lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CA+55aFyJ4Bx8TUmpOyFMHmm5gnZ3AegBW9EyhrcVpOsoMP9UxQ@mail.gmail.com>
Date:	Fri, 1 May 2015 21:12:47 -0700
From:	Linus Torvalds <torvalds@...ux-foundation.org>
To:	Abelardo Ricart III <aricart@...nix.com>,
	Michal Marek <mmarek@...e.cz>
Cc:	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	Sedat Dilek <sedat.dilek@...il.com>,
	David Howells <dhowells@...hat.com>, keyrings@...ux-nfs.org,
	Rusty Russell <rusty@...tcorp.com.au>,
	LSM List <linux-security-module@...r.kernel.org>,
	James Morris <james.l.morris@...cle.com>,
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: Re: [PATCH] MODSIGN: Change default key details [ver #2]

On Fri, May 1, 2015 at 2:41 PM, Abelardo Ricart III <aricart@...nix.com> wrote:
>
> Here's my two-line patch strictly defining the build order, for your perusal.

Ok, so this looks possible and sounds like it could explain the issues.

But I'd like somebody who is much more familiar with these kinds of
subtleties in 'make' to take anothe rlook and ack it. Because I had
personally never even heard (much less used) about these magical GNU
make "order-only prerequisites". Live and learn.

> -signing_key.priv signing_key.x509: x509.genkey
> +signing_key.priv signing_key.x509: | x509.genkey
> +       $(warning *** X.509 module signing key pair not found in root of source tree ***)

So we shouldn't warn about this. The "generate random key" should be
the normal action for just about everybody but actual preduction
vendor builds. It's definitely not an error condition.

But that ": |" syntax is interesting. I quick grep does show that we
do have a few previous uses, so I guess we really *do* use just about
every possible feature of GNU make even if I wasn't aware of this
one..

The "generate random key" does seem to be a similar "prep" phase as
the __dtbs_install_prep thing we do in the dtb install.

Adding Michal Marek to the cc, since I want an Ack from somebody who
knows the details of GNU make more than I do.  Anybody else who is a
makefile God?

                    Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ