Skip to content

Commit f3a2ba4

Browse files
masahir0ymasahir0y
committed
certs: check-in the default x509 config file
When x509.genkey is created, it prints a log: Generating X.509 key generation config ..., which is not the ordinary Kbuild log style. Check-in the default config as certs/default_x509.genkey to make it readable, and copy it to certs/x509.genkey if it is not present. The log is shown in the Kbuild style. COPY certs/x509.genkey Signed-off-by: Masahiro Yamada <[email protected]>
1 parent 54e2c77 commit f3a2ba4

File tree

2 files changed

+23
-18
lines changed

2 files changed

+23
-18
lines changed

certs/Makefile

+6-18
Original file line numberDiff line numberDiff line change
@@ -98,25 +98,13 @@ $(obj)/signing_key.pem: $(obj)/x509.genkey
9898
@$(kecho) "### Key pair generated."
9999
@$(kecho) "###"
100100

101+
quiet_cmd_copy_x509_config = COPY $@
102+
cmd_copy_x509_config = cat $(srctree)/$(src)/default_x509.genkey > $@
103+
104+
# You can provide your own config file. If not present, copy the default one.
101105
$(obj)/x509.genkey:
102-
@$(kecho) Generating X.509 key generation config
103-
@echo >$@ "[ req ]"
104-
@echo >>$@ "default_bits = 4096"
105-
@echo >>$@ "distinguished_name = req_distinguished_name"
106-
@echo >>$@ "prompt = no"
107-
@echo >>$@ "string_mask = utf8only"
108-
@echo >>$@ "x509_extensions = myexts"
109-
@echo >>$@
110-
@echo >>$@ "[ req_distinguished_name ]"
111-
@echo >>$@ "#O = Unspecified company"
112-
@echo >>$@ "CN = Build time autogenerated kernel key"
113-
@echo >>$@ "#emailAddress = [email protected]"
114-
@echo >>$@
115-
@echo >>$@ "[ myexts ]"
116-
@echo >>$@ "basicConstraints=critical,CA:FALSE"
117-
@echo >>$@ "keyUsage=digitalSignature"
118-
@echo >>$@ "subjectKeyIdentifier=hash"
119-
@echo >>$@ "authorityKeyIdentifier=keyid"
106+
$(call cmd,copy_x509_config)
107+
120108
endif # CONFIG_MODULE_SIG_KEY
121109

122110
$(eval $(call config_filename,MODULE_SIG_KEY))

certs/default_x509.genkey

+17
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
1+
[ req ]
2+
default_bits = 4096
3+
distinguished_name = req_distinguished_name
4+
prompt = no
5+
string_mask = utf8only
6+
x509_extensions = myexts
7+
8+
[ req_distinguished_name ]
9+
#O = Unspecified company
10+
CN = Build time autogenerated kernel key
11+
#emailAddress = [email protected]
12+
13+
[ myexts ]
14+
basicConstraints=critical,CA:FALSE
15+
keyUsage=digitalSignature
16+
subjectKeyIdentifier=hash
17+
authorityKeyIdentifier=keyid

0 commit comments

Comments
 (0)