lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20230823115048.823011-8-masahiroy@kernel.org>
Date:   Wed, 23 Aug 2023 20:50:48 +0900
From:   Masahiro Yamada <masahiroy@...nel.org>
To:     linux-kbuild@...r.kernel.org
Cc:     linux-kernel@...r.kernel.org,
        Masahiro Yamada <masahiroy@...nel.org>,
        Nathan Chancellor <nathan@...nel.org>,
        Nick Desaulniers <ndesaulniers@...gle.com>,
        Nicolas Schier <nicolas@...sle.eu>
Subject: [PATCH 8/8] kbuild: support modules_sign for external modules as well

The modules_sign target is currently only available for in-tree modules,
but it actually works for external modules as well.

Move the modules_sign rule to the common part.

Signed-off-by: Masahiro Yamada <masahiroy@...nel.org>
---

 Makefile                 | 32 ++++++++++++++++----------------
 scripts/Makefile.modinst |  4 ++--
 2 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/Makefile b/Makefile
index 82d22debf6c9..87a9eef3fb4b 100644
--- a/Makefile
+++ b/Makefile
@@ -1461,20 +1461,6 @@ modules: modules_prepare
 modules_prepare: prepare
 	$(Q)$(MAKE) $(build)=scripts scripts/module.lds
 
-export modules_sign_only :=
-
-ifeq ($(CONFIG_MODULE_SIG),y)
-PHONY += modules_sign
-modules_sign: modules_install
-	@:
-
-# modules_sign is a subset of modules_install.
-# 'make modules_install modules_sign' is equivalent to 'make modules_install'.
-ifeq ($(filter modules_install,$(MAKECMDGOALS)),)
-modules_sign_only := y
-endif
-endif
-
 endif # CONFIG_MODULES
 
 ###
@@ -1833,10 +1819,24 @@ endif # KBUILD_EXTMOD
 # ---------------------------------------------------------------------------
 # Modules
 
-PHONY += modules modules_install modules_prepare
+PHONY += modules modules_install modules_sign modules_prepare
 
 modules_install:
-	$(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modinst
+	$(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modinst \
+	sign-only=$(if $(filter modules_install,$(MAKECMDGOALS)),,y)
+
+ifeq ($(CONFIG_MODULE_SIG),y)
+# modules_sign is a subset of modules_install.
+# 'make modules_install modules_sign' is equivalent to 'make modules_install'.
+modules_sign: modules_install
+	@:
+else
+modules_sign:
+	@echo >&2 '***'
+	@echo >&2 '*** CONFIG_MODULE_SIG is disabled. You cannot sign modules.'
+	@echo >&2 '***'
+	@false
+endif
 
 ifdef CONFIG_MODULES
 
diff --git a/scripts/Makefile.modinst b/scripts/Makefile.modinst
index 33d424a3f265..459cb1fed223 100644
--- a/scripts/Makefile.modinst
+++ b/scripts/Makefile.modinst
@@ -13,7 +13,7 @@ install-y :=
 
 PHONY += prepare
 
-ifeq ($(KBUILD_EXTMOD)$(modules_sign_only),)
+ifeq ($(KBUILD_EXTMOD)$(sign-only),)
 
 # Install more files for in-tree modules_install
 
@@ -115,7 +115,7 @@ quiet_cmd_sign = SIGN    $@
       cmd_sign = scripts/sign-file $(CONFIG_MODULE_SIG_HASH) "$(sig-key)" certs/signing_key.x509 $@ \
                  $(if $(KBUILD_EXTMOD),|| true)
 
-ifeq ($(modules_sign_only),)
+ifeq ($(sign-only),)
 
 # During modules_install, modules are signed only when CONFIG_MODULE_SIG_ALL=y.
 ifndef CONFIG_MODULE_SIG_ALL
-- 
2.39.2

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ