diff options
| author | Steve McIntyre <steve@einval.com> | 2024-03-19 20:15:46 +0000 |
|---|---|---|
| committer | Steve McIntyre <48764113+steve-mcintyre@users.noreply.github.com> | 2024-03-19 20:43:06 +0000 |
| commit | 126a07ebc30bbd203b6966465b058da741b2654b (patch) | |
| tree | 858a6e6d415e9a9cd50c05942dd03b115dde7556 | |
| parent | 5914984a1ffeab841f482c791426d7ca9935a5e6 (diff) | |
| download | efi-boot-shim-126a07ebc30bbd203b6966465b058da741b2654b.tar.gz efi-boot-shim-126a07ebc30bbd203b6966465b058da741b2654b.zip | |
Validate that a supplied vendor cert is not in PEM format
If we see "BEGIN", it's likely a PEM certificate and won't work. Fail
the build early and say so.
Fixes #645
Signed-off-by: Steve McIntyre <steve@einval.com>
| -rw-r--r-- | Makefile | 10 |
1 files changed, 9 insertions, 1 deletions
@@ -69,13 +69,21 @@ ifneq ($(origin FALLBACK_VERBOSE_WAIT), undefined) CFLAGS += -DFALLBACK_VERBOSE_WAIT=$(FALLBACK_VERBOSE_WAIT) endif -all: confcheck $(TARGETS) +all: confcheck certcheck $(TARGETS) confcheck: ifneq ($(origin EFI_PATH),undefined) $(error EFI_PATH is no longer supported, you must build using the supplied copy of gnu-efi) endif +certcheck: +ifneq ($(origin VENDOR_CERT_FILE), undefined) + @if grep -q "BEGIN" $(VENDOR_CERT_FILE); then \ + echo "$(VENDOR_CERT_FILE) is PEM-format, convert to DER!"; \ + exit 1; \ + fi +endif + compile_commands.json : Makefile Make.rules Make.defaults make clean bear -- make COMPILER=clang test all |