lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <YhSa8bOW7sOd1cp0@buildd.core.avm.de>
Date:   Tue, 22 Feb 2022 09:12:33 +0100
From:   Nicolas Schier <n.schier@....de>
To:     Masahiro Yamada <masahiroy@...nel.org>
Cc:     linux-kbuild@...r.kernel.org, David Howells <dhowells@...hat.com>,
        David Woodhouse <dwmw2@...radead.org>,
        keyrings@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 2/2] certs: simplify empty certs creation in
 certs/Makefile

On Fri, Feb 18, 2022 at 01:46:34PM +0900, Masahiro Yamada wrote:
> To create an empty cert file, we need to pass "" to the extract-cert
> tool, which is common for all the three call-sites of cmd_exract_certs.

Missing a 't' in 'cmd_exract_certs'.

Reviewed-by: Nicolas Schier <n.schier@....de>

> 
> Factor out the logic into extract-cert-in.
> 
> One exceptional case is PKCS#11 case, where we override extract-cert-in
> with the URI.
> 
> Signed-off-by: Masahiro Yamada <masahiroy@...nel.org>
> ---
> 
>  certs/Makefile | 21 +++++++++++----------
>  1 file changed, 11 insertions(+), 10 deletions(-)
> 
> diff --git a/certs/Makefile b/certs/Makefile
> index 68c1d7b9a388..d8443cfb1c40 100644
> --- a/certs/Makefile
> +++ b/certs/Makefile
> @@ -13,12 +13,13 @@ obj-$(CONFIG_SYSTEM_BLACKLIST_KEYRING) += blacklist_nohashes.o
>  endif
>  
>  quiet_cmd_extract_certs  = CERT    $@
> -      cmd_extract_certs  = $(obj)/extract-cert $(2) $@
> +      cmd_extract_certs  = $(obj)/extract-cert $(extract-cert-in) $@
> +extract-cert-in = $(or $(filter-out $(obj)/extract-cert, $(real-prereqs)),"")
>  
>  $(obj)/system_certificates.o: $(obj)/x509_certificate_list
>  
>  $(obj)/x509_certificate_list: $(CONFIG_SYSTEM_TRUSTED_KEYS) $(obj)/extract-cert FORCE
> -	$(call if_changed,extract_certs,$(if $(CONFIG_SYSTEM_TRUSTED_KEYS),$<,""))
> +	$(call if_changed,extract_certs)
>  
>  targets += x509_certificate_list
>  
> @@ -52,22 +53,22 @@ $(obj)/x509.genkey:
>  
>  endif # CONFIG_MODULE_SIG_KEY
>  
> -# If CONFIG_MODULE_SIG_KEY isn't a PKCS#11 URI, depend on it
> -ifneq ($(filter-out pkcs11:%, $(CONFIG_MODULE_SIG_KEY)),)
> -X509_DEP := $(CONFIG_MODULE_SIG_KEY)
> -endif
> -
>  $(obj)/system_certificates.o: $(obj)/signing_key.x509
>  
> -$(obj)/signing_key.x509: $(X509_DEP) $(obj)/extract-cert FORCE
> -	$(call if_changed,extract_certs,$(if $(CONFIG_MODULE_SIG_KEY),$(if $(X509_DEP),$<,$(CONFIG_MODULE_SIG_KEY)),""))
> +PKCS11_URI := $(filter pkcs11:%, $(CONFIG_MODULE_SIG_KEY))
> +ifdef PKCS11_URI
> +$(obj)/signing_key.x509: extract-cert-in := $(PKCS11_URI)
> +endif
> +
> +$(obj)/signing_key.x509: $(filter-out $(PKCS11_URI),$(CONFIG_MODULE_SIG_KEY)) $(obj)/extract-cert FORCE
> +	$(call if_changed,extract_certs)
>  
>  targets += signing_key.x509
>  
>  $(obj)/revocation_certificates.o: $(obj)/x509_revocation_list
>  
>  $(obj)/x509_revocation_list: $(CONFIG_SYSTEM_REVOCATION_KEYS) $(obj)/extract-cert FORCE
> -	$(call if_changed,extract_certs,$(if $(CONFIG_SYSTEM_REVOCATION_KEYS),$<,""))
> +	$(call if_changed,extract_certs)
>  
>  targets += x509_revocation_list
>  
> -- 
> 2.32.0
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ