > @echo "###" > > > > -- > To unsubscribe from this list: send the line "unsubscribe linux-kbuild" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe linux-kbuild" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
