CLEAN_DIRS := .tmp_versions
LIBEXECDIR = ../../../../libexec/systemtap
-CERTFILE = ~/.systemtap/ssl/server/stap.cert
CERTDB = ../../../../etc/systemtap/staprun
-# Build the module and sign it.
+# Build the module and, if we are root or stap-server, sign it.
+# Make sure that all the required tools and resources are available
+# before attempting to sign the module.
# Ensure that the generated files are writeable by the group which
# owns this build directory. This is so that the stap-server service
# can rebuild the module, if necessary.
-# Make sure that all the required tools and resources are available
-# before attempting to sign the module.
default:
$(MAKE) -C $(KDIR) SUBDIRS=$(PWD) modules
- if test -x $(LIBEXECDIR)/stap-sign-module; then \
- if test -x `which certutil`; then \
- if ! test -f $(CERTFILE); then \
+ if test `id -u` = 0 -o `id -un` = stap-server; then \
+ if test -x $(LIBEXECDIR)/stap-sign-module; then \
+ stap_dir=${SYSTEMTAP_DIR}; \
+ if test -z "$$stap_dir"; then \
+ stap_dir=~/.systemtap; \
+ fi; \
+ certfile=$$stap_dir/ssl/server/stap.cert; \
+ if ! test -f $$certfile; then \
$(LIBEXECDIR)/stap-gen-cert; \
fi; \
- if ! test -d $(CERTDB); then \
- mkdir -p $(CERTDB); \
+ if test `id -u` = 0; then \
+ $(LIBEXECDIR)/stap-authorize-cert $$certfile $(CERTDB); \
fi; \
- certutil -A -n stap-server -d $(CERTDB) -i $(CERTFILE) -t "P,P,P"; \
for f in *.ko; do \
if test ! -e $$f.sgn -o $$f.sgn -ot $$f; then \
$(LIBEXECDIR)/stap-sign-module $$f; \