X.509: Fix certificate gathering
authorDavid Howells <dhowells@redhat.com>
Fri, 13 Dec 2013 15:20:19 +0000 (15:20 +0000)
committerDavid Howells <dhowells@redhat.com>
Fri, 13 Dec 2013 15:28:14 +0000 (15:28 +0000)
commitd7ec435fdd03cfee70dba934ee384acc87bd6d00
treeed8c3ef69547dba0ed7fecafd5fe9589775af1d0
parent8d2763770c34e8ed771f0be86760eb4485febc05
X.509: Fix certificate gathering

Fix the gathering of certificates from both the source tree and the build tree
to correctly calculate the pathnames of all the certificates.

The problem was that if the default generated cert, signing_key.x509, didn't
exist then it would not have a path attached and if it did, it would have a
path attached.

This means that the contents of kernel/.x509.list would change between the
first compilation in a directory and the second.  After the second it would
remain stable because the signing_key.x509 file exists.

The consequence was that the kernel would get relinked unconditionally on the
second recompilation.  The second recompilation would also show something like
this:

   X.509 certificate list changed
     CERTS   kernel/x509_certificate_list
     - Including cert /home/torvalds/v2.6/linux/signing_key.x509
     AS      kernel/system_certificates.o
     LD      kernel/built-in.o

which is why the relink would happen.

Unfortunately, it isn't a simple matter of just sticking a path on the front
of the filename of the certificate in the build directory as make can't then
work out how to build it.

So the path has to be prepended to the name for sorting and duplicate
elimination and then removed for the make rule if it is in the build tree.

Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: David Howells <dhowells@redhat.com>
kernel/Makefile