On 09.07.2021 15:36:00, Michael Olbrich wrote:
> So this is not what we want here. Sorry, I didn't notice this in the last
> version. The idea is this:
>
> If the keydir does not exist, then cs_get_ca)() was evaluated too early. So
> the check above should be added as it is here.
> What's now missing is what Marc originally intended and was part of the
> first version of the patch:
> If the keydir exists but no CA, then there will never be a CA and we want
> to match that. So this should be there as well:
>
> if [ -e "${ca}" ]; then
> echo "${ca}"
> fi
>
> instead of this:
>
> > + echo "${ca}"
>
> Now we can do $(if $(shell cs_get_ca ...), ...) to do something only if the
> CA exists.
>
> Marc, that was the use-case, right?ACK, the use case is: | KERNEL_SIGN_OPT = \ | CONFIG_MODULE_SIG_KEY='"$(shell cs_get_uri evm)"' \ | CONFIG_MODULE_SIG_ALL=y \ | $(if $(shell cs_get_ca kernel-trusted), \ | CONFIG_SYSTEM_TRUSTED_KEYS=$(shell cs_get_ca kernel-trusted)) regards, Marc -- Pengutronix e.K. | Marc Kleine-Budde | Embedded Linux | https://www.pengutronix.de | Vertretung West/Dortmund | Phone: +49-231-2826-924 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
signature.asc
Description: PGP signature
_______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-requ...@pengutronix.de
