git: d1dfe419acc0 - main - libsecureboot allow site.trust.mk to override settings

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Simon J. Gerraty <sjg_at_FreeBSD.org>
Date: Sat, 15 Apr 2023 00:29:35 UTC

The branch main has been updated by sjg:

URL: https://cgit.FreeBSD.org/src/commit/?id=d1dfe419acc06d9239f324a219ee9df36dbed817

commit d1dfe419acc06d9239f324a219ee9df36dbed817
Author:     Simon J. Gerraty <sjg@FreeBSD.org>
AuthorDate: 2023-04-15 00:28:10 +0000
Commit:     Simon J. Gerraty <sjg@FreeBSD.org>
CommitDate: 2023-04-15 00:28:10 +0000

    libsecureboot allow site.trust.mk to override settings
    
    The current content of local.trust.mk is mostly for example
    purposes.
---
 lib/libsecureboot/local.trust.mk | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/lib/libsecureboot/local.trust.mk b/lib/libsecureboot/local.trust.mk
index b28e5ee2d1ef..cc88528ba707 100644
--- a/lib/libsecureboot/local.trust.mk
+++ b/lib/libsecureboot/local.trust.mk
@@ -37,6 +37,9 @@ VE_SIGNATURE_EXT_LIST+= \
 VE_SIGNATURE_LIST+= OPENPGP
 VE_SIGNATURE_EXT_LIST+= asc
 
+# allow site override of all the above
+.-include "site.trust.mk"
+
 SIGNER ?= ${SB_TOOLS_PATH:U/volume/buildtools/bin}/sign.py
 
 .if exists(${SIGNER})
@@ -109,7 +112,7 @@ ta.h: vc_rsa.pem
 TRUST_ANCHORS!= cd ${.CURDIR} && 'ls' -1 *.pem t*.asc 2> /dev/null
 .endif
 .if empty(TRUST_ANCHORS) && ${MK_LOADER_EFI_SECUREBOOT} != "yes"
-.error Need TRUST_ANCHORS see ${.CURDIR}/README.rst
+.error Need TRUST_ANCHORS see ${.PARSEDIR}/README.rst
 .endif
 .if ${TRUST_ANCHORS:T:Mt*.pem} != ""
 ta.h: ${TRUST_ANCHORS:M*.pem}