| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <157933.1615290381@warthog.procyon.org.uk>
Date: Tue, 09 Mar 2021 11:46:21 +0000
From: David Howells <dhowells@...hat.com>
To: Eric Snowberg <eric.snowberg@...cle.com>
Cc: dhowells@...hat.com, Randy Dunlap <rdunlap@...radead.org>,
Jarkko Sakkinen <jarkko@...nel.org>, nathan@...nel.org,
David Woodhouse <dwmw2@...radead.org>,
keyrings@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] certs: Fix wrong kconfig option used for x509_revocation_list
Eric Snowberg <eric.snowberg@...cle.com> wrote:
> >> @@ -11,7 +11,7 @@ hostprogs-always-$(CONFIG_ASN1) += asn1_compiler
> >> hostprogs-always-$(CONFIG_MODULE_SIG_FORMAT) += sign-file
> >> hostprogs-always-$(CONFIG_SYSTEM_TRUSTED_KEYRING) += extract-cert
> >> hostprogs-always-$(CONFIG_SYSTEM_EXTRA_CERTIFICATE) += insert-sys-cert
> >> - hostprogs-always-$(CONFIG_SYSTEM_BLACKLIST_KEYRING) += extract-cert
> >> +hostprogs-always-$(CONFIG_SYSTEM_REVOCATION_LIST) += extract-cert
> >
> > Hmmm... We have extract-cert listed twice. Does that matter, I wonder?
>
> Isn’t this necessary, since one could build with either
> CONFIG_SYSTEM_REVOCATION_LIST or CONFIG_SYSTEM_TRUSTED_KEYRING, without
> the other being defined?
Well, it could be handled with its own Kconfig, say CONFIG_BUILD_EXTRACT_CERT,
but that would seem like overkill. I think make should handle a dependency
being listed multiple times for a target, but it might make sense to list them
next to each other.
David
Powered by blists - more mailing lists