[PATCH hulk-4.19-next] KEYS: Include pubring.gpg in system_certificates.o only if present
hulk inclusion category: feature feature: IMA digest lists bugzilla: NA https://gitee.com/openEuler/kernel/issues/I3916O
------------------------------------------------
This patch includes pubring.gpg in system_certificates.o only if it is found in the certs directory of the source tree.
Signed-off-by: Roberto Sassu roberto.sassu@huawei.com --- certs/Makefile | 13 +++++++------ certs/system_certificates.S | 2 +- 2 files changed, 8 insertions(+), 7 deletions(-)
diff --git a/certs/Makefile b/certs/Makefile index 5053e3c86c97..766c5d003093 100644 --- a/certs/Makefile +++ b/certs/Makefile @@ -4,12 +4,6 @@ #
obj-$(CONFIG_SYSTEM_TRUSTED_KEYRING) += system_keyring.o system_certificates.o -ifdef CONFIG_PGP_PRELOAD_PUBLIC_KEYS -ifneq ($(shell ls certs/pubring.gpg 2> /dev/null), certs/pubring.gpg) -$(shell touch certs/pubring.gpg) -endif -$(obj)/system_certificates.o: certs/pubring.gpg -endif obj-$(CONFIG_SYSTEM_BLACKLIST_KEYRING) += blacklist.o ifneq ($(CONFIG_SYSTEM_BLACKLIST_HASH_LIST),"") obj-$(CONFIG_SYSTEM_BLACKLIST_KEYRING) += blacklist_hashes.o @@ -27,6 +21,13 @@ $(obj)/system_certificates.o: $(obj)/x509_certificate_list # Cope with signing_key.x509 existing in $(srctree) not $(objtree) AFLAGS_system_certificates.o := -I$(srctree)
+ifdef CONFIG_PGP_PRELOAD_PUBLIC_KEYS +ifeq ($(shell ls $(srctree)/certs/pubring.gpg 2> /dev/null), $(srctree)/certs/pubring.gpg) +AFLAGS_system_certificates.o += -DHAVE_PUBRING_GPG +$(obj)/system_certificates.o: $(srctree)/certs/pubring.gpg +endif +endif + quiet_cmd_extract_certs = EXTRACT_CERTS $(patsubst "%",%,$(2)) cmd_extract_certs = scripts/extract-cert $(2) $@ || ( rm $@; exit 1)
diff --git a/certs/system_certificates.S b/certs/system_certificates.S index bcb7c4b4cc36..e5f58711c38c 100644 --- a/certs/system_certificates.S +++ b/certs/system_certificates.S @@ -40,7 +40,7 @@ system_certificate_list_size: .globl pgp_public_keys pgp_public_keys: __pgp_key_list_start: -#ifdef CONFIG_PGP_PRELOAD_PUBLIC_KEYS +#ifdef HAVE_PUBRING_GPG .incbin "certs/pubring.gpg" #endif __pgp_key_list_end:
On 2021/3/2 16:48, Roberto Sassu wrote:
hulk inclusion category: feature feature: IMA digest lists bugzilla: NA https://gitee.com/openEuler/kernel/issues/I3916O
This patch includes pubring.gpg in system_certificates.o only if it is found in the certs directory of the source tree.
Signed-off-by: Roberto Sassu roberto.sassu@huawei.com
Acked-by: Hanjun Guo guohanjun@huawei.com
Applied.
On 2021/3/2 16:48, Roberto Sassu wrote:
hulk inclusion category: feature feature: IMA digest lists bugzilla: NA https://gitee.com/openEuler/kernel/issues/I3916O
This patch includes pubring.gpg in system_certificates.o only if it is found in the certs directory of the source tree.
Signed-off-by: Roberto Sassu roberto.sassu@huawei.com
certs/Makefile | 13 +++++++------ certs/system_certificates.S | 2 +- 2 files changed, 8 insertions(+), 7 deletions(-)
diff --git a/certs/Makefile b/certs/Makefile index 5053e3c86c97..766c5d003093 100644 --- a/certs/Makefile +++ b/certs/Makefile @@ -4,12 +4,6 @@ #
obj-$(CONFIG_SYSTEM_TRUSTED_KEYRING) += system_keyring.o system_certificates.o -ifdef CONFIG_PGP_PRELOAD_PUBLIC_KEYS -ifneq ($(shell ls certs/pubring.gpg 2> /dev/null), certs/pubring.gpg) -$(shell touch certs/pubring.gpg) -endif -$(obj)/system_certificates.o: certs/pubring.gpg -endif obj-$(CONFIG_SYSTEM_BLACKLIST_KEYRING) += blacklist.o ifneq ($(CONFIG_SYSTEM_BLACKLIST_HASH_LIST),"") obj-$(CONFIG_SYSTEM_BLACKLIST_KEYRING) += blacklist_hashes.o @@ -27,6 +21,13 @@ $(obj)/system_certificates.o: $(obj)/x509_certificate_list # Cope with signing_key.x509 existing in $(srctree) not $(objtree) AFLAGS_system_certificates.o := -I$(srctree)
+ifdef CONFIG_PGP_PRELOAD_PUBLIC_KEYS +ifeq ($(shell ls $(srctree)/certs/pubring.gpg 2> /dev/null), $(srctree)/certs/pubring.gpg) +AFLAGS_system_certificates.o += -DHAVE_PUBRING_GPG +$(obj)/system_certificates.o: $(srctree)/certs/pubring.gpg +endif +endif
- quiet_cmd_extract_certs = EXTRACT_CERTS $(patsubst "%",%,$(2)) cmd_extract_certs = scripts/extract-cert $(2) $@ || ( rm $@; exit 1)
diff --git a/certs/system_certificates.S b/certs/system_certificates.S index bcb7c4b4cc36..e5f58711c38c 100644 --- a/certs/system_certificates.S +++ b/certs/system_certificates.S @@ -40,7 +40,7 @@ system_certificate_list_size: .globl pgp_public_keys pgp_public_keys: __pgp_key_list_start: -#ifdef CONFIG_PGP_PRELOAD_PUBLIC_KEYS +#ifdef HAVE_PUBRING_GPG .incbin "certs/pubring.gpg" #endif __pgp_key_list_end:
-
chengjian (D) -
Hanjun Guo -
Roberto Sassu