| Message ID | 20220912065210.7932-1-masahiroy@kernel.org (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | certs: make system keyring depend on built-in x509 parser | expand |
On Mon, Sep 12, 2022 at 03:52:10PM +0900, Masahiro Yamada wrote: > Commit e90886291c7c ("certs: make system keyring depend on x509 parser") > is not the right fix because x509_load_certificate_list() can be modular. ... oif. > --- a/certs/Kconfig > +++ b/certs/Kconfig > @@ -43,7 +43,7 @@ config SYSTEM_TRUSTED_KEYRING > - depends on X509_CERTIFICATE_PARSER > + depends on X509_CERTIFICATE_PARSER = y This works. Meow!
diff --git a/certs/Kconfig b/certs/Kconfig index bf9b511573d7..1f109b070877 100644 --- a/certs/Kconfig +++ b/certs/Kconfig @@ -43,7 +43,7 @@ config SYSTEM_TRUSTED_KEYRING bool "Provide system-wide ring of trusted keys" depends on KEYS depends on ASYMMETRIC_KEY_TYPE - depends on X509_CERTIFICATE_PARSER + depends on X509_CERTIFICATE_PARSER = y help Provide a system keyring to which trusted keys can be added. Keys in the keyring are considered to be trusted. Keys may be added at will
Commit e90886291c7c ("certs: make system keyring depend on x509 parser") is not the right fix because x509_load_certificate_list() can be modular. The combination of CONFIG_SYSTEM_TRUSTED_KEYRING=y and CONFIG_X509_CERTIFICATE_PARSER=m still results in the following error: LD .tmp_vmlinux.kallsyms1 ld: certs/system_keyring.o: in function `load_system_certificate_list': system_keyring.c:(.init.text+0x8c): undefined reference to `x509_load_certificate_list' make: *** [Makefile:1169: vmlinux] Error 1 Fixes: e90886291c7c ("certs: make system keyring depend on x509 parser") Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> --- certs/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)