aboutsummaryrefslogtreecommitdiff
path: root/Makefile
diff options
context:
space:
mode:
authorDavid Woodhouse <David.Woodhouse@intel.com>2015-08-14 16:17:16 +0100
committerDavid Howells <dhowells@redhat.com>2015-08-14 16:32:52 +0100
commit3ee550f12c1529a023f71c9b5becb3351911047b (patch)
treea60711f8662b42d5720b90567daf718cb90eca93 /Makefile
parent62172c81f2d6c2311284467d6aaa00bd8967e136 (diff)
download96b-common-3ee550f12c1529a023f71c9b5becb3351911047b.tar.gz
modsign: Handle signing key in source tree
Since commit 1329e8cc69 ("modsign: Extract signing cert from CONFIG_MODULE_SIG_KEY if needed"), the build system has carefully coped with the signing key being specified as a relative path in either the source or or the build trees. However, the actual signing of modules has not worked if the filename is relative to the source tree. Fix that by moving the config_filename helper into scripts/Kbuild.include so that it can be used from elsewhere, and then using it in the top-level Makefile to find the signing key file. Kill the intermediate $(MODPUBKEY) and $(MODSECKEY) variables too, while we're at it. There's no need for them. Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Signed-off-by: David Howells <dhowells@redhat.com>
Diffstat (limited to 'Makefile')
-rw-r--r--Makefile7
1 files changed, 3 insertions, 4 deletions
diff --git a/Makefile b/Makefile
index 2341942feb85..7c90dda898f6 100644
--- a/Makefile
+++ b/Makefile
@@ -870,10 +870,9 @@ INITRD_COMPRESS-$(CONFIG_RD_LZ4) := lz4
# export INITRD_COMPRESS := $(INITRD_COMPRESS-y)
ifdef CONFIG_MODULE_SIG_ALL
-MODSECKEY = $(CONFIG_MODULE_SIG_KEY)
-MODPUBKEY = certs/signing_key.x509
-export MODPUBKEY
-mod_sign_cmd = scripts/sign-file $(CONFIG_MODULE_SIG_HASH) $(MODSECKEY) $(MODPUBKEY)
+$(eval $(call config_filename,MODULE_SIG_KEY))
+
+mod_sign_cmd = scripts/sign-file $(CONFIG_MODULE_SIG_HASH) $(MODULE_SIG_KEY_SRCPREFIX)$(CONFIG_MODULE_SIG_KEY) certs/signing_key.x509
else
mod_sign_cmd = true
endif