diff options
author | Masahiro Yamada <masahiroy@kernel.org> | 2022-02-18 05:46:34 +0100 |
---|---|---|
committer | Masahiro Yamada <masahiroy@kernel.org> | 2022-03-03 00:18:20 +0100 |
commit | f44b645fe0070c0f1ac34a358252a7123c56e709 (patch) | |
tree | e604a43dcda8c640fbb5ad5b2c77a9f64a4fc88c /certs/Makefile | |
parent | certs: include certs/signing_key.x509 unconditionally (diff) | |
download | linux-f44b645fe0070c0f1ac34a358252a7123c56e709.tar.xz linux-f44b645fe0070c0f1ac34a358252a7123c56e709.zip |
certs: simplify empty certs creation in certs/Makefile
To create an empty cert file, we need to pass "" to the extract-cert
tool, which is common for all the three call-sites of cmd_extract_certs.
Factor out the logic into extract-cert-in.
One exceptional case is PKCS#11 case, where we override extract-cert-in
with the URI.
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Reviewed-by: Nicolas Schier <n.schier@avm.de>
Diffstat (limited to 'certs/Makefile')
-rw-r--r-- | certs/Makefile | 21 |
1 files changed, 11 insertions, 10 deletions
diff --git a/certs/Makefile b/certs/Makefile index 68c1d7b9a388..d8443cfb1c40 100644 --- a/certs/Makefile +++ b/certs/Makefile @@ -13,12 +13,13 @@ obj-$(CONFIG_SYSTEM_BLACKLIST_KEYRING) += blacklist_nohashes.o endif quiet_cmd_extract_certs = CERT $@ - cmd_extract_certs = $(obj)/extract-cert $(2) $@ + cmd_extract_certs = $(obj)/extract-cert $(extract-cert-in) $@ +extract-cert-in = $(or $(filter-out $(obj)/extract-cert, $(real-prereqs)),"") $(obj)/system_certificates.o: $(obj)/x509_certificate_list $(obj)/x509_certificate_list: $(CONFIG_SYSTEM_TRUSTED_KEYS) $(obj)/extract-cert FORCE - $(call if_changed,extract_certs,$(if $(CONFIG_SYSTEM_TRUSTED_KEYS),$<,"")) + $(call if_changed,extract_certs) targets += x509_certificate_list @@ -52,22 +53,22 @@ $(obj)/x509.genkey: endif # CONFIG_MODULE_SIG_KEY -# If CONFIG_MODULE_SIG_KEY isn't a PKCS#11 URI, depend on it -ifneq ($(filter-out pkcs11:%, $(CONFIG_MODULE_SIG_KEY)),) -X509_DEP := $(CONFIG_MODULE_SIG_KEY) -endif - $(obj)/system_certificates.o: $(obj)/signing_key.x509 -$(obj)/signing_key.x509: $(X509_DEP) $(obj)/extract-cert FORCE - $(call if_changed,extract_certs,$(if $(CONFIG_MODULE_SIG_KEY),$(if $(X509_DEP),$<,$(CONFIG_MODULE_SIG_KEY)),"")) +PKCS11_URI := $(filter pkcs11:%, $(CONFIG_MODULE_SIG_KEY)) +ifdef PKCS11_URI +$(obj)/signing_key.x509: extract-cert-in := $(PKCS11_URI) +endif + +$(obj)/signing_key.x509: $(filter-out $(PKCS11_URI),$(CONFIG_MODULE_SIG_KEY)) $(obj)/extract-cert FORCE + $(call if_changed,extract_certs) targets += signing_key.x509 $(obj)/revocation_certificates.o: $(obj)/x509_revocation_list $(obj)/x509_revocation_list: $(CONFIG_SYSTEM_REVOCATION_KEYS) $(obj)/extract-cert FORCE - $(call if_changed,extract_certs,$(if $(CONFIG_SYSTEM_REVOCATION_KEYS),$<,"")) + $(call if_changed,extract_certs) targets += x509_revocation_list |