extract-cert: Cope with multiple X.509 certificates in a single file
This is not required for the module signing key, although it doesn't do any harm — it just means that any additional certs in the PEM file are also trusted by the kernel. But it does allow us to use the extract-cert tool for processing the extra certs from CONFIG_SYSTEM_TRUSTED_KEYS, instead of that horrid awk|base64 hack. Also cope with being invoked with no input file, creating an empty output file as a result. Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Signed-off-by: David Howells <dhowells@redhat.com>
Showing
Please register or sign in to comment