mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
synced 2024-12-29 01:02:08 +00:00
certs: simplify empty certs creation in certs/Makefile
To create an empty cert file, we need to pass "" to the extract-cert tool, which is common for all the three call-sites of cmd_extract_certs. Factor out the logic into extract-cert-in. One exceptional case is PKCS#11 case, where we override extract-cert-in with the URI. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> Reviewed-by: Nicolas Schier <n.schier@avm.de>
This commit is contained in:
parent
6ce019f73d
commit
f44b645fe0
@ -13,12 +13,13 @@ obj-$(CONFIG_SYSTEM_BLACKLIST_KEYRING) += blacklist_nohashes.o
|
||||
endif
|
||||
|
||||
quiet_cmd_extract_certs = CERT $@
|
||||
cmd_extract_certs = $(obj)/extract-cert $(2) $@
|
||||
cmd_extract_certs = $(obj)/extract-cert $(extract-cert-in) $@
|
||||
extract-cert-in = $(or $(filter-out $(obj)/extract-cert, $(real-prereqs)),"")
|
||||
|
||||
$(obj)/system_certificates.o: $(obj)/x509_certificate_list
|
||||
|
||||
$(obj)/x509_certificate_list: $(CONFIG_SYSTEM_TRUSTED_KEYS) $(obj)/extract-cert FORCE
|
||||
$(call if_changed,extract_certs,$(if $(CONFIG_SYSTEM_TRUSTED_KEYS),$<,""))
|
||||
$(call if_changed,extract_certs)
|
||||
|
||||
targets += x509_certificate_list
|
||||
|
||||
@ -52,22 +53,22 @@ $(obj)/x509.genkey:
|
||||
|
||||
endif # CONFIG_MODULE_SIG_KEY
|
||||
|
||||
# If CONFIG_MODULE_SIG_KEY isn't a PKCS#11 URI, depend on it
|
||||
ifneq ($(filter-out pkcs11:%, $(CONFIG_MODULE_SIG_KEY)),)
|
||||
X509_DEP := $(CONFIG_MODULE_SIG_KEY)
|
||||
endif
|
||||
|
||||
$(obj)/system_certificates.o: $(obj)/signing_key.x509
|
||||
|
||||
$(obj)/signing_key.x509: $(X509_DEP) $(obj)/extract-cert FORCE
|
||||
$(call if_changed,extract_certs,$(if $(CONFIG_MODULE_SIG_KEY),$(if $(X509_DEP),$<,$(CONFIG_MODULE_SIG_KEY)),""))
|
||||
PKCS11_URI := $(filter pkcs11:%, $(CONFIG_MODULE_SIG_KEY))
|
||||
ifdef PKCS11_URI
|
||||
$(obj)/signing_key.x509: extract-cert-in := $(PKCS11_URI)
|
||||
endif
|
||||
|
||||
$(obj)/signing_key.x509: $(filter-out $(PKCS11_URI),$(CONFIG_MODULE_SIG_KEY)) $(obj)/extract-cert FORCE
|
||||
$(call if_changed,extract_certs)
|
||||
|
||||
targets += signing_key.x509
|
||||
|
||||
$(obj)/revocation_certificates.o: $(obj)/x509_revocation_list
|
||||
|
||||
$(obj)/x509_revocation_list: $(CONFIG_SYSTEM_REVOCATION_KEYS) $(obj)/extract-cert FORCE
|
||||
$(call if_changed,extract_certs,$(if $(CONFIG_SYSTEM_REVOCATION_KEYS),$<,""))
|
||||
$(call if_changed,extract_certs)
|
||||
|
||||
targets += x509_revocation_list
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user