Skip to content

Commit

Permalink
certs: refactor file cleaning
Browse files Browse the repository at this point in the history
'make clean' removes files listed in 'targets'. It is redundant to
specify both 'targets' and 'clean-files'.

Move 'targets' assignments out of the ifeq-conditionals so
scripts/Makefile.clean can see them.

One effective change is that certs/certs/signing_key.x509 is now
deleted by 'make clean' instead of 'make mrproper. This certificate
is embedded in the kernel. It is not used in any way by external
module builds.

Signed-off-by: Masahiro Yamada <[email protected]>
Reviewed-by: Nicolas Schier <[email protected]>
  • Loading branch information
masahir0y committed Jan 8, 2022
1 parent 3958f21 commit 5cca360
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 5 deletions.
2 changes: 1 addition & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -1494,7 +1494,7 @@ MRPROPER_FILES += include/config include/generated \
debian snap tar-install \
.config .config.old .version \
Module.symvers \
certs/signing_key.pem certs/signing_key.x509 \
certs/signing_key.pem \
certs/x509.genkey \
vmlinux-gdb.py \
*.spec
Expand Down
9 changes: 5 additions & 4 deletions certs/Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -22,12 +22,11 @@ $(eval $(call config_filename,SYSTEM_TRUSTED_KEYS))
# GCC doesn't include .incbin files in -MD generated dependencies (PR#66871)
$(obj)/system_certificates.o: $(obj)/x509_certificate_list

targets += x509_certificate_list
$(obj)/x509_certificate_list: scripts/extract-cert $(SYSTEM_TRUSTED_KEYS_SRCPREFIX)$(SYSTEM_TRUSTED_KEYS_FILENAME) FORCE
$(call if_changed,extract_certs,$(SYSTEM_TRUSTED_KEYS_SRCPREFIX)$(CONFIG_SYSTEM_TRUSTED_KEYS))
endif # CONFIG_SYSTEM_TRUSTED_KEYRING

clean-files := x509_certificate_list .x509.list x509_revocation_list
targets += x509_certificate_list

ifeq ($(CONFIG_MODULE_SIG),y)
SIGN_KEY = y
Expand Down Expand Up @@ -84,18 +83,20 @@ endif
# GCC PR#66871 again.
$(obj)/system_certificates.o: $(obj)/signing_key.x509

targets += signing_key.x509
$(obj)/signing_key.x509: scripts/extract-cert $(X509_DEP) FORCE
$(call if_changed,extract_certs,$(MODULE_SIG_KEY_SRCPREFIX)$(CONFIG_MODULE_SIG_KEY))
endif # CONFIG_MODULE_SIG

targets += signing_key.x509

ifeq ($(CONFIG_SYSTEM_REVOCATION_LIST),y)

$(eval $(call config_filename,SYSTEM_REVOCATION_KEYS))

$(obj)/revocation_certificates.o: $(obj)/x509_revocation_list

targets += x509_revocation_list
$(obj)/x509_revocation_list: scripts/extract-cert $(SYSTEM_REVOCATION_KEYS_SRCPREFIX)$(SYSTEM_REVOCATION_KEYS_FILENAME) FORCE
$(call if_changed,extract_certs,$(SYSTEM_REVOCATION_KEYS_SRCPREFIX)$(CONFIG_SYSTEM_REVOCATION_KEYS))
endif

targets += x509_revocation_list

0 comments on commit 5cca360

Please sign in to comment.