Skip to content

Commit dee71ad

Browse files
mcb30mcb30
committed
[build] Exclude external files from annotation checks
External files such as embedded scripts or X.509 certificates are not expected to include source file annotations such as FILE_LICENCE() or FILE_SECBOOT(). Exclude these external files from the list of annotated files used to perform licensing and UEFI Secure Boot eligibility checks. Signed-off-by: Michael Brown <mcb30@ipxe.org>
1 parent 301b1ec commit dee71ad

1 file changed

Lines changed: 17 additions & 8 deletions

File tree

src/Makefile.housekeeping

Lines changed: 17 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -204,6 +204,10 @@ ifneq ($(strip $(filter-out $(NO_DEP_TARGETS),$(MAKECMDGOALS))),)
204204
NEED_DEPS := 1
205205
endif
206206

207+
# Mark the various build-tracking files as unannotated
208+
#
209+
UNANNOTATED := $(BIN)/.%.list
210+
207211
###############################################################################
208212
#
209213
# Select build architecture and platform based on $(BIN)
@@ -608,7 +612,8 @@ EMBED_ALL := $(foreach i,$(call seq,1,$(words $(EMBEDDED_FILES))),\
608612
EMBED ( $(i), \"$(word $(i), $(EMBEDDED_FILES))\",\
609613
\"$(notdir $(word $(i),$(EMBEDDED_FILES)))\" ))
610614

611-
embedded_DEPS += $(EMBEDDED_FILES) $(EMBEDDED_LIST)
615+
embedded_DEPS += $(EMBEDDED_FILES) $(EMBEDDED_LIST)
616+
UNANNOTATED += $(EMBEDDED_FILES) $(EMBEDDED_LIST)
612617

613618
CFLAGS_embedded = -DEMBED_ALL="$(EMBED_ALL)"
614619

@@ -637,7 +642,8 @@ TRUSTED_FPS := $(foreach CERT,$(TRUSTED_CERTS),\
637642
$(shell $(OPENSSL) x509 -in $(CERT) -noout -sha256 \
638643
-fingerprint))))$(COMMA))
639644

640-
rootcert_DEPS += $(TRUSTED_FILES) $(TRUSTED_LIST)
645+
rootcert_DEPS += $(TRUSTED_FILES) $(TRUSTED_LIST)
646+
UNANNOTATED += $(TRUSTED_FILES) $(TRUSTED_LIST)
641647

642648
CFLAGS_rootcert += $(if $(TRUST_EXT),-DALLOW_TRUST_OVERRIDE=$(TRUST_EXT))
643649
CFLAGS_rootcert += $(if $(TRUSTED_FPS),-DTRUSTED="$(TRUSTED_FPS)")
@@ -688,7 +694,8 @@ CERT_ALL := $(foreach i,$(call seq,1,$(CERT_COUNT)),\
688694

689695
endif
690696

691-
certstore_DEPS += $(CERT_LIST) $(CERT_FILES) $(CERT_PEMS) $(CERT_DERS)
697+
certstore_DEPS += $(CERT_LIST) $(CERT_FILES) $(CERT_PEMS) $(CERT_DERS)
698+
UNANNOTATED += $(CERT_LIST) $(CERT_FILES) $(CERT_PEMS) $(CERT_DERS)
692699

693700
CFLAGS_certstore += -DCERT_ALL="$(CERT_ALL)"
694701

@@ -721,12 +728,14 @@ ifdef PRIVKEY
721728
$(PRIVKEY_INC) : $(PRIVKEY) $(PRIVKEY_LIST)
722729
$(Q)$(OPENSSL) rsa -in $< -outform DER -out $@
723730

724-
privkey_DEPS += $(PRIVKEY_INC)
731+
privkey_DEPS += $(PRIVKEY_INC)
732+
UNANNOTATED += $(PRIVKEY_INC)
725733
endif
726734

727735
CLEANUP += $(BIN)/.private_key.*
728736

729-
privkey_DEPS += $(PRIVKEY_LIST)
737+
privkey_DEPS += $(PRIVKEY_LIST)
738+
UNANNOTATED += $(PRIVKEY_LIST)
730739

731740
CFLAGS_privkey += $(if $(PRIVKEY),-DPRIVATE_KEY="\"$(PRIVKEY_INC)\"")
732741

@@ -1300,9 +1309,7 @@ $(BIN)/%.nodeps : $(BIN)/%.tmp
13001309
# Get annotated dependency list for the specified target
13011310
#
13021311
define annotated_deps_list
1303-
$(filter-out config/local/%.h,\
1304-
$(filter-out $(BIN)/.%.list,\
1305-
$(call deps_list,$(1))))
1312+
$(filter-out $(UNANNOTATED),$(call deps_list,$(1)))
13061313
endef
13071314

13081315
# Get dependency list missing specified declaration for the specified target
@@ -1533,6 +1540,8 @@ $(CONFIG_LOCAL_HEADERS) :
15331540

15341541
.PRECIOUS : $(CONFIG_LOCAL_HEADERS)
15351542

1543+
UNANNOTATED += $(CONFIG_LOCAL_HEADERS)
1544+
15361545
ifneq ($(CONFIG),)
15371546

15381547
CONFIG_LOCAL_NAMED_HEADERS := $(foreach HEADER,$(CONFIG_HEADERS),\

0 commit comments

Comments
 (0)