Commit 62172c81 authored by David Woodhouse's avatar David Woodhouse

modsign: Use if_changed rule for extracting cert from module signing key

We couldn't use if_changed for this before, because it didn't live in
the kernel/ directory so we couldn't add it to $(targets). It was easier
just to leave it as it was.

Now it's in the certs/ directory we can use if_changed, the same as we
do for the trusted certificate list.

Aside from making things consistent, this means we don't need to depend
explicitly on the include/config/module/sig/key.h file. And we also get
to automatically do the right thing and re-extract the cert if the user
does odd things like using a relative filename and then playing silly
buggers with adding/removing that file in both the source and object
trees. We always favour the one in the object tree if it exists, and
now we'll correctly re-extract the cert when it changes. Previously we'd
*only* re-extract the cert if the config option changed, even if the
actual file we're using did change.
Signed-off-by: default avatarDavid Woodhouse <>
Signed-off-by: default avatarDavid Howells <>
parent cfc411e7
......@@ -142,6 +142,7 @@ endif
# GCC PR#66871 again.
$(obj)/system_certificates.o: $(obj)/signing_key.x509
$(obj)/signing_key.x509: scripts/extract-cert include/config/module/sig/key.h $(X509_DEP)
targets += signing_key.x509
$(obj)/signing_key.x509: scripts/extract-cert $(X509_DEP) FORCE
$(call if_changed,extract_certs,$(MODULE_SIG_KEY_SRCPREFIX)$(CONFIG_MODULE_SIG_KEY))
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment