On Mon, 2015-05-04 at 11:45 -0700, Linus Torvalds wrote: > On Sun, May 3, 2015 at 6:45 PM, Linus Torvalds > <[email protected]> wrote: > > > > I'd much rather see "x509.genkey" be generated with a move-if-changed > > pattern, so that it only changes if (a) it didn't exist before or (b) > > it actually has new content. > > Hmm. Something like the attached, to make the .x509.list file be > properly generated? > > That still leaves the problem that the X509_CERTIFICATES variable > itself seems to be badly defined, in that it ends up randomly having > the "./" in front of the filename due to confusion between > "signing_key.x509" being both in > > X509_CERTIFICATES-y := $(wildcard *.x509) $(wildcard $(srctree)/*.x509) > > (when that .x509 file was pre-existing), and > > X509_CERTIFICATES-$(CONFIG_MODULE_SIG) += $(objtree)/signing_key.x509 > > where I think that "$(objtree)/" comes in. > > DavidH, comments?
Why not just take multiple certs in PEM form in a single file, rather than automatically including *.x509 in DER form? Wouldn't that be a whole lot easier? We can still have a special case for signing_key.x509 if we want it. -- dwmw2 -- David Woodhouse Open Source Technology Centre [email protected] Intel Corporation
smime.p7s
Description: S/MIME cryptographic signature
