[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <faf0b767d910f11c0e9b458614e002534880e12a.camel@pengutronix.de>
Date: Mon, 30 Jan 2023 17:43:15 +0100
From: Jan Lübbe <jlu@...gutronix.de>
To: Masahiro Yamada <masahiroy@...nel.org>
Cc: David Howells <dhowells@...hat.com>,
David Woodhouse <dwmw2@...radead.org>,
keyrings@...r.kernel.org, linux-kbuild@...r.kernel.org,
linux-kernel@...r.kernel.org, kernel@...gutronix.de
Subject: Re: [PATCH 1/2] certs: Fix build error when PKCS#11 URI contains
semicolon
On Tue, 2023-01-31 at 00:18 +0900, Masahiro Yamada wrote:
> On Mon, Jan 30, 2023 at 11:16 PM Jan Luebbe <jlu@...gutronix.de> wrote:
> >
> > When CONFIG_MODULE_SIG_KEY is PKCS#11 URI (pkcs11:*) and contains a
> > semicolon, signing_key.x509 fails to build:
> >
> > certs/extract-cert pkcs11:token=foo;object=bar;pin-value=1111 certs/signing_key.x509
> > Usage: extract-cert <source> <dest>
> >
> > Add quotes to the PKCS11_URI variable to avoid splitting by the shell.
> >
> > Fixes: 129ab0d2d9f3 ("kbuild: do not quote string values in include/config/auto.conf")
> > Signed-off-by: Jan Luebbe <jlu@...gutronix.de>
> > ---
> > certs/Makefile | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/certs/Makefile b/certs/Makefile
> > index 9486ed924731..cda21811ed88 100644
> > --- a/certs/Makefile
> > +++ b/certs/Makefile
> > @@ -67,7 +67,7 @@ $(obj)/system_certificates.o: $(obj)/signing_key.x509
> >
> > PKCS11_URI := $(filter pkcs11:%, $(CONFIG_MODULE_SIG_KEY))
> > ifdef PKCS11_URI
> > -$(obj)/signing_key.x509: extract-cert-in := $(PKCS11_URI)
> > +$(obj)/signing_key.x509: extract-cert-in := "$(PKCS11_URI)"
> > endif
> >
> > $(obj)/signing_key.x509: $(filter-out $(PKCS11_URI),$(CONFIG_MODULE_SIG_KEY)) $(obj)/extract-cert FORCE
> > --
> > 2.30.2
> >
>
> Instead, how about this?
>
>
>
>
> diff --git a/certs/Makefile b/certs/Makefile
> index 9486ed924731..799ad7b9e68a 100644
> --- a/certs/Makefile
> +++ b/certs/Makefile
> @@ -23,8 +23,8 @@ $(obj)/blacklist_hash_list:
> $(CONFIG_SYSTEM_BLACKLIST_HASH_LIST) FORCE
> targets += blacklist_hash_list
>
> quiet_cmd_extract_certs = CERT $@
> - cmd_extract_certs = $(obj)/extract-cert $(extract-cert-in) $@
> -extract-cert-in = $(or $(filter-out $(obj)/extract-cert, $(real-prereqs)),"")
> + cmd_extract_certs = $(obj)/extract-cert "$(extract-cert-in)" $@
> +extract-cert-in = $(filter-out $(obj)/extract-cert, $(real-prereqs))
>
> $(obj)/system_certificates.o: $(obj)/x509_certificate_list
Thanks, this works im my tests, too.
Regards,
Jan
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
Powered by blists - more mailing lists