UbiquitousOS
/
OpenCloudOS-Kernel
mirror of https://gitee.com/OpenCloudOS/OpenCloudOS-Kernel.git
11
0
Fork 0
Code Issues Projects Releases Wiki Activity

certs: check-in the default x509 config file 

When x509.genkey is created, it prints a log:

  Generating X.509 key generation config

..., which is not the ordinary Kbuild log style.

Check-in the default config as certs/default_x509.genkey to make it
readable, and copy it to certs/x509.genkey if it is not present.

The log is shown in the Kbuild style.

  COPY    certs/x509.genkey

Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
This commit is contained in:
Masahiro Yamada 2021-11-05 12:59:55 +09:00
parent 54e2c77dd4
commit f3a2ba44e9
2 changed files with 23 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
certs/Makefile
View File

@ -98,25 +98,13 @@ $(obj)/signing_key.pem: $(obj)/x509.genkey
@$(kecho) "### Key pair generated." @$(kecho) "### Key pair generated."
@$(kecho) "###" @$(kecho) "###"
quiet_cmd_copy_x509_config = COPY $@
cmd_copy_x509_config = cat $(srctree)/$(src)/default_x509.genkey > $@
# You can provide your own config file. If not present, copy the default one.
$(obj)/x509.genkey: $(obj)/x509.genkey:
@$(kecho) Generating X.509 key generation config $(call cmd,copy_x509_config)
@echo >$@ "[ req ]"
@echo >>$@ "default_bits = 4096"
@echo >>$@ "distinguished_name = req_distinguished_name"
@echo >>$@ "prompt = no"
@echo >>$@ "string_mask = utf8only"
@echo >>$@ "x509_extensions = myexts"
@echo >>$@
@echo >>$@ "[ req_distinguished_name ]"
@echo >>$@ "#O = Unspecified company"
@echo >>$@ "CN = Build time autogenerated kernel key"
@echo >>$@ "#emailAddress = unspecified.user@unspecified.company"
@echo >>$@
@echo >>$@ "[ myexts ]"
@echo >>$@ "basicConstraints=critical,CA:FALSE"
@echo >>$@ "keyUsage=digitalSignature"
@echo >>$@ "subjectKeyIdentifier=hash"
@echo >>$@ "authorityKeyIdentifier=keyid"
endif # CONFIG_MODULE_SIG_KEY endif # CONFIG_MODULE_SIG_KEY
$(eval $(call config_filename,MODULE_SIG_KEY)) $(eval $(call config_filename,MODULE_SIG_KEY))

17
certs/default_x509.genkey Normal file
View File

@ -0,0 +1,17 @@
[ req ]
default_bits = 4096
distinguished_name = req_distinguished_name
prompt = no
string_mask = utf8only
x509_extensions = myexts
[ req_distinguished_name ]
#O = Unspecified company
CN = Build time autogenerated kernel key
#emailAddress = unspecified.user@unspecified.company
[ myexts ]
basicConstraints=critical,CA:FALSE
keyUsage=digitalSignature
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid