summaryrefslogtreecommitdiffstats
path: root/Makefile
diff options
context:
space:
mode:
authorRusty Russell <rusty@rustcorp.com.au>2012-10-19 11:53:15 +1030
committerLinus Torvalds <torvalds@linux-foundation.org>2012-10-19 08:27:43 -0700
commite2a666d52b4825c26c857cada211f3baac26a600 (patch)
treeb7e91bd10e8c1b2932ffd1716fde3abccd7c4dd8 /Makefile
parentc9623de4fc2f8320fe94316b46171683be3b1d59 (diff)
downloadlinux-stable-e2a666d52b4825c26c857cada211f3baac26a600.tar.gz
linux-stable-e2a666d52b4825c26c857cada211f3baac26a600.tar.bz2
linux-stable-e2a666d52b4825c26c857cada211f3baac26a600.zip
kbuild: sign the modules at install time
Linus deleted the old code and put signing on the install command, I fixed it to extract the keyid and signer-name within sign-file and cleaned up that script now it always signs in-place. Some enthusiast should convert sign-key to perl and pull x509keyid into it. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'Makefile')
-rw-r--r--Makefile11
1 files changed, 11 insertions, 0 deletions
diff --git a/Makefile b/Makefile
index 366d0ab0c5fe..4fd82f7fc0bc 100644
--- a/Makefile
+++ b/Makefile
@@ -719,6 +719,17 @@ endif # INSTALL_MOD_STRIP
export mod_strip_cmd
+ifeq ($(CONFIG_MODULE_SIG),y)
+MODSECKEY = ./signing_key.priv
+MODPUBKEY = ./signing_key.x509
+export MODPUBKEY
+mod_sign_cmd = sh $(srctree)/scripts/sign-file $(MODSECKEY) $(MODPUBKEY) $(srctree)/scripts/x509keyid
+else
+mod_sign_cmd = true
+endif
+export mod_sign_cmd
+
+
ifeq ($(KBUILD_EXTMOD),)
core-y += kernel/ mm/ fs/ ipc/ security/ crypto/ block/