From e2a666d52b4825c26c857cada211f3baac26a600 Mon Sep 17 00:00:00 2001 From: Rusty Russell Date: Fri, 19 Oct 2012 11:53:15 +1030 Subject: kbuild: sign the modules at install time Linus deleted the old code and put signing on the install command, I fixed it to extract the keyid and signer-name within sign-file and cleaned up that script now it always signs in-place. Some enthusiast should convert sign-key to perl and pull x509keyid into it. Signed-off-by: Rusty Russell Signed-off-by: Linus Torvalds --- Makefile | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'Makefile') diff --git a/Makefile b/Makefile index 366d0ab0c5f..4fd82f7fc0b 100644 --- a/Makefile +++ b/Makefile @@ -719,6 +719,17 @@ endif # INSTALL_MOD_STRIP export mod_strip_cmd +ifeq ($(CONFIG_MODULE_SIG),y) +MODSECKEY = ./signing_key.priv +MODPUBKEY = ./signing_key.x509 +export MODPUBKEY +mod_sign_cmd = sh $(srctree)/scripts/sign-file $(MODSECKEY) $(MODPUBKEY) $(srctree)/scripts/x509keyid +else +mod_sign_cmd = true +endif +export mod_sign_cmd + + ifeq ($(KBUILD_EXTMOD),) core-y += kernel/ mm/ fs/ ipc/ security/ crypto/ block/ -- cgit v1.2.3-70-g09d2