lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 11 Mar 2022 13:34:27 +0900
From:   Masahiro Yamada <masahiroy@...nel.org>
To:     Nayna Jain <nayna@...ux.ibm.com>
Cc:     linux-integrity@...r.kernel.org, keyrings@...r.kernel.org,
        David Howells <dhowells@...hat.com>,
        Mimi Zohar <zohar@...ux.ibm.com>,
        Jarkko Sakkinen <jarkko@...nel.org>,
        linux-security-module <linux-security-module@...r.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        dimitri.ledkov@...onical.com, seth@...shee.me,
        rnsastry@...ux.ibm.com
Subject: Re: [PATCH v11 3/4] certs: conditionally build extract-cert if
 platform keyring is enabled

On Fri, Mar 11, 2022 at 6:45 AM Nayna Jain <nayna@...ux.ibm.com> wrote:
>
> extract-cert is used outside certs/ by INTEGRITY_PLATFORM_KEYRING.
> Also build extract-cert if INTEGRITY_PLATFORM_KEYRING is enabled.

If really so, extract-cert should go back to scripts/ again.
(i.e. revert 340a02535ee785c64c62a9c45706597a0139e972)



>
> Signed-off-by: Nayna Jain <nayna@...ux.ibm.com>
> ---
>  certs/Makefile | 4 ++++
>  1 file changed, 4 insertions(+)
>
> diff --git a/certs/Makefile b/certs/Makefile
> index b92b6ff339d5..dfb48e043cfe 100644
> --- a/certs/Makefile
> +++ b/certs/Makefile
> @@ -88,7 +88,11 @@ $(obj)/x509_revocation_list: $(CONFIG_SYSTEM_REVOCATION_KEYS) $(obj)/extract-cer
>
>  targets += x509_revocation_list
>
> +ifeq ($(CONFIG_INTEGRITY_PLATFORM_KEYRING),y)
> +hostprogs-always-y := extract-cert
> +else
>  hostprogs := extract-cert
> +endif
>
>  HOSTCFLAGS_extract-cert.o = $(shell pkg-config --cflags libcrypto 2> /dev/null)
>  HOSTLDLIBS_extract-cert = $(shell pkg-config --libs libcrypto 2> /dev/null || echo -lcrypto)
> --
> 2.27.0
>


--
Best Regards
Masahiro Yamada

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ