kbuild: sign the modules at install time Linus deleted the old code and put signing on the install command, I fixed it to extract the keyid and signer-name within sign-file and cleaned up that script now it always signs in-place. Some enthusiast should convert sign-key to perl and pull x509keyid into it. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

commit: e2a666d52b4825c26c857cada211f3baac26a600 [log] [tgz]
author: Rusty Russell <rusty@rustcorp.com.au> Fri Oct 19 11:53:15 2012 +1030
committer: Linus Torvalds <torvalds@linux-foundation.org> Fri Oct 19 08:27:43 2012 -0700
tree: b7e91bd10e8c1b2932ffd1716fde3abccd7c4dd8
parent: c9623de4fc2f8320fe94316b46171683be3b1d59 [diff] [blame]
diff --git a/Makefile b/Makefile
index 366d0ab..4fd82f7 100644
--- a/Makefile
+++ b/Makefile

@@ -719,6 +719,17 @@
 export mod_strip_cmd
 
 
+ifeq ($(CONFIG_MODULE_SIG),y)
+MODSECKEY = ./signing_key.priv
+MODPUBKEY = ./signing_key.x509
+export MODPUBKEY
+mod_sign_cmd = sh $(srctree)/scripts/sign-file $(MODSECKEY) $(MODPUBKEY) $(srctree)/scripts/x509keyid
+else
+mod_sign_cmd = true
+endif
+export mod_sign_cmd
+
+
 ifeq ($(KBUILD_EXTMOD),)
 core-y		+= kernel/ mm/ fs/ ipc/ security/ crypto/ block/
commit	e2a666d52b4825c26c857cada211f3baac26a600	[log] [tgz]
author	Rusty Russell <rusty@rustcorp.com.au>	Fri Oct 19 11:53:15 2012 +1030
committer	Linus Torvalds <torvalds@linux-foundation.org>	Fri Oct 19 08:27:43 2012 -0700
tree	b7e91bd10e8c1b2932ffd1716fde3abccd7c4dd8
parent	c9623de4fc2f8320fe94316b46171683be3b1d59 [diff] [blame]