lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1439370753.3100.58.camel@infradead.org>
Date:	Wed, 12 Aug 2015 10:12:33 +0100
From:	David Woodhouse <dwmw2@...radead.org>
To:	James Morris <jmorris@...ei.org>
Cc:	David Howells <dhowells@...hat.com>, mcgrof@...il.com,
	zohar@...ux.vnet.ibm.com, linux-kernel@...r.kernel.org,
	linux-security-module@...r.kernel.org
Subject: Re: [GIT PULL] MODSIGN: Use PKCS#7 for module signatures [ver #7a]

On Wed, 2015-08-12 at 19:08 +1000, James Morris wrote:
> 
>   CHK     include/generated/compile.h
>   EXTRACT_CERTS   signing_key.pem
> At main.c:146:
> - SSL error:02001002:system library:fopen:No such file or directory: 
> bss_file.c:169
> - SSL error:2006D080:BIO routines:BIO_new_file:no such file: 
> bss_file.c:172
> extract-cert: signing_key.pem: No such file or directory
> rm: cannot remove `signing_key.x509': No such file or directory
> make[1]: *** [signing_key.x509] Error 1
> make: *** [kernel] Error 2

Hm, but that ought to have a dependency on signing_key.pem.

What is CONFIG_MODULE_SIG_KEY? Its default value of 'signing_key.pem'?
That should mean that the rule in kernel/Makefile to create the signing
key does exist.

At the very end of kernel/Makefile, in the rule for signing_key.x509,
please could you add an 'echo $(X509_DEP)' before the call to
extract_certs? That ought to be correctly depending on the
signing_key.pem file.

There's magic here to work out the precise dependency, since it might
be a filename relative to either the build tree or the source tree.
I'll take another look and work out how it copes in the case where the
file doesn't exist yet... is this an out-of-tree build?

-- 
dwmw2


Download attachment "smime.p7s" of type "application/x-pkcs7-signature" (5691 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ