lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <874ced6f-01f8-558a-bea8-4acc46288bb8@linux.vnet.ibm.com>
Date:   Mon, 14 Mar 2022 09:42:35 -0400
From:   Nayna <nayna@...ux.vnet.ibm.com>
To:     masahiroy@...nel.org
Cc:     dhowells@...hat.com, zohar@...ux.ibm.com, jarkko@...nel.org,
        linux-security-module@...r.kernel.org,
        linux-kernel@...r.kernel.org, dimitri.ledkov@...onical.com,
        seth@...shee.me, rnsastry@...ux.ibm.com,
        Nayna Jain <nayna@...ux.ibm.com>, keyrings@...r.kernel.org,
        linux-integrity@...r.kernel.org
Subject: Re: [PATCH v12 3/4] Revert "certs: move scripts/extract-cert to
 certs/"


On 3/11/22 16:03, Nayna Jain wrote:
> This reverts commit 340a02535ee785c64c62a9c45706597a0139e972.
>
> extract-cert is used outside certs/ by INTEGRITY_PLATFORM_KEYRING.

Hi Masahiro,

Could you review and Ack this patch ?

Thanks & Regards,

     - Nayna


>
> Signed-off-by: Nayna Jain <nayna@...ux.ibm.com>
> ---
>   MAINTAINERS                       |  1 +
>   certs/.gitignore                  |  1 -
>   certs/Makefile                    | 13 ++++---------
>   scripts/.gitignore                |  1 +
>   scripts/Makefile                  | 11 +++++++++--
>   {certs => scripts}/extract-cert.c |  2 +-
>   scripts/remove-stale-files        |  2 --
>   7 files changed, 16 insertions(+), 15 deletions(-)
>   rename {certs => scripts}/extract-cert.c (98%)
>
> diff --git a/MAINTAINERS b/MAINTAINERS
> index 05fd080b82f3..cf4cd22ca3a0 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -4471,6 +4471,7 @@ L:	keyrings@...r.kernel.org
>   S:	Maintained
>   F:	Documentation/admin-guide/module-signing.rst
>   F:	certs/
> +F:	scripts/extract-cert.c
>   F:	scripts/sign-file.c
>   
>   CFAG12864B LCD DRIVER
> diff --git a/certs/.gitignore b/certs/.gitignore
> index 9e42fe3e02f5..8c3763f80be3 100644
> --- a/certs/.gitignore
> +++ b/certs/.gitignore
> @@ -1,4 +1,3 @@
>   # SPDX-License-Identifier: GPL-2.0-only
> -/extract-cert
>   /x509_certificate_list
>   /x509_revocation_list
> diff --git a/certs/Makefile b/certs/Makefile
> index b92b6ff339d5..a4a6f6a78904 100644
> --- a/certs/Makefile
> +++ b/certs/Makefile
> @@ -14,11 +14,11 @@ obj-$(CONFIG_SYSTEM_BLACKLIST_KEYRING) += blacklist_nohashes.o
>   endif
>   
>   quiet_cmd_extract_certs  = CERT    $@
> -      cmd_extract_certs  = $(obj)/extract-cert $(2) $@
> +      cmd_extract_certs  = scripts/extract-cert $(2) $@
>   
>   $(obj)/system_certificates.o: $(obj)/x509_certificate_list
>   
> -$(obj)/x509_certificate_list: $(CONFIG_SYSTEM_TRUSTED_KEYS) $(obj)/extract-cert FORCE
> +$(obj)/x509_certificate_list: $(CONFIG_SYSTEM_TRUSTED_KEYS) scripts/extract-cert FORCE
>   	$(call if_changed,extract_certs,$(if $(CONFIG_SYSTEM_TRUSTED_KEYS),$<,""))
>   
>   targets += x509_certificate_list
> @@ -75,7 +75,7 @@ endif
>   
>   $(obj)/system_certificates.o: $(obj)/signing_key.x509
>   
> -$(obj)/signing_key.x509: $(X509_DEP) $(obj)/extract-cert FORCE
> +$(obj)/signing_key.x509: $(X509_DEP) scripts/extract-cert FORCE
>   	$(call if_changed,extract_certs,$(if $(CONFIG_MODULE_SIG_KEY),$(if $(X509_DEP),$<,$(CONFIG_MODULE_SIG_KEY)),""))
>   endif # CONFIG_MODULE_SIG
>   
> @@ -83,12 +83,7 @@ targets += signing_key.x509
>   
>   $(obj)/revocation_certificates.o: $(obj)/x509_revocation_list
>   
> -$(obj)/x509_revocation_list: $(CONFIG_SYSTEM_REVOCATION_KEYS) $(obj)/extract-cert FORCE
> +$(obj)/x509_revocation_list: $(CONFIG_SYSTEM_REVOCATION_KEYS) scripts/extract-cert FORCE
>   	$(call if_changed,extract_certs,$(if $(CONFIG_SYSTEM_REVOCATION_KEYS),$<,""))
>   
>   targets += x509_revocation_list
> -
> -hostprogs := extract-cert
> -
> -HOSTCFLAGS_extract-cert.o = $(shell pkg-config --cflags libcrypto 2> /dev/null)
> -HOSTLDLIBS_extract-cert = $(shell pkg-config --libs libcrypto 2> /dev/null || echo -lcrypto)
> diff --git a/scripts/.gitignore b/scripts/.gitignore
> index eed308bef604..e83c620ef52c 100644
> --- a/scripts/.gitignore
> +++ b/scripts/.gitignore
> @@ -1,6 +1,7 @@
>   # SPDX-License-Identifier: GPL-2.0-only
>   /asn1_compiler
>   /bin2c
> +/extract-cert
>   /insert-sys-cert
>   /kallsyms
>   /module.lds
> diff --git a/scripts/Makefile b/scripts/Makefile
> index ce5aa9030b74..cedc1f0e21d8 100644
> --- a/scripts/Makefile
> +++ b/scripts/Makefile
> @@ -3,19 +3,26 @@
>   # scripts contains sources for various helper programs used throughout
>   # the kernel for the build process.
>   
> +CRYPTO_LIBS = $(shell pkg-config --libs libcrypto 2> /dev/null || echo -lcrypto)
> +CRYPTO_CFLAGS = $(shell pkg-config --cflags libcrypto 2> /dev/null)
> +
>   hostprogs-always-$(CONFIG_BUILD_BIN2C)			+= bin2c
>   hostprogs-always-$(CONFIG_KALLSYMS)			+= kallsyms
>   hostprogs-always-$(BUILD_C_RECORDMCOUNT)		+= recordmcount
>   hostprogs-always-$(CONFIG_BUILDTIME_TABLE_SORT)		+= sorttable
>   hostprogs-always-$(CONFIG_ASN1)				+= asn1_compiler
>   hostprogs-always-$(CONFIG_MODULE_SIG_FORMAT)		+= sign-file
> +hostprogs-always-$(CONFIG_SYSTEM_TRUSTED_KEYRING)	+= extract-cert
>   hostprogs-always-$(CONFIG_SYSTEM_EXTRA_CERTIFICATE)	+= insert-sys-cert
> +hostprogs-always-$(CONFIG_SYSTEM_REVOCATION_LIST)	+= extract-cert
>   
>   HOSTCFLAGS_sorttable.o = -I$(srctree)/tools/include
>   HOSTLDLIBS_sorttable = -lpthread
>   HOSTCFLAGS_asn1_compiler.o = -I$(srctree)/include
> -HOSTCFLAGS_sign-file.o = $(shell pkg-config --cflags libcrypto 2> /dev/null)
> -HOSTLDLIBS_sign-file = $(shell pkg-config --libs libcrypto 2> /dev/null || echo -lcrypto)
> +HOSTCFLAGS_sign-file.o = $(CRYPTO_CFLAGS)
> +HOSTLDLIBS_sign-file = $(CRYPTO_LIBS)
> +HOSTCFLAGS_extract-cert.o = $(CRYPTO_CFLAGS)
> +HOSTLDLIBS_extract-cert = $(CRYPTO_LIBS)
>   
>   ifdef CONFIG_UNWINDER_ORC
>   ifeq ($(ARCH),x86_64)
> diff --git a/certs/extract-cert.c b/scripts/extract-cert.c
> similarity index 98%
> rename from certs/extract-cert.c
> rename to scripts/extract-cert.c
> index f7ef7862f207..3bc48c726c41 100644
> --- a/certs/extract-cert.c
> +++ b/scripts/extract-cert.c
> @@ -29,7 +29,7 @@ static __attribute__((noreturn))
>   void format(void)
>   {
>   	fprintf(stderr,
> -		"Usage: extract-cert <source> <dest>\n");
> +		"Usage: scripts/extract-cert <source> <dest>\n");
>   	exit(2);
>   }
>   
> diff --git a/scripts/remove-stale-files b/scripts/remove-stale-files
> index 7adab4618035..80430b8fb617 100755
> --- a/scripts/remove-stale-files
> +++ b/scripts/remove-stale-files
> @@ -39,5 +39,3 @@ if [ -n "${building_out_of_srctree}" ]; then
>   		rm -f arch/parisc/boot/compressed/${f}
>   	done
>   fi
> -
> -rm -f scripts/extract-cert

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ