lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <CT5KS2NGSH54.58733YDNW3K0@suppilovahvero>
Date:   Tue, 06 Jun 2023 15:44:22 +0300
From:   "Jarkko Sakkinen" <jarkko@...nel.org>
To:     "Jarkko Sakkinen" <jarkko@...nel.org>,
        "Franziska Naepelt" <franziska.naepelt@...glemail.com>,
        <keyrings@...r.kernel.org>
Cc:     <dhowells@...hat.com>, <dwmw2@...radead.org>,
        <linux-kernel@...r.kernel.org>,
        "Franziska Naepelt" <franziska.naepelt@...il.com>,
        "kernel test robot" <lkp@...el.com>
Subject: Re: [PATCH v2] certs/extract-cert: Fix checkpatch issues

On Tue Jun 6, 2023 at 3:38 PM EEST, Jarkko Sakkinen wrote:
> On Fri Jun 2, 2023 at 11:59 AM EEST, Franziska Naepelt wrote:
> > The following issues are fixed:
> > - WARNING: Missing or malformed SPDX-License-Identifier tag
> > - ERROR: trailing statements should be on next line
> > - WARNING: braces {} are not necessary for single statement blocks
> > - ERROR: space required before the open parenthesis '('
> > - ERROR: code indent should use tabs where possible
> > - WARNING: please, no spaces at the start of a line
> > - WARNING: Missing a blank line after declarations
> >
> > Closes: https://lore.kernel.org/oe-kbuild-all/202306021040.UTvXfH5J-lkp@intel.com/
> > Closes: https://lore.kernel.org/oe-kbuild-all/202306021102.zQU95cMI-lkp@intel.com/
> >
>
> Remove the empty line.
>
> > Reported-by: kernel test robot <lkp@...el.com>
> > Signed-off-by: Franziska Naepelt <franziska.naepelt@...il.com>
>
> Fixes tag?
>
> > ---
> > v2:
> >  - revert noreturn changes to fix build issues
> > ---
> >  certs/extract-cert.c | 10 +++++++---
> >  1 file changed, 7 insertions(+), 3 deletions(-)
> >
> > diff --git a/certs/extract-cert.c b/certs/extract-cert.c
> > index 70e9ec89d87d..96c0728bf4d1 100644
> > --- a/certs/extract-cert.c
> > +++ b/certs/extract-cert.c
> > @@ -1,3 +1,4 @@
> > +// SPDX-License-Identifier: LGPL-2.1
> >  /* Extract X.509 certificate in DER form from PKCS#11 or PEM.
> >   *
> >   * Copyright © 2014-2015 Red Hat, Inc. All Rights Reserved.
> > @@ -63,7 +64,8 @@ static void drain_openssl_errors(void)
> >
> >  	if (ERR_peek_error() == 0)
> >  		return;
> > -	while (ERR_get_error_line(&file, &line)) {}
> > +	while (ERR_get_error_line(&file, &line))
> > +		;
> >  }
> >
> >  #define ERR(cond, fmt, ...)				\
> > @@ -73,7 +75,7 @@ static void drain_openssl_errors(void)
> >  		if (__cond) {				\
> >  			err(1, fmt, ## __VA_ARGS__);	\
> >  		}					\
> > -	} while(0)
> > +	} while (0)
> >
> >  static const char *key_pass;
> >  static BIO *wb;
> > @@ -107,7 +109,7 @@ int main(int argc, char **argv)
> >  	if (verbose_env && strchr(verbose_env, '1'))
> >  		verbose = true;
> >
> > -        key_pass = getenv("KBUILD_SIGN_PIN");
> > +	key_pass = getenv("KBUILD_SIGN_PIN");
> >
> >  	if (argc != 3)
> >  		format();
> > @@ -118,6 +120,7 @@ int main(int argc, char **argv)
> >  	if (!cert_src[0]) {
> >  		/* Invoked with no input; create empty file */
> >  		FILE *f = fopen(cert_dst, "wb");
> > +
> >  		ERR(!f, "%s", cert_dst);
> >  		fclose(f);
> >  		exit(0);
> > @@ -155,6 +158,7 @@ int main(int argc, char **argv)
> >  			x509 = PEM_read_bio_X509(b, NULL, NULL, NULL);
> >  			if (wb && !x509) {
> >  				unsigned long err = ERR_peek_last_error();
> > +
> >  				if (ERR_GET_LIB(err) == ERR_LIB_PEM &&
> >  				    ERR_GET_REASON(err) == PEM_R_NO_START_LINE) {
> >  					ERR_clear_error();
> >
> > base-commit: 7877cb91f1081754a1487c144d85dc0d2e2e7fc4
> > --
> > 2.39.2 (Apple Git-143)
>
> IMHO should be split to separate commits with fixes tags for
> trackability sake.
>
> My guess is that fixes tag is missing because this commit is
> bundling a pile of stuff.

Why? I mean I do get it might sound cutting hairs, so here's a
big longer explanation.

When you look up for a victim commit for a bug that actually screws up
run-time behaviour in a way or another, exactly these "random selection
of fixes" really can make you use an inappropriate vocabulary, and you
*really* have to meditate not to spill that garbage online :-)

Exactly because of this carefully localized fixes are very important.
If you don't do it, your fix is counter-productive for the codebase
IMHO.

BR, Jarkko

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ