On Thu, 2015-05-28 at 10:58 +0100, David Howells wrote: > David Woodhouse <[email protected]> wrote: > > > > The only issue is that the makefile expressions are a bit hairy. For > > > starters, we already have definitions for $(quote) and $(space) in > > > kbuild. I'll have a closer look at the config_filename macro and try to > > > simplify it somehow. But it's just cosmetics, the patch can be merged as > > > is for now. > > > > I've actually changed my mind about the 'awk | base64 -d' bit. The error > > handling is too poor. I'd like to do that in C with a variant of the > > existing extract_cert tool, and make sure we have proper X.509 > > certificates and error handling/reporting. > > You could also do it in perl pretty easily.
It's a fairly trivial change to scripts/extract-cert.c though, which gives you validation of the cert ASN.1 instead of just base64-decoding and importing arbitrary crap as long as it's found between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- Yeah, we could do the X.509 parsing/validation in perl too. But let's not. -- David Woodhouse Open Source Technology Centre [email protected] Intel Corporation -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
