On Thu, Nov 01, 2012 at 05:38:15PM +1030, Rusty Russell wrote: > Josh Boyer <[email protected]> writes: > > When building out-of-tree modules, the current modules_install target > > will attempt to sign them if module signing is enabled. This will only > > work if the signing keys are present in the build tree. That will > > often not be the case for modules that are built out-of-tree against > > distribution kernel development packages. This distros will not include > > the signing keys, and build errors such as: > > > > INSTALL > > /home/bruno/rpmbuild/BUILD/dahdi-linux-2.6.1/drivers/dahdi/dahdi_dyamic_eth.ko > > Can't read private key > > make[2]: *** > > [/home/bruno/rpmbuild/BUILD/dahdi-linux-2.6.1/drivers/dahdi/dahdi_dynamic.ko] > > Error 2 > > > > will prevent such modules from successfully being installed. This changes > > the mod_sign_cmd to only sign the modules if they are built in-tree. Those > > built externally can sign them manually. > > I prefer something like this (untested): > > diff --git a/Makefile b/Makefile > index 42d0e56..cb66c8d 100644 > --- a/Makefile > +++ b/Makefile > @@ -722,8 +722,14 @@ export mod_strip_cmd > ifeq ($(CONFIG_MODULE_SIG),y) > MODSECKEY = ./signing_key.priv > MODPUBKEY = ./signing_key.x509 > +ifeq ($(KBUILD_EXTMOD),) > +SIGNFAIL = false > +else > +# External builds might not have a signing key, don't break module_install. > +SIGNFAIL = true > +endif # KBUILD_EXTMOD > export MODPUBKEY > -mod_sign_cmd = perl $(srctree)/scripts/sign-file $(MODSECKEY) $(MODPUBKEY) > +mod_sign_cmd = perl $(srctree)/scripts/sign-file $(MODSECKEY) $(MODPUBKEY) > || $(SIGNFAIL) > else > mod_sign_cmd = true > endif
OK. I'll give this a spin locally today, but at first glance it seems like it would do the same. josh -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
