[PATCH v2] MODSIGN: Fix including certificate twice when the signing_key.x509 already exists
This issue was found in devel-pekey branch on linux-modsign.git tree. The x509_certificate_list includes certificate twice when the signing_key.x509 already exists. We can reproduce this issue by making kernel twice, the build log of second time looks like this: ... CHK kernel/config_data.h CERTS kernel/x509_certificate_list - Including cert /ramdisk/working/joey/linux-modsign/signing_key.x509 - Including cert signing_key.x509 ... Actually the build path was the same with the srctree path when building kernel. It causes the size of bzImage increased by packaging certificates twice. v2: Using '$(shell /bin/pwd)' instead of '$(shell pwd)' for more reliable between different shells. Acked-by: David Howells Cc: Rusty Russell Cc: Josh Boyer Cc: Randy Dunlap Cc: Herbert Xu Cc: "David S. Miller" Cc: Michal Marek Signed-off-by: Chun-Yi Lee --- kernel/Makefile |5 - 1 files changed, 4 insertions(+), 1 deletions(-) diff --git a/kernel/Makefile b/kernel/Makefile index 0ca8c0a..3b854ce 100644 --- a/kernel/Makefile +++ b/kernel/Makefile @@ -142,7 +142,10 @@ $(obj)/timeconst.h: $(src)/timeconst.pl FORCE # ### ifeq ($(CONFIG_SYSTEM_TRUSTED_KEYRING),y) -X509_CERTIFICATES-y := $(wildcard *.x509) $(wildcard $(srctree)/*.x509) +X509_CERTIFICATES-y := $(wildcard *.x509) +ifneq ($(shell /bin/pwd), $(srctree)) +X509_CERTIFICATES-y += $(wildcard $(srctree)/*.x509) +endif X509_CERTIFICATES-$(CONFIG_MODULE_SIG) += signing_key.x509 X509_CERTIFICATES := $(sort $(X509_CERTIFICATES-y)) -- 1.6.0.2 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH v2] MODSIGN: Fix including certificate twice when the signing_key.x509 already exists
This issue was found in devel-pekey branch on linux-modsign.git tree. The x509_certificate_list includes certificate twice when the signing_key.x509 already exists. We can reproduce this issue by making kernel twice, the build log of second time looks like this: ... CHK kernel/config_data.h CERTS kernel/x509_certificate_list - Including cert /ramdisk/working/joey/linux-modsign/signing_key.x509 - Including cert signing_key.x509 ... Actually the build path was the same with the srctree path when building kernel. It causes the size of bzImage increased by packaging certificates twice. v2: Using '$(shell /bin/pwd)' instead of '$(shell pwd)' for more reliable between different shells. Acked-by: David Howells dhowe...@redhat.com Cc: Rusty Russell ru...@rustcorp.com.au Cc: Josh Boyer jwbo...@redhat.com Cc: Randy Dunlap rdun...@xenotime.net Cc: Herbert Xu herb...@gondor.apana.org.au Cc: David S. Miller da...@davemloft.net Cc: Michal Marek mma...@suse.com Signed-off-by: Chun-Yi Lee j...@suse.com --- kernel/Makefile |5 - 1 files changed, 4 insertions(+), 1 deletions(-) diff --git a/kernel/Makefile b/kernel/Makefile index 0ca8c0a..3b854ce 100644 --- a/kernel/Makefile +++ b/kernel/Makefile @@ -142,7 +142,10 @@ $(obj)/timeconst.h: $(src)/timeconst.pl FORCE # ### ifeq ($(CONFIG_SYSTEM_TRUSTED_KEYRING),y) -X509_CERTIFICATES-y := $(wildcard *.x509) $(wildcard $(srctree)/*.x509) +X509_CERTIFICATES-y := $(wildcard *.x509) +ifneq ($(shell /bin/pwd), $(srctree)) +X509_CERTIFICATES-y += $(wildcard $(srctree)/*.x509) +endif X509_CERTIFICATES-$(CONFIG_MODULE_SIG) += signing_key.x509 X509_CERTIFICATES := $(sort $(X509_CERTIFICATES-y)) -- 1.6.0.2 -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/