Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.19 / fb1179499134bc718dc7557c7a6a95dc72f224cb^! / . / init / Kconfig
commitfb1179499134bc718dc7557c7a6a95dc72f224cb[log] [tgz]
authorDavid Woodhouse <David.Woodhouse@intel.com>Mon Jul 20 21:16:30 2015 +0100
committerDavid Howells <dhowells@redhat.com>Fri Aug 07 16:26:14 2015 +0100
tree5a0b7e87708c275071f4c3079099854a13eee812
parent1329e8cc69b93a0b1bc6d197b30dcff628c18dbf [diff] [blame]
modsign: Use single PEM file for autogenerated key

The current rule for generating signing_key.priv and signing_key.x509 is
a classic example of a bad rule which has a tendency to break parallel
make. When invoked to create *either* target, it generates the other
target as a side-effect that make didn't predict.

So let's switch to using a single file signing_key.pem which contains
both key and certificate. That matches what we do in the case of an
external key specified by CONFIG_MODULE_SIG_KEY anyway, so it's also
slightly cleaner.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Signed-off-by: David Howells <dhowells@redhat.com>

diff --git a/init/Kconfig b/init/Kconfig
index e2e0a1d2..2b11985 100644
--- a/init/Kconfig
+++ b/init/Kconfig

@@ -1950,7 +1950,7 @@
 
 config MODULE_SIG_KEY
 	string "File name or PKCS#11 URI of module signing key"
-	default "signing_key.priv"
+	default "signing_key.pem"
 	depends on MODULE_SIG
 	help
          Provide the file name of a private key/certificate in PEM format,
@@ -1958,7 +1958,7 @@
          the URI should identify, both the certificate and its corresponding
          private key.
 
-         If this option is unchanged from its default "signing_key.priv",
+         If this option is unchanged from its default "signing_key.pem",
          then the kernel will automatically generate the private key and
          certificate as described in Documentation/module-signing.txt