[PATCH] MODSIGN: Fix including certificate twice when the signing_key.x509 already exists
From: Chun-Yi Lee
Date: Thu Feb 21 2013 - 06:24:48 EST
This issue was found in devel-pekey branch on linux-modsign.git tree. The
x509_certificate_list includes certificate twice when the signing_key.x509
already exists.
We can reproduce this issue by making kernel twice, the build log of
second time looks like this:
...
CHK kernel/config_data.h
CERTS kernel/x509_certificate_list
- Including cert /ramdisk/working/joey/linux-modsign/signing_key.x509
- Including cert signing_key.x509
...
Actually the build path was the same with the srctree path when building
kernel. It causes the size of bzImage increased by packaging certificates
twice.
Cc: David Howells <dhowells@xxxxxxxxxx>
Cc: Rusty Russell <rusty@xxxxxxxxxxxxxxx>
Cc: Josh Boyer <jwboyer@xxxxxxxxxx>
Cc: Randy Dunlap <rdunlap@xxxxxxxxxxxx>
Cc: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Cc: "David S. Miller" <davem@xxxxxxxxxxxxx>
Cc: Michal Marek <mmarek@xxxxxxxx>
Signed-off-by: Chun-Yi Lee <jlee@xxxxxxxx>
---
kernel/Makefile | 5 ++++-
1 files changed, 4 insertions(+), 1 deletions(-)
diff --git a/kernel/Makefile b/kernel/Makefile
index 0ca8c0a..ecbe73f 100644
--- a/kernel/Makefile
+++ b/kernel/Makefile
@@ -142,7 +142,10 @@ $(obj)/timeconst.h: $(src)/timeconst.pl FORCE
#
###############################################################################
ifeq ($(CONFIG_SYSTEM_TRUSTED_KEYRING),y)
-X509_CERTIFICATES-y := $(wildcard *.x509) $(wildcard $(srctree)/*.x509)
+X509_CERTIFICATES-y := $(wildcard *.x509)
+ifneq ($(shell pwd), $(srctree))
+X509_CERTIFICATES-y += $(wildcard $(srctree)/*.x509)
+endif
X509_CERTIFICATES-$(CONFIG_MODULE_SIG) += signing_key.x509
X509_CERTIFICATES := $(sort $(X509_CERTIFICATES-y))
--
1.6.4.2
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/