diff options
| author | David Woodhouse | 2015-08-14 17:17:16 +0200 |
|---|---|---|
| committer | David Howells | 2015-08-14 17:32:52 +0200 |
| commit | 3ee550f12c1529a023f71c9b5becb3351911047b (patch) | |
| tree | a60711f8662b42d5720b90567daf718cb90eca93 /Makefile | |
| parent | modsign: Use if_changed rule for extracting cert from module signing key (diff) | |
| download | kernel-qcow2-linux-3ee550f12c1529a023f71c9b5becb3351911047b.tar.gz kernel-qcow2-linux-3ee550f12c1529a023f71c9b5becb3351911047b.tar.xz kernel-qcow2-linux-3ee550f12c1529a023f71c9b5becb3351911047b.zip | |
modsign: Handle signing key in source tree
Since commit 1329e8cc69 ("modsign: Extract signing cert from
CONFIG_MODULE_SIG_KEY if needed"), the build system has carefully coped
with the signing key being specified as a relative path in either the
source or or the build trees.
However, the actual signing of modules has not worked if the filename
is relative to the source tree.
Fix that by moving the config_filename helper into scripts/Kbuild.include
so that it can be used from elsewhere, and then using it in the top-level
Makefile to find the signing key file.
Kill the intermediate $(MODPUBKEY) and $(MODSECKEY) variables too, while
we're at it. There's no need for them.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Diffstat (limited to 'Makefile')
| -rw-r--r-- | Makefile | 7 |
1 files changed, 3 insertions, 4 deletions
@@ -870,10 +870,9 @@ INITRD_COMPRESS-$(CONFIG_RD_LZ4) := lz4 # export INITRD_COMPRESS := $(INITRD_COMPRESS-y) ifdef CONFIG_MODULE_SIG_ALL -MODSECKEY = $(CONFIG_MODULE_SIG_KEY) -MODPUBKEY = certs/signing_key.x509 -export MODPUBKEY -mod_sign_cmd = scripts/sign-file $(CONFIG_MODULE_SIG_HASH) $(MODSECKEY) $(MODPUBKEY) +$(eval $(call config_filename,MODULE_SIG_KEY)) + +mod_sign_cmd = scripts/sign-file $(CONFIG_MODULE_SIG_HASH) $(MODULE_SIG_KEY_SRCPREFIX)$(CONFIG_MODULE_SIG_KEY) certs/signing_key.x509 else mod_sign_cmd = true endif |