lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1432017624.3277.19.camel@intel.com>
Date:	Tue, 19 May 2015 06:40:25 +0000
From:	"Woodhouse, David" <david.woodhouse@...el.com>
To:	"zohar@...ux.vnet.ibm.com" <zohar@...ux.vnet.ibm.com>
CC:	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	"mmarek@...e.cz" <mmarek@...e.cz>,
	"keyrings@...ux-nfs.org" <keyrings@...ux-nfs.org>,
	"seth.forshee@...onical.com" <seth.forshee@...onical.com>,
	"dmitry.kasatkin@...il.com" <dmitry.kasatkin@...il.com>,
	"rusty@...tcorp.com.au" <rusty@...tcorp.com.au>,
	"dhowells@...hat.com" <dhowells@...hat.com>,
	"linux-security-module@...r.kernel.org" 
	<linux-security-module@...r.kernel.org>,
	"mcgrof@...e.com" <mcgrof@...e.com>,
	"mjg59@...f.ucam.org" <mjg59@...f.ucam.org>
Subject: Re: [PATCH 1/4] modsign: Abort modules_install when signing fails

On Mon, 2015-05-18 at 21:29 -0400, Mimi Zohar wrote:
> On Fri, 2015-05-15 at 17:52 +0100, David Woodhouse wrote:
> > Signed-off-by: David Woodhouse <David.Woodhouse@...el.com>
> 
> I assume the patch descriptions will be added before being upstreamed.  

This patch aborts modules_install when signing fails :)

> With this patch, as expected the modules_install aborted on failure.  Is
> there any way to capture the reason for the failure?   In my case,
> dropping the '-j <num>' option resolved the problem.

Hm, was there no output from sign-file when this happened? Remember that
with a parallel make the error which stops the build might not be the
last thing it printed. Can you show the full output?

It's possible that there's a limit on the number of sessions you can
have open to the hardware token, and we are exceeding it with a parallel
build. I thought that pcscd was going to serialize the access and it
should work properly though. I can certainly do 'make -j
modules_install' with a Yubikey NEO here (although my test build only
has about 20 modules).

Any better ideas on how to specify the key passphrase/PIN? Just put it
in a file in the top-level directory? 

-- 
David Woodhouse                            Open Source Technology Centre
David.Woodhouse@...el.com                              Intel Corporation

Download attachment "smime.p7s" of type "application/x-pkcs7-signature" (3437 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ