lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 5 Jun 2017 18:12:30 +0900 From: Masahiro Yamada <yamada.masahiro@...ionext.com> To: Stephen Hemminger <stephen@...workplumber.org> Cc: Michal Marek <mmarek@...e.com>, Linux Kbuild mailing list <linux-kbuild@...r.kernel.org>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, Stephen Hemminger <sthemmin@...rosoft.com>, David Woodhouse <dwmw2@...radead.org>, David Howells <dhowells@...hat.com> Subject: Re: [PATCH 1/2] kbuild: cleanup signing keys with mrproper Hi Stephen, Sorry for my late reply. 2017-05-12 2:25 GMT+09:00 Stephen Hemminger <stephen@...workplumber.org>: > On Wed, 3 May 2017 13:37:08 +0900 > Masahiro Yamada <yamada.masahiro@...ionext.com> wrote: > >> +CC David Woodhouse >> +CC David Howells >> >> >> 2017-04-15 6:54 GMT+09:00 Stephen Hemminger <stephen@...workplumber.org>: >> > When 'make mrproper' is run it was supposed to remove the signing >> > keys in the certs directory, but only the filename is given >> > rather than the pathanme which is necessary to cause cleanup. >> > >> > Signed-off-by: Stephen Hemminger <sthemmin@...rosoft.com> >> > --- >> > Makefile | 6 +++--- >> > 1 file changed, 3 insertions(+), 3 deletions(-) >> > >> > diff --git a/Makefile b/Makefile >> > index efa267a92ba6..04ca211552f7 100644 >> > --- a/Makefile >> > +++ b/Makefile >> > @@ -1274,9 +1274,9 @@ MRPROPER_DIRS += include/config usr/include include/generated \ >> > arch/*/include/generated .tmp_objdiff >> > MRPROPER_FILES += .config .config.old .version .old_version \ >> > Module.symvers tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS \ >> > - signing_key.pem signing_key.priv signing_key.x509 \ >> > - x509.genkey extra_certificates signing_key.x509.keyid \ >> > - signing_key.x509.signer vmlinux-gdb.py >> > + certs/signing_key.pem certs/signing_key.priv certs/signing_key.x509 \ >> > + certs/x509.genkey certs/extra_certificates certs/signing_key.x509.keyid \ >> > + certs/signing_key.x509.signer vmlinux-gdb.py >> > >> >> The logic seems quite simple, >> but I am not quite sure which file is still valid? >> >> >> [1] signing_key.pem - OK, this should be certs/signing_key.pem >> and removed by 'make mrproper' >> >> [2] signing_key.priv - deprecated by commit fb1179499134 ? >> >> [3] signing_key.x509 - OK, this should be certs/signing_key.x509 >> and removed by 'make mrproper' >> >> [4] x509.genkey - this is an intermediate file for generating signing_key.pem, >> but unneeded for installing external modules. >> Does it make more sense to delete this by 'make clean'? >> >> [5] extra_certificates - I am not sure where this is generated, and used >> >> [6] siging_key.x509.keyid - same as [5] >> >> [7] signing_key.x509.signer - same as [5] > > Retested with current Linus tree: > > After build, these files are present: > signing_key.x509 > > This file is never cleaned up by clean or proper. > > The changes that I think are necessary: > certs/extra_certificates is no longer used, remove it from Makefile > > certs/signing_key.x509 should be removed by mrproper I agree. I'd like obsolete files dropped from the list before fixing the file paths. -- Best Regards Masahiro Yamada
Powered by blists - more mailing lists