summaryrefslogtreecommitdiffstats
path: root/certs/Makefile
diff options
context:
space:
mode:
authorMasahiro Yamada <masahiroy@kernel.org>2022-02-18 05:46:34 +0100
committerMasahiro Yamada <masahiroy@kernel.org>2022-03-03 00:18:20 +0100
commitf44b645fe0070c0f1ac34a358252a7123c56e709 (patch)
treee604a43dcda8c640fbb5ad5b2c77a9f64a4fc88c /certs/Makefile
parentcerts: include certs/signing_key.x509 unconditionally (diff)
downloadlinux-f44b645fe0070c0f1ac34a358252a7123c56e709.tar.xz
linux-f44b645fe0070c0f1ac34a358252a7123c56e709.zip
certs: simplify empty certs creation in certs/Makefile
To create an empty cert file, we need to pass "" to the extract-cert tool, which is common for all the three call-sites of cmd_extract_certs. Factor out the logic into extract-cert-in. One exceptional case is PKCS#11 case, where we override extract-cert-in with the URI. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> Reviewed-by: Nicolas Schier <n.schier@avm.de>
Diffstat (limited to 'certs/Makefile')
-rw-r--r--certs/Makefile21
1 files changed, 11 insertions, 10 deletions
diff --git a/certs/Makefile b/certs/Makefile
index 68c1d7b9a388..d8443cfb1c40 100644
--- a/certs/Makefile
+++ b/certs/Makefile
@@ -13,12 +13,13 @@ obj-$(CONFIG_SYSTEM_BLACKLIST_KEYRING) += blacklist_nohashes.o
endif
quiet_cmd_extract_certs = CERT $@
- cmd_extract_certs = $(obj)/extract-cert $(2) $@
+ cmd_extract_certs = $(obj)/extract-cert $(extract-cert-in) $@
+extract-cert-in = $(or $(filter-out $(obj)/extract-cert, $(real-prereqs)),"")
$(obj)/system_certificates.o: $(obj)/x509_certificate_list
$(obj)/x509_certificate_list: $(CONFIG_SYSTEM_TRUSTED_KEYS) $(obj)/extract-cert FORCE
- $(call if_changed,extract_certs,$(if $(CONFIG_SYSTEM_TRUSTED_KEYS),$<,""))
+ $(call if_changed,extract_certs)
targets += x509_certificate_list
@@ -52,22 +53,22 @@ $(obj)/x509.genkey:
endif # CONFIG_MODULE_SIG_KEY
-# If CONFIG_MODULE_SIG_KEY isn't a PKCS#11 URI, depend on it
-ifneq ($(filter-out pkcs11:%, $(CONFIG_MODULE_SIG_KEY)),)
-X509_DEP := $(CONFIG_MODULE_SIG_KEY)
-endif
-
$(obj)/system_certificates.o: $(obj)/signing_key.x509
-$(obj)/signing_key.x509: $(X509_DEP) $(obj)/extract-cert FORCE
- $(call if_changed,extract_certs,$(if $(CONFIG_MODULE_SIG_KEY),$(if $(X509_DEP),$<,$(CONFIG_MODULE_SIG_KEY)),""))
+PKCS11_URI := $(filter pkcs11:%, $(CONFIG_MODULE_SIG_KEY))
+ifdef PKCS11_URI
+$(obj)/signing_key.x509: extract-cert-in := $(PKCS11_URI)
+endif
+
+$(obj)/signing_key.x509: $(filter-out $(PKCS11_URI),$(CONFIG_MODULE_SIG_KEY)) $(obj)/extract-cert FORCE
+ $(call if_changed,extract_certs)
targets += signing_key.x509
$(obj)/revocation_certificates.o: $(obj)/x509_revocation_list
$(obj)/x509_revocation_list: $(CONFIG_SYSTEM_REVOCATION_KEYS) $(obj)/extract-cert FORCE
- $(call if_changed,extract_certs,$(if $(CONFIG_SYSTEM_REVOCATION_KEYS),$<,""))
+ $(call if_changed,extract_certs)
targets += x509_revocation_list