| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20230823115048.823011-8-masahiroy@kernel.org>
Date: Wed, 23 Aug 2023 20:50:48 +0900
From: Masahiro Yamada <masahiroy@...nel.org>
To: linux-kbuild@...r.kernel.org
Cc: linux-kernel@...r.kernel.org,
Masahiro Yamada <masahiroy@...nel.org>,
Nathan Chancellor <nathan@...nel.org>,
Nick Desaulniers <ndesaulniers@...gle.com>,
Nicolas Schier <nicolas@...sle.eu>
Subject: [PATCH 8/8] kbuild: support modules_sign for external modules as well
The modules_sign target is currently only available for in-tree modules,
but it actually works for external modules as well.
Move the modules_sign rule to the common part.
Signed-off-by: Masahiro Yamada <masahiroy@...nel.org>
---
Makefile | 32 ++++++++++++++++----------------
scripts/Makefile.modinst | 4 ++--
2 files changed, 18 insertions(+), 18 deletions(-)
diff --git a/Makefile b/Makefile
index 82d22debf6c9..87a9eef3fb4b 100644
--- a/Makefile
+++ b/Makefile
@@ -1461,20 +1461,6 @@ modules: modules_prepare
modules_prepare: prepare
$(Q)$(MAKE) $(build)=scripts scripts/module.lds
-export modules_sign_only :=
-
-ifeq ($(CONFIG_MODULE_SIG),y)
-PHONY += modules_sign
-modules_sign: modules_install
- @:
-
-# modules_sign is a subset of modules_install.
-# 'make modules_install modules_sign' is equivalent to 'make modules_install'.
-ifeq ($(filter modules_install,$(MAKECMDGOALS)),)
-modules_sign_only := y
-endif
-endif
-
endif # CONFIG_MODULES
###
@@ -1833,10 +1819,24 @@ endif # KBUILD_EXTMOD
# ---------------------------------------------------------------------------
# Modules
-PHONY += modules modules_install modules_prepare
+PHONY += modules modules_install modules_sign modules_prepare
modules_install:
- $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modinst
+ $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modinst \
+ sign-only=$(if $(filter modules_install,$(MAKECMDGOALS)),,y)
+
+ifeq ($(CONFIG_MODULE_SIG),y)
+# modules_sign is a subset of modules_install.
+# 'make modules_install modules_sign' is equivalent to 'make modules_install'.
+modules_sign: modules_install
+ @:
+else
+modules_sign:
+ @echo >&2 '***'
+ @echo >&2 '*** CONFIG_MODULE_SIG is disabled. You cannot sign modules.'
+ @echo >&2 '***'
+ @false
+endif
ifdef CONFIG_MODULES
diff --git a/scripts/Makefile.modinst b/scripts/Makefile.modinst
index 33d424a3f265..459cb1fed223 100644
--- a/scripts/Makefile.modinst
+++ b/scripts/Makefile.modinst
@@ -13,7 +13,7 @@ install-y :=
PHONY += prepare
-ifeq ($(KBUILD_EXTMOD)$(modules_sign_only),)
+ifeq ($(KBUILD_EXTMOD)$(sign-only),)
# Install more files for in-tree modules_install
@@ -115,7 +115,7 @@ quiet_cmd_sign = SIGN $@
cmd_sign = scripts/sign-file $(CONFIG_MODULE_SIG_HASH) "$(sig-key)" certs/signing_key.x509 $@ \
$(if $(KBUILD_EXTMOD),|| true)
-ifeq ($(modules_sign_only),)
+ifeq ($(sign-only),)
# During modules_install, modules are signed only when CONFIG_MODULE_SIG_ALL=y.
ifndef CONFIG_MODULE_SIG_ALL
--
2.39.2
Powered by blists - more mailing lists