mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-12-29 17:25:38 +00:00
d1f044103d
Add a new Kconfig option called SYSTEM_REVOCATION_KEYS. If set, this option should be the filename of a PEM-formated file containing X.509 certificates to be included in the default blacklist keyring. DH Changes: - Make the new Kconfig option depend on SYSTEM_REVOCATION_LIST. - Fix SYSTEM_REVOCATION_KEYS=n, but CONFIG_SYSTEM_REVOCATION_LIST=y[1][2]. - Use CONFIG_SYSTEM_REVOCATION_LIST for extract-cert[3]. - Use CONFIG_SYSTEM_REVOCATION_LIST for revocation_certificates.o[3]. Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com> Acked-by: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: David Howells <dhowells@redhat.com> cc: Randy Dunlap <rdunlap@infradead.org> cc: keyrings@vger.kernel.org Link: https://lore.kernel.org/r/e1c15c74-82ce-3a69-44de-a33af9b320ea@infradead.org/ [1] Link: https://lore.kernel.org/r/20210303034418.106762-1-eric.snowberg@oracle.com/ [2] Link: https://lore.kernel.org/r/20210304175030.184131-1-eric.snowberg@oracle.com/ [3] Link: https://lore.kernel.org/r/20200930201508.35113-3-eric.snowberg@oracle.com/ Link: https://lore.kernel.org/r/20210122181054.32635-4-eric.snowberg@oracle.com/ # v5 Link: https://lore.kernel.org/r/161428673564.677100.4112098280028451629.stgit@warthog.procyon.org.uk/ Link: https://lore.kernel.org/r/161433312452.902181.4146169951896577982.stgit@warthog.procyon.org.uk/ # v2 Link: https://lore.kernel.org/r/161529606657.163428.3340689182456495390.stgit@warthog.procyon.org.uk/ # v3
42 lines
1.4 KiB
Makefile
42 lines
1.4 KiB
Makefile
# SPDX-License-Identifier: GPL-2.0
|
|
###
|
|
# scripts contains sources for various helper programs used throughout
|
|
# the kernel for the build process.
|
|
|
|
hostprogs-always-$(CONFIG_BUILD_BIN2C) += bin2c
|
|
hostprogs-always-$(CONFIG_KALLSYMS) += kallsyms
|
|
hostprogs-always-$(BUILD_C_RECORDMCOUNT) += recordmcount
|
|
hostprogs-always-$(CONFIG_BUILDTIME_TABLE_SORT) += sorttable
|
|
hostprogs-always-$(CONFIG_ASN1) += asn1_compiler
|
|
hostprogs-always-$(CONFIG_MODULE_SIG_FORMAT) += sign-file
|
|
hostprogs-always-$(CONFIG_SYSTEM_TRUSTED_KEYRING) += extract-cert
|
|
hostprogs-always-$(CONFIG_SYSTEM_EXTRA_CERTIFICATE) += insert-sys-cert
|
|
hostprogs-always-$(CONFIG_SYSTEM_REVOCATION_LIST) += extract-cert
|
|
|
|
HOSTCFLAGS_sorttable.o = -I$(srctree)/tools/include
|
|
HOSTCFLAGS_asn1_compiler.o = -I$(srctree)/include
|
|
HOSTLDLIBS_sign-file = -lcrypto
|
|
HOSTLDLIBS_extract-cert = -lcrypto
|
|
|
|
ifdef CONFIG_UNWINDER_ORC
|
|
ifeq ($(ARCH),x86_64)
|
|
ARCH := x86
|
|
endif
|
|
HOSTCFLAGS_sorttable.o += -I$(srctree)/tools/arch/x86/include
|
|
HOSTCFLAGS_sorttable.o += -DUNWINDER_ORC_ENABLED
|
|
HOSTLDLIBS_sorttable = -lpthread
|
|
endif
|
|
|
|
# The following programs are only built on demand
|
|
hostprogs += unifdef
|
|
|
|
# The module linker script is preprocessed on demand
|
|
targets += module.lds
|
|
|
|
subdir-$(CONFIG_GCC_PLUGINS) += gcc-plugins
|
|
subdir-$(CONFIG_MODVERSIONS) += genksyms
|
|
subdir-$(CONFIG_SECURITY_SELINUX) += selinux
|
|
|
|
# Let clean descend into subdirs
|
|
subdir- += basic dtc gdb kconfig mod
|