This commit
commit 09fbc47373826d67531380662b516de2da120545
Author: Mimi Zohar <[email protected]>
Date: Tue Aug 20 14:36:27 2013 -0400
KEYS: verify a certificate is signed by a 'trusted' key
Only public keys, with certificates signed by an existing
'trusted' key on the system trusted keyring, should be added
to a trusted keyring. This patch adds support for verifying
a certificate's signature.
This is derived from David Howells pkcs7_request_asymmetric_key() patch.
Signed-off-by: Mimi Zohar <[email protected]>
Signed-off-by: David Howells <[email protected]>
results in this error with the attached .config:
bjorn@canardo:/usr/local/src/build-tmp/linux$ make -j4 deb-pkg
CHK include/config/kernel.release
make KBUILD_SRC=
make[3]: Nothing to be done for `all'.
CHK include/config/kernel.release
CHK include/generated/uapi/linux/version.h
make[3]: Nothing to be done for `relocs'.
CHK include/generated/utsrelease.h
CALL scripts/checksyscalls.sh
<stdin>:1223:2: warning: #warning syscall finit_module not implemented [-Wcpp]
CHK include/generated/compile.h
make[5]: `arch/x86/realmode/rm/realmode.bin' is up to date.
LD crypto/crypto.o
CC [M] crypto/asymmetric_keys/x509-asn1.o
CC [M] crypto/asymmetric_keys/x509_rsakey-asn1.o
CC [M] crypto/asymmetric_keys/x509_cert_parser.o
CC [M] crypto/async_tx/async_tx.o
CC [M] crypto/asymmetric_keys/x509_public_key.o
crypto/asymmetric_keys/x509_public_key.c: In function ‘x509_key_preparse’:
crypto/asymmetric_keys/x509_public_key.c:237:35: error: ‘system_trusted_keyring’ undeclared (first use in this function)
crypto/asymmetric_keys/x509_public_key.c:237:35: note: each undeclared identifier is reported only once for each function it appears in
make[4]: *** [crypto/asymmetric_keys/x509_public_key.o] Error 1
make[3]: *** [crypto/asymmetric_keys] Error 2
make[3]: *** Waiting for unfinished jobs....
CC [M] crypto/async_tx/async_memcpy.o
CC [M] crypto/async_tx/async_xor.o
CC [M] crypto/async_tx/async_pq.o
CC [M] crypto/async_tx/async_raid6_recov.o
make[2]: *** [crypto] Error 2
make[2]: *** Waiting for unfinished jobs....
make[1]: *** [deb-pkg] Error 2
make: *** [deb-pkg] Error 2
I've confirmed that reverting the commit resolves the error, but I
assume that the proper fix is adding the missing dependency.
Bjørn