[PATCH] fixup! Add security policy support
Ahmad Fatoum
a.fatoum at pengutronix.de
Fri Aug 22 08:59:19 PDT 2025
Hello Sascha,
On 8/22/25 12:37, Sascha Hauer wrote:
> Remove policy-list files before recreating them, otherwise we can get stale
> security configs when changing the build configuration or branch.
>
> Signed-off-by: Sascha Hauer <s.hauer at pengutronix.de>
> ---
> Makefile | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/Makefile b/Makefile
> index 49658e5fe2..be87fbbc7a 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -1195,10 +1195,14 @@ targets += include/generated/sconfig_names.h
> KPOLICY = $(shell find $(objtree)/ -name policy-list -exec cat {} \;)
> KPOLICY.tmp = $(addsuffix .tmp,$(KPOLICY))
>
> +PHONY += remove-policies
> +remove-policies: FORCE
> + find -name "policy-list" | xargs rm
> +
> PHONY += collect-policies
> collect-policies: KBUILD_MODULES :=
> collect-policies: KBUILD_BUILTIN :=
> -collect-policies: $(barebox-dirs) FORCE
> +collect-policies: remove-policies $(barebox-dirs) FORCE
Wouldn't this race with the descend into barebox-dirs? I think we need
to enforce a strict order between these two.
Cheers,
Ahmad
>
> PHONY += security_listconfigs
> security_listconfigs: collect-policies FORCE
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
More information about the barebox
mailing list