MODSIGN: fix expiry of auto-generated certificates on 32-bit systems

author Rusty Russell <rusty@rustcorp.com.au>

Tue, 2 Oct 2012 03:25:06 +0000 (12:55 +0930)

committer Rusty Russell <rusty@rustcorp.com.au>

Tue, 2 Oct 2012 04:38:20 +0000 (14:08 +0930)
author Rusty Russell <rusty@rustcorp.com.au>
Tue, 2 Oct 2012 03:25:06 +0000 (12:55 +0930)
committer Rusty Russell <rusty@rustcorp.com.au>
Tue, 2 Oct 2012 04:38:20 +0000 (14:08 +0930)
diff --git a/kernel/Makefile b/kernel/Makefile

index e951adf935675af418d069e47360ef38baa6db24..86336c922930e9350f2c382052ff749322b136e8 100644 (file)
--- a/kernel/Makefile
+++ b/kernel/Makefile
@@ -168,6 +168,13 @@ endif
  ifeq ($(sign_key_with_hash),)
  $(error Could not determine digest type to use from kernel config)
  endif
+ifeq ($(CONFIG_64BIT),y)
+# 100 years is beyond my best-before date, anyway.
+end_of_time_days=36500
+else
+# Until 32-bit time_t wraps, with some slack.
+end_of_time_days=$(shell expr \( 2147300000 - `date -u +%s` \) / 86400 )
+endif
  
  signing_key.priv signing_key.x509: x509.genkey
         @echo "###"
@@ -180,7 +187,8 @@ signing_key.priv signing_key.x509: x509.genkey
         @echo "###"
         @echo "###     rngd -r /dev/hwrandom"
         @echo "###"
-       openssl req -new -nodes -utf8 $(sign_key_with_hash) -days 36500 -batch \
+       openssl req -new -nodes -utf8 $(sign_key_with_hash) \
+               -days $(end_of_time_days) -batch \
                 -x509 -config x509.genkey \
                 -outform DER -out signing_key.x509 \
                 -keyout signing_key.priv
author	Rusty Russell <rusty@rustcorp.com.au>
	Tue, 2 Oct 2012 03:25:06 +0000 (12:55 +0930)
committer	Rusty Russell <rusty@rustcorp.com.au>
	Tue, 2 Oct 2012 04:38:20 +0000 (14:08 +0930)