From 2035bcd40b17832439df0a1eb28403b99a71b74f Mon Sep 17 00:00:00 2001
From: Dave Brolley <brolley@redhat.com>
Date: Mon, 4 May 2009 16:05:22 -0400
Subject: Module signing and verification using a separate file for the module
 signature.

---
 buildrun.cxx | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'buildrun.cxx')

diff --git a/buildrun.cxx b/buildrun.cxx
index 14c6a395..31f7ec00 100644
--- a/buildrun.cxx
+++ b/buildrun.cxx
@@ -10,6 +10,9 @@
 #include "buildrun.h"
 #include "session.h"
 #include "util.h"
+#if HAVE_NSS
+#include "modsign.h"
+#endif
 
 #include <cstdlib>
 #include <fstream>
@@ -218,6 +221,14 @@ compile_pass (systemtap_session& s)
 
   rc = run_make_cmd(s, make_cmd);
 
+#if HAVE_NSS
+  // If a certificate database was specified, then try to sign the module.
+  // Failure to do so is not a fatal error. If the signature is actually needed,
+  // staprun will complain at that time.
+  assert (! s.cert_db_path.empty());
+  sign_module (s);
+#endif
+
   return rc;
 }
 
-- 
cgit