On Sat, 2 Apr 2016 10:55:22 -0700 Benjamin Poirier <bpoirier@xxxxxxxx> wrote: > When using `make localmodconfig` and friends, if the input config comes > from a kernel that was built in a different environment (for example, the > canonical case of using localmodconfig to trim a distribution kernel > config) the key files for module signature checking will not be available > and should be regenerated or omitted. Otherwise, the user will be faced > with annoying errors when trying to build with the generated .config: > > make[1]: *** No rule to make target 'keyring.crt', needed by 'certs/x509_certificate_list'. Stop. > Makefile:1576: recipe for target 'certs/' failed > > Signed-off-by: Benjamin Poirier <bpoirier@xxxxxxxx> > --- > scripts/kconfig/streamline_config.pl | 34 ++++++++++++++++++++++++++++++++++ > 1 file changed, 34 insertions(+) > > diff --git a/scripts/kconfig/streamline_config.pl b/scripts/kconfig/streamline_config.pl > index 7036ae3..514735d 100755 > --- a/scripts/kconfig/streamline_config.pl > +++ b/scripts/kconfig/streamline_config.pl > @@ -610,6 +610,40 @@ foreach my $line (@config_file) { > next; > } > > + if (/CONFIG_MODULE_SIG_KEY="(.+)"/) { > + my $orig_cert = $1; > + my $default_cert = "certs/signing_key.pem"; > + > + # Check that the logic in this script still matches the one in Kconfig > + if (!defined($depends{"MODULE_SIG_KEY"}) || > + $depends{"MODULE_SIG_KEY"} !~ /"\Q$default_cert\E"/) { > + die "Assertion failure, update needed"; Instead of dieing here, what about just going back to the current behavior, and ignore the sig keys? -- Steve > + } > + > + if ($orig_cert ne $default_cert && ! -f $orig_cert) { > + print STDERR "Module signature verification enabled but ", > + "module signing key \"$orig_cert\" not found. Resetting ", > + "signing key to default value.\n"; > + print "CONFIG_MODULE_SIG_KEY=\"$default_cert\"\n"; > + } else { > + print; > + } > + next; > + } > + > + if (/CONFIG_SYSTEM_TRUSTED_KEYS="(.+)"/) { > + my $orig_keys = $1; > + > + if (! -f $orig_keys) { > + print STDERR "System keyring enabled but keys \"$orig_keys\" ", > + "not found. Resetting keys to default value.\n"; > + print "CONFIG_SYSTEM_TRUSTED_KEYS=\"\"\n"; > + } else { > + print; > + } > + next; > + } > + > if (/^(CONFIG.*)=(m|y)/) { > if (defined($configs{$1})) { > if ($localyesconfig) { -- To unsubscribe from this list: send the line "unsubscribe linux-kbuild" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html