This issue was found in devel-pekey branch on linux-modsign.git tree. The x509_certificate_list includes certificate twice when the signing_key.x509 already exists. We can reproduce this issue by making kernel twice, the build log of second time looks like this:
... CHK kernel/config_data.h CERTS kernel/x509_certificate_list - Including cert /ramdisk/working/joey/linux-modsign/signing_key.x509 - Including cert signing_key.x509 ... Actually the build path was the same with the srctree path when building kernel. It causes the size of bzImage increased by packaging certificates twice. v2: Using '$(shell /bin/pwd)' instead of '$(shell pwd)' for more reliable between different shells. Acked-by: David Howells <[email protected]> Cc: Rusty Russell <[email protected]> Cc: Josh Boyer <[email protected]> Cc: Randy Dunlap <[email protected]> Cc: Herbert Xu <[email protected]> Cc: "David S. Miller" <[email protected]> Cc: Michal Marek <[email protected]> Signed-off-by: Chun-Yi Lee <[email protected]> --- kernel/Makefile | 5 ++++- 1 files changed, 4 insertions(+), 1 deletions(-) diff --git a/kernel/Makefile b/kernel/Makefile index 0ca8c0a..3b854ce 100644 --- a/kernel/Makefile +++ b/kernel/Makefile @@ -142,7 +142,10 @@ $(obj)/timeconst.h: $(src)/timeconst.pl FORCE # ############################################################################### ifeq ($(CONFIG_SYSTEM_TRUSTED_KEYRING),y) -X509_CERTIFICATES-y := $(wildcard *.x509) $(wildcard $(srctree)/*.x509) +X509_CERTIFICATES-y := $(wildcard *.x509) +ifneq ($(shell /bin/pwd), $(srctree)) +X509_CERTIFICATES-y += $(wildcard $(srctree)/*.x509) +endif X509_CERTIFICATES-$(CONFIG_MODULE_SIG) += signing_key.x509 X509_CERTIFICATES := $(sort $(X509_CERTIFICATES-y)) -- 1.6.0.2 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
