Re: [PATCH] modsign: Use single PEM file for autogenerated key

From: David Woodhouse
Date: Thu May 21 2015 - 07:31:51 EST

Next message: Hubbe, Allen: "RE: [PATCH 02/16] NTB Abstraction Layer"
Previous message: Arnd Bergmann: "Re: [PATCH] scsi: debug: fix type mismatch warning for sg_pcopy_from_buffer"
In reply to: David Woodhouse: "Re: [PATCH] modsign: Use single PEM file for autogenerated key"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 2015-05-20 at 15:56 +0100, David Howells wrote:
> Should some sort of warning then be emitted if $(wildcard *.x509) *does* turn
> up anything? Just so that people don't get unexpectedly surprised when their
> auxiliary keys are suddenly ignored.

I've added a note to the help text for the CONFIG_SYSTEM_TRUSTED_KEYS
option, to warn people that *.x509 will no longer be implicitly trusted.

I suppose if you *really* insist, we could do something like

ifneq ($(filter-out signing_key.x509,$(wildcard *.x509)),)
$(warning ...)
endif

That detail aside, if we have consensus that the patch below is the way
forward, I may reshuffle the previous patches in the tree a little to
include this...

Next message: Hubbe, Allen: "RE: [PATCH 02/16] NTB Abstraction Layer"
Previous message: Arnd Bergmann: "Re: [PATCH] scsi: debug: fix type mismatch warning for sg_pcopy_from_buffer"
In reply to: David Woodhouse: "Re: [PATCH] modsign: Use single PEM file for autogenerated key"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]