Josh Boyer <[email protected]> writes: > When building out-of-tree modules, the current modules_install target > will attempt to sign them if module signing is enabled. This will only > work if the signing keys are present in the build tree. That will > often not be the case for modules that are built out-of-tree against > distribution kernel development packages. This distros will not include > the signing keys, and build errors such as: > > INSTALL > /home/bruno/rpmbuild/BUILD/dahdi-linux-2.6.1/drivers/dahdi/dahdi_dyamic_eth.ko > Can't read private key > make[2]: *** > [/home/bruno/rpmbuild/BUILD/dahdi-linux-2.6.1/drivers/dahdi/dahdi_dynamic.ko] > Error 2 > > will prevent such modules from successfully being installed. This changes > the mod_sign_cmd to only sign the modules if they are built in-tree. Those > built externally can sign them manually.
I prefer something like this (untested): diff --git a/Makefile b/Makefile index 42d0e56..cb66c8d 100644 --- a/Makefile +++ b/Makefile @@ -722,8 +722,14 @@ export mod_strip_cmd ifeq ($(CONFIG_MODULE_SIG),y) MODSECKEY = ./signing_key.priv MODPUBKEY = ./signing_key.x509 +ifeq ($(KBUILD_EXTMOD),) +SIGNFAIL = false +else +# External builds might not have a signing key, don't break module_install. +SIGNFAIL = true +endif # KBUILD_EXTMOD export MODPUBKEY -mod_sign_cmd = perl $(srctree)/scripts/sign-file $(MODSECKEY) $(MODPUBKEY) +mod_sign_cmd = perl $(srctree)/scripts/sign-file $(MODSECKEY) $(MODPUBKEY) || $(SIGNFAIL) else mod_sign_cmd = true endif -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
