summaryrefslogtreecommitdiffstats
path: root/certs/Makefile
diff options
context:
space:
mode:
authorDavid Woodhouse <David.Woodhouse@intel.com>2015-08-14 15:33:56 +0100
committerDavid Woodhouse <David.Woodhouse@intel.com>2015-08-14 16:06:19 +0100
commit62172c81f2d6c2311284467d6aaa00bd8967e136 (patch)
tree42a7d02e0412b5ce62077c73cf47ab41df060fc4 /certs/Makefile
parentcfc411e7fff3e15cd6354ff69773907e2c9d1c0c (diff)
downloadlinux-62172c81f2d6c2311284467d6aaa00bd8967e136.tar.gz
linux-62172c81f2d6c2311284467d6aaa00bd8967e136.tar.bz2
linux-62172c81f2d6c2311284467d6aaa00bd8967e136.zip
modsign: Use if_changed rule for extracting cert from module signing key
We couldn't use if_changed for this before, because it didn't live in the kernel/ directory so we couldn't add it to $(targets). It was easier just to leave it as it was. Now it's in the certs/ directory we can use if_changed, the same as we do for the trusted certificate list. Aside from making things consistent, this means we don't need to depend explicitly on the include/config/module/sig/key.h file. And we also get to automatically do the right thing and re-extract the cert if the user does odd things like using a relative filename and then playing silly buggers with adding/removing that file in both the source and object trees. We always favour the one in the object tree if it exists, and now we'll correctly re-extract the cert when it changes. Previously we'd *only* re-extract the cert if the config option changed, even if the actual file we're using did change. Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Signed-off-by: David Howells <dhowells@redhat.com>
Diffstat (limited to 'certs/Makefile')
-rw-r--r--certs/Makefile5
1 files changed, 3 insertions, 2 deletions
diff --git a/certs/Makefile b/certs/Makefile
index 5d33486d3b20..3c782d025c36 100644
--- a/certs/Makefile
+++ b/certs/Makefile
@@ -142,6 +142,7 @@ endif
# GCC PR#66871 again.
$(obj)/system_certificates.o: $(obj)/signing_key.x509
-$(obj)/signing_key.x509: scripts/extract-cert include/config/module/sig/key.h $(X509_DEP)
- $(call cmd,extract_certs,$(MODULE_SIG_KEY_SRCPREFIX)$(CONFIG_MODULE_SIG_KEY))
+targets += signing_key.x509
+$(obj)/signing_key.x509: scripts/extract-cert $(X509_DEP) FORCE
+ $(call if_changed,extract_certs,$(MODULE_SIG_KEY_SRCPREFIX)$(CONFIG_MODULE_SIG_KEY))
endif