lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 28 Jun 2023 21:11:00 -0700
From:   Joe Perches <joe@...ches.com>
To:     Ahelenia Ziemiańska 
        <nabijaczleweli@...ijaczleweli.xyz>
Cc:     Andy Whitcroft <apw@...onical.com>,
        Dwaipayan Ray <dwaipayanray1@...il.com>,
        Lukas Bulwahn <lukas.bulwahn@...il.com>,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] checkpatch: don't take signature to be part of the
 commit SHA

On Wed, 2023-06-28 at 22:35 +0200, Ahelenia Ziemiańska wrote:
> I had just received:
>   $ scripts/checkpatch.pl 0001-splice-always-fsnotify_access-in-fsnotify_modify-out.patch
>   WARNING: Please use correct Fixes: style 'Fixes: <12 chars of sha1> ("<title line>")' - ie: 'Fixes: gpg: Signatu (":35 CEST")'
>   #25:
>   Fixes: 983652c69199 ("splice: report related fsnotify events")
> 
>   total: 0 errors, 1 warnings, 60 lines checked
> 
>   NOTE: For some of the reported defects, checkpatch may be able to
>         mechanically convert to the typical style using --fix or --fix-inplace.
> 
>   0001-splice-always-fsnotify_access-in-fsnotify_modify-out.patch has style problems, please review.
> 
>   NOTE: If any of the errors are false positives, please report
>         them to the maintainer, see CHECKPATCH in MAINTAINERS.
> 
> This fails when the Fixes:ed SHAs are signed, since the output is
>   $ git log --format='%H %s'
>   gpg: Signature made Wed 28 Jun 2023 19:05:02 CEST
>   gpg:                using RSA key 7D69474E84028C5CC0C44163BCFD0B018D2658F1
>   gpg: Good signature from "наб <nabijaczleweli@...ijaczleweli.xyz>" [ultimate]
>   gpg:                 aka "наб <nabijaczleweli@...il.com>" [ultimate]
>   gpg:                 aka "nabijaczleweli <nabijaczleweli@...il.com>" [ultimate]
>   53307062b2b644dc0de7bde916d6193492f37643 splice: fsnotify_access(in), fsnotify_modify(out) on success in tee
> or
>   $ git log --format='%H %s' 983652c69199
>   gpg: Signature made Tue 04 Apr 2023 15:57:35 CEST
>   gpg:                using EDDSA key 408734571EA70C78B332692891C61BC06578DCA2
>   gpg: Can't check signature: No public key
>   983652c691990b3257a07f67f4263eb847baa82d splice: report related fsnotify events
> 
> The fix mimicks what was done in commit f24fb53984cf ("perf tools: Don't

mimics

> include signature in version strings"): just don't ask for the
> signatures being validated.
> 
> With this, my patch passed validation.
> 
> Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@...ijaczleweli.xyz>
> ---
> Grepped through for /log /, /show /, and /git_command/, and this
> is all I found. Unsure if there's other git executions that need
> to be fixed, tho.

Not sure either but perhaps these should be in some
negative options variable like:

my $git_log_no = "--no-show-signature --no-merges --no-color";

> diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
[]
> @@ -1164,7 +1164,7 @@ sub seed_camelcase_includes {
>  	$camelcase_seeded = 1;
>  
>  	if (-e "$gitroot") {
> -		my $git_last_include_commit = `${git_command} log --no-merges --pretty=format:"%h%n" -1 -- include`;
> +		my $git_last_include_commit = `${git_command} log --no-show-signature --no-merges --pretty=format:"%h%n" -1 -- include`;

		my $git_last_include_commit = `${git_command} log ${git_log_no} --pretty=...

etc...

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ