[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <1389846443-21270-1-git-send-email-jlee@suse.com>
Date: Thu, 16 Jan 2014 12:27:23 +0800
From: "Lee, Chun-Yi" <joeyli.kernel@...il.com>
To: rusty@...tcorp.com.au, dhowells@...hat.com
Cc: linux-kernel@...r.kernel.org, Chun-Yi Lee <jlee@...e.com>,
Josh Boyer <jwboyer@...hat.com>,
Randy Dunlap <rdunlap@...otime.net>,
Herbert Xu <herbert@...dor.apana.org.au>,
"David S. Miller" <davem@...emloft.net>,
Michal Marek <mmarek@...e.com>
Subject: [RESEND PATCH v3] MODSIGN: Fix including certificate twice when the signing_key.x509 already exists
From: Chun-Yi Lee <jlee@...e.com>
This issue was found in devel-pekey branch on linux-modsign.git tree.
The x509_certificate_list includes certificate twice when the
signing_key.x509 already exists.
We can reproduce this issue by making kernel twice, the build log of
second time looks like this:
...
CHK kernel/config_data.h
CERTS kernel/x509_certificate_list
- Including cert /ramdisk/working/joey/linux-modsign/signing_key.x509
- Including cert signing_key.x509
...
Actually the build path was the same with the srctree path when building
kernel. It causes the size of bzImage increased by packaging
certificates twice.
Originally this patch was signed and merged to devel-pekey in David
Howells's linux-modsign git:
http://lwn.net/Articles/540288/
git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-modsign.git
tags/pekey-20130221
But it is missed in mainline kernel.
v3:
Using realpath to compare current file path with source tree patch.
Thanks for Rusty Russell's suggestion.
v2:
Using '$(shell /bin/pwd)' instead of '$(shell pwd)' for more reliable
between different shells
Cc: Rusty Russell <rusty@...tcorp.com.au>
Cc: Josh Boyer <jwboyer@...hat.com>
Cc: Randy Dunlap <rdunlap@...otime.net>
Cc: Herbert Xu <herbert@...dor.apana.org.au>
Cc: "David S. Miller" <davem@...emloft.net>
Cc: Michal Marek <mmarek@...e.com>
Signed-off-by: Chun-Yi Lee <jlee@...e.com>
Signed-off-by: David Howells <dhowells@...hat.com>
---
kernel/Makefile | 5 ++++-
1 files changed, 4 insertions(+), 1 deletions(-)
diff --git a/kernel/Makefile b/kernel/Makefile
index bc010ee..1d671b1 100644
--- a/kernel/Makefile
+++ b/kernel/Makefile
@@ -136,7 +136,10 @@ $(obj)/timeconst.h: $(obj)/hz.bc $(src)/timeconst.bc FORCE
#
###############################################################################
ifeq ($(CONFIG_SYSTEM_TRUSTED_KEYRING),y)
-X509_CERTIFICATES-y := $(wildcard *.x509) $(wildcard $(srctree)/*.x509)
+X509_CERTIFICATES-y := $(wildcard *.x509)
+ifneq ($(realpath .), $(realpath $(srctree)))
+X509_CERTIFICATES-y += $(wildcard $(srctree)/*.x509)
+endif
X509_CERTIFICATES-$(CONFIG_MODULE_SIG) += $(objtree)/signing_key.x509
X509_CERTIFICATES-raw := $(sort $(foreach CERT,$(X509_CERTIFICATES-y), \
$(or $(realpath $(CERT)),$(CERT))))
--
1.6.4.2
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists