sysadmin/ipxe
1
0
Fork 0
mirror of https://github.com/ipxe/ipxe synced 2026-03-16 03:02:07 +03:00
Code Issues Packages Projects Releases Wiki Activity

[build] Exclude external files from annotation checks

Browse Source 
External files such as embedded scripts or X.509 certificates are not
expected to include source file annotations such as FILE_LICENCE() or
FILE_SECBOOT().  Exclude these external files from the list of
annotated files used to perform licensing and UEFI Secure Boot
eligibility checks.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
This commit is contained in:
Michael Brown
2026-01-28 19:44:09 +00:00
parent 301b1ecf2b
commit dee71adda8
1 changed files with 17 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
src/Makefile.housekeeping
View File

@@ -204,6 +204,10 @@ ifneq ($(strip $(filter-out $(NO_DEP_TARGETS),$(MAKECMDGOALS))),)
NEED_DEPS := 1 NEED_DEPS := 1
endif endif
# Mark the various build-tracking files as unannotated
#
UNANNOTATED := $(BIN)/.%.list
############################################################################### ###############################################################################
# #
# Select build architecture and platform based on $(BIN) # Select build architecture and platform based on $(BIN)
@@ -608,7 +612,8 @@ EMBED_ALL := $(foreach i,$(call seq,1,$(words $(EMBEDDED_FILES))),\
EMBED ( $(i), \"$(word $(i), $(EMBEDDED_FILES))\",\ EMBED ( $(i), \"$(word $(i), $(EMBEDDED_FILES))\",\
\"$(notdir $(word $(i),$(EMBEDDED_FILES)))\" )) \"$(notdir $(word $(i),$(EMBEDDED_FILES)))\" ))
embedded_DEPS += $(EMBEDDED_FILES) $(EMBEDDED_LIST) embedded_DEPS += $(EMBEDDED_FILES) $(EMBEDDED_LIST)
UNANNOTATED += $(EMBEDDED_FILES) $(EMBEDDED_LIST)
CFLAGS_embedded = -DEMBED_ALL="$(EMBED_ALL)" CFLAGS_embedded = -DEMBED_ALL="$(EMBED_ALL)"
@@ -637,7 +642,8 @@ TRUSTED_FPS := $(foreach CERT,$(TRUSTED_CERTS),\
$(shell $(OPENSSL) x509 -in $(CERT) -noout -sha256 \ $(shell $(OPENSSL) x509 -in $(CERT) -noout -sha256 \
-fingerprint))))$(COMMA)) -fingerprint))))$(COMMA))
rootcert_DEPS += $(TRUSTED_FILES) $(TRUSTED_LIST) rootcert_DEPS += $(TRUSTED_FILES) $(TRUSTED_LIST)
UNANNOTATED += $(TRUSTED_FILES) $(TRUSTED_LIST)
CFLAGS_rootcert += $(if $(TRUST_EXT),-DALLOW_TRUST_OVERRIDE=$(TRUST_EXT)) CFLAGS_rootcert += $(if $(TRUST_EXT),-DALLOW_TRUST_OVERRIDE=$(TRUST_EXT))
CFLAGS_rootcert += $(if $(TRUSTED_FPS),-DTRUSTED="$(TRUSTED_FPS)") CFLAGS_rootcert += $(if $(TRUSTED_FPS),-DTRUSTED="$(TRUSTED_FPS)")
@@ -688,7 +694,8 @@ CERT_ALL := $(foreach i,$(call seq,1,$(CERT_COUNT)),\
endif endif
certstore_DEPS += $(CERT_LIST) $(CERT_FILES) $(CERT_PEMS) $(CERT_DERS) certstore_DEPS += $(CERT_LIST) $(CERT_FILES) $(CERT_PEMS) $(CERT_DERS)
UNANNOTATED += $(CERT_LIST) $(CERT_FILES) $(CERT_PEMS) $(CERT_DERS)
CFLAGS_certstore += -DCERT_ALL="$(CERT_ALL)" CFLAGS_certstore += -DCERT_ALL="$(CERT_ALL)"
@@ -721,12 +728,14 @@ ifdef PRIVKEY
$(PRIVKEY_INC) : $(PRIVKEY) $(PRIVKEY_LIST) $(PRIVKEY_INC) : $(PRIVKEY) $(PRIVKEY_LIST)
$(Q)$(OPENSSL) rsa -in $< -outform DER -out $@ $(Q)$(OPENSSL) rsa -in $< -outform DER -out $@
privkey_DEPS += $(PRIVKEY_INC) privkey_DEPS += $(PRIVKEY_INC)
UNANNOTATED += $(PRIVKEY_INC)
endif endif
CLEANUP += $(BIN)/.private_key.* CLEANUP += $(BIN)/.private_key.*
privkey_DEPS += $(PRIVKEY_LIST) privkey_DEPS += $(PRIVKEY_LIST)
UNANNOTATED += $(PRIVKEY_LIST)
CFLAGS_privkey += $(if $(PRIVKEY),-DPRIVATE_KEY="\"$(PRIVKEY_INC)\"") CFLAGS_privkey += $(if $(PRIVKEY),-DPRIVATE_KEY="\"$(PRIVKEY_INC)\"")
@@ -1300,9 +1309,7 @@ $(BIN)/%.nodeps : $(BIN)/%.tmp
# Get annotated dependency list for the specified target # Get annotated dependency list for the specified target
# #
define annotated_deps_list define annotated_deps_list
$(filter-out config/local/%.h,\ $(filter-out $(UNANNOTATED),$(call deps_list,$(1)))
$(filter-out $(BIN)/.%.list,\
$(call deps_list,$(1))))
endef endef
# Get dependency list missing specified declaration for the specified target # Get dependency list missing specified declaration for the specified target
@@ -1533,6 +1540,8 @@ $(CONFIG_LOCAL_HEADERS) :
.PRECIOUS : $(CONFIG_LOCAL_HEADERS) .PRECIOUS : $(CONFIG_LOCAL_HEADERS)
UNANNOTATED += $(CONFIG_LOCAL_HEADERS)
ifneq ($(CONFIG),) ifneq ($(CONFIG),)
CONFIG_LOCAL_NAMED_HEADERS := $(foreach HEADER,$(CONFIG_HEADERS),\ CONFIG_LOCAL_NAMED_HEADERS := $(foreach HEADER,$(CONFIG_HEADERS),\