Makefile - OpenGrok cross reference for /linux/certs/Makefile

Deleted Added

sdiffudifftextold (b8c96a6b..)new (129ab0d2..)

Makefile (b8c96a6b466ca3b91530a4ec7f7404f40f8f4d0b)	Makefile (129ab0d2d9f38b9d43df35235fc66c6740d6928b)
1# SPDX-License-Identifier: GPL-2.0 2# 3# Makefile for the linux kernel signature checking certificates. 4# 5 6obj-$(CONFIG_SYSTEM_TRUSTED_KEYRING) += system_keyring.o system_certificates.o common.o 7obj-$(CONFIG_SYSTEM_BLACKLIST_KEYRING) += blacklist.o common.o 8obj-$(CONFIG_SYSTEM_REVOCATION_LIST) += revocation_certificates.o	1# SPDX-License-Identifier: GPL-2.0 2# 3# Makefile for the linux kernel signature checking certificates. 4# 5 6obj-$(CONFIG_SYSTEM_TRUSTED_KEYRING) += system_keyring.o system_certificates.o common.o 7obj-$(CONFIG_SYSTEM_BLACKLIST_KEYRING) += blacklist.o common.o 8obj-$(CONFIG_SYSTEM_REVOCATION_LIST) += revocation_certificates.o
9ifneq ($(CONFIG_SYSTEM_BLACKLIST_HASH_LIST),"")	9ifneq ($(CONFIG_SYSTEM_BLACKLIST_HASH_LIST),)
10obj-$(CONFIG_SYSTEM_BLACKLIST_KEYRING) += blacklist_hashes.o 11else 12obj-$(CONFIG_SYSTEM_BLACKLIST_KEYRING) += blacklist_nohashes.o 13endif 14 15quiet_cmd_extract_certs = CERT $@ 16 cmd_extract_certs = scripts/extract-cert $(2) $@ 17 18$(obj)/system_certificates.o: $(obj)/x509_certificate_list 19	10obj-$(CONFIG_SYSTEM_BLACKLIST_KEYRING) += blacklist_hashes.o 11else 12obj-$(CONFIG_SYSTEM_BLACKLIST_KEYRING) += blacklist_nohashes.o 13endif 14 15quiet_cmd_extract_certs = CERT $@ 16 cmd_extract_certs = scripts/extract-cert $(2) $@ 17 18$(obj)/system_certificates.o: $(obj)/x509_certificate_list 19
20CONFIG_SYSTEM_TRUSTED_KEYS := $(CONFIG_SYSTEM_TRUSTED_KEYS:"%"=%) 21
22$(obj)/x509_certificate_list: $(CONFIG_SYSTEM_TRUSTED_KEYS) scripts/extract-cert FORCE 23 $(call if_changed,extract_certs,$(if $(CONFIG_SYSTEM_TRUSTED_KEYS),$<,"")) 24 25targets += x509_certificate_list 26 27ifeq ($(CONFIG_MODULE_SIG),y) 28 SIGN_KEY = y 29endif --- 11 unchanged lines hidden (view full) --- 41# supplied, then one will need to be generated to make sure the build does not 42# fail and that the kernel may be used afterwards. 43# 44############################################################################### 45 46# We do it this way rather than having a boolean option for enabling an 47# external private key, because 'make randconfig' might enable such a 48# boolean option and we unfortunately can't make it depend on !RANDCONFIG.	20$(obj)/x509_certificate_list: $(CONFIG_SYSTEM_TRUSTED_KEYS) scripts/extract-cert FORCE 21 $(call if_changed,extract_certs,$(if $(CONFIG_SYSTEM_TRUSTED_KEYS),$<,"")) 22 23targets += x509_certificate_list 24 25ifeq ($(CONFIG_MODULE_SIG),y) 26 SIGN_KEY = y 27endif --- 11 unchanged lines hidden (view full) --- 39# supplied, then one will need to be generated to make sure the build does not 40# fail and that the kernel may be used afterwards. 41# 42############################################################################### 43 44# We do it this way rather than having a boolean option for enabling an 45# external private key, because 'make randconfig' might enable such a 46# boolean option and we unfortunately can't make it depend on !RANDCONFIG.
49ifeq ($(CONFIG_MODULE_SIG_KEY),"certs/signing_key.pem")	47ifeq ($(CONFIG_MODULE_SIG_KEY),certs/signing_key.pem)
50 51keytype-$(CONFIG_MODULE_SIG_KEY_TYPE_ECDSA) := -newkey ec -pkeyopt ec_paramgen_curve:secp384r1 52 53quiet_cmd_gen_key = GENKEY $@ 54 cmd_gen_key = openssl req -new -nodes -utf8 -$(CONFIG_MODULE_SIG_HASH) -days 36500 \ 55 -batch -x509 -config $< \ 56 -outform PEM -out $@ -keyout $@ $(keytype-y) 2>&1 57 --- 6 unchanged lines hidden (view full) --- 64 cmd_copy_x509_config = cat $(srctree)/$(src)/default_x509.genkey > $@ 65 66# You can provide your own config file. If not present, copy the default one. 67$(obj)/x509.genkey: 68 $(call cmd,copy_x509_config) 69 70endif # CONFIG_MODULE_SIG_KEY 71	48 49keytype-$(CONFIG_MODULE_SIG_KEY_TYPE_ECDSA) := -newkey ec -pkeyopt ec_paramgen_curve:secp384r1 50 51quiet_cmd_gen_key = GENKEY $@ 52 cmd_gen_key = openssl req -new -nodes -utf8 -$(CONFIG_MODULE_SIG_HASH) -days 36500 \ 53 -batch -x509 -config $< \ 54 -outform PEM -out $@ -keyout $@ $(keytype-y) 2>&1 55 --- 6 unchanged lines hidden (view full) --- 62 cmd_copy_x509_config = cat $(srctree)/$(src)/default_x509.genkey > $@ 63 64# You can provide your own config file. If not present, copy the default one. 65$(obj)/x509.genkey: 66 $(call cmd,copy_x509_config) 67 68endif # CONFIG_MODULE_SIG_KEY 69
72CONFIG_MODULE_SIG_KEY := $(CONFIG_MODULE_SIG_KEY:"%"=%) 73
74# If CONFIG_MODULE_SIG_KEY isn't a PKCS#11 URI, depend on it 75ifneq ($(filter-out pkcs11:%, %(CONFIG_MODULE_SIG_KEY)),) 76X509_DEP := $(CONFIG_MODULE_SIG_KEY) 77endif 78 79$(obj)/system_certificates.o: $(obj)/signing_key.x509 80 81$(obj)/signing_key.x509: $(X509_DEP) scripts/extract-cert FORCE 82 $(call if_changed,extract_certs,$(if $(X509_DEP),$<,$(CONFIG_MODULE_SIG_KEY))) 83endif # CONFIG_MODULE_SIG 84 85targets += signing_key.x509 86 87$(obj)/revocation_certificates.o: $(obj)/x509_revocation_list 88	70# If CONFIG_MODULE_SIG_KEY isn't a PKCS#11 URI, depend on it 71ifneq ($(filter-out pkcs11:%, %(CONFIG_MODULE_SIG_KEY)),) 72X509_DEP := $(CONFIG_MODULE_SIG_KEY) 73endif 74 75$(obj)/system_certificates.o: $(obj)/signing_key.x509 76 77$(obj)/signing_key.x509: $(X509_DEP) scripts/extract-cert FORCE 78 $(call if_changed,extract_certs,$(if $(X509_DEP),$<,$(CONFIG_MODULE_SIG_KEY))) 79endif # CONFIG_MODULE_SIG 80 81targets += signing_key.x509 82 83$(obj)/revocation_certificates.o: $(obj)/x509_revocation_list 84
89CONFIG_SYSTEM_REVOCATION_KEYS := $(CONFIG_SYSTEM_REVOCATION_KEYS:"%"=%) 90
91$(obj)/x509_revocation_list: $(CONFIG_SYSTEM_REVOCATION_KEYS) scripts/extract-cert FORCE 92 $(call if_changed,extract_certs,$(if $(CONFIG_SYSTEM_REVOCATION_KEYS),$<,"")) 93 94targets += x509_revocation_list	85$(obj)/x509_revocation_list: $(CONFIG_SYSTEM_REVOCATION_KEYS) scripts/extract-cert FORCE 86 $(call if_changed,extract_certs,$(if $(CONFIG_SYSTEM_REVOCATION_KEYS),$<,"")) 87 88targets += x509_revocation_list