[PATCH v12 3/4] Revert "certs: move scripts/extract-cert to certs/"
Nayna
nayna at linux.vnet.ibm.com
Mon Mar 14 13:42:35 UTC 2022
On 3/11/22 16:03, Nayna Jain wrote:
> This reverts commit 340a02535ee785c64c62a9c45706597a0139e972.
>
> extract-cert is used outside certs/ by INTEGRITY_PLATFORM_KEYRING.
Hi Masahiro,
Could you review and Ack this patch ?
Thanks & Regards,
- Nayna
>
> Signed-off-by: Nayna Jain <nayna at linux.ibm.com>
> ---
> MAINTAINERS | 1 +
> certs/.gitignore | 1 -
> certs/Makefile | 13 ++++---------
> scripts/.gitignore | 1 +
> scripts/Makefile | 11 +++++++++--
> {certs => scripts}/extract-cert.c | 2 +-
> scripts/remove-stale-files | 2 --
> 7 files changed, 16 insertions(+), 15 deletions(-)
> rename {certs => scripts}/extract-cert.c (98%)
>
> diff --git a/MAINTAINERS b/MAINTAINERS
> index 05fd080b82f3..cf4cd22ca3a0 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -4471,6 +4471,7 @@ L: keyrings at vger.kernel.org
> S: Maintained
> F: Documentation/admin-guide/module-signing.rst
> F: certs/
> +F: scripts/extract-cert.c
> F: scripts/sign-file.c
>
> CFAG12864B LCD DRIVER
> diff --git a/certs/.gitignore b/certs/.gitignore
> index 9e42fe3e02f5..8c3763f80be3 100644
> --- a/certs/.gitignore
> +++ b/certs/.gitignore
> @@ -1,4 +1,3 @@
> # SPDX-License-Identifier: GPL-2.0-only
> -/extract-cert
> /x509_certificate_list
> /x509_revocation_list
> diff --git a/certs/Makefile b/certs/Makefile
> index b92b6ff339d5..a4a6f6a78904 100644
> --- a/certs/Makefile
> +++ b/certs/Makefile
> @@ -14,11 +14,11 @@ obj-$(CONFIG_SYSTEM_BLACKLIST_KEYRING) += blacklist_nohashes.o
> endif
>
> quiet_cmd_extract_certs = CERT $@
> - cmd_extract_certs = $(obj)/extract-cert $(2) $@
> + cmd_extract_certs = scripts/extract-cert $(2) $@
>
> $(obj)/system_certificates.o: $(obj)/x509_certificate_list
>
> -$(obj)/x509_certificate_list: $(CONFIG_SYSTEM_TRUSTED_KEYS) $(obj)/extract-cert FORCE
> +$(obj)/x509_certificate_list: $(CONFIG_SYSTEM_TRUSTED_KEYS) scripts/extract-cert FORCE
> $(call if_changed,extract_certs,$(if $(CONFIG_SYSTEM_TRUSTED_KEYS),$<,""))
>
> targets += x509_certificate_list
> @@ -75,7 +75,7 @@ endif
>
> $(obj)/system_certificates.o: $(obj)/signing_key.x509
>
> -$(obj)/signing_key.x509: $(X509_DEP) $(obj)/extract-cert FORCE
> +$(obj)/signing_key.x509: $(X509_DEP) scripts/extract-cert FORCE
> $(call if_changed,extract_certs,$(if $(CONFIG_MODULE_SIG_KEY),$(if $(X509_DEP),$<,$(CONFIG_MODULE_SIG_KEY)),""))
> endif # CONFIG_MODULE_SIG
>
> @@ -83,12 +83,7 @@ targets += signing_key.x509
>
> $(obj)/revocation_certificates.o: $(obj)/x509_revocation_list
>
> -$(obj)/x509_revocation_list: $(CONFIG_SYSTEM_REVOCATION_KEYS) $(obj)/extract-cert FORCE
> +$(obj)/x509_revocation_list: $(CONFIG_SYSTEM_REVOCATION_KEYS) scripts/extract-cert FORCE
> $(call if_changed,extract_certs,$(if $(CONFIG_SYSTEM_REVOCATION_KEYS),$<,""))
>
> targets += x509_revocation_list
> -
> -hostprogs := extract-cert
> -
> -HOSTCFLAGS_extract-cert.o = $(shell pkg-config --cflags libcrypto 2> /dev/null)
> -HOSTLDLIBS_extract-cert = $(shell pkg-config --libs libcrypto 2> /dev/null || echo -lcrypto)
> diff --git a/scripts/.gitignore b/scripts/.gitignore
> index eed308bef604..e83c620ef52c 100644
> --- a/scripts/.gitignore
> +++ b/scripts/.gitignore
> @@ -1,6 +1,7 @@
> # SPDX-License-Identifier: GPL-2.0-only
> /asn1_compiler
> /bin2c
> +/extract-cert
> /insert-sys-cert
> /kallsyms
> /module.lds
> diff --git a/scripts/Makefile b/scripts/Makefile
> index ce5aa9030b74..cedc1f0e21d8 100644
> --- a/scripts/Makefile
> +++ b/scripts/Makefile
> @@ -3,19 +3,26 @@
> # scripts contains sources for various helper programs used throughout
> # the kernel for the build process.
>
> +CRYPTO_LIBS = $(shell pkg-config --libs libcrypto 2> /dev/null || echo -lcrypto)
> +CRYPTO_CFLAGS = $(shell pkg-config --cflags libcrypto 2> /dev/null)
> +
> hostprogs-always-$(CONFIG_BUILD_BIN2C) += bin2c
> hostprogs-always-$(CONFIG_KALLSYMS) += kallsyms
> hostprogs-always-$(BUILD_C_RECORDMCOUNT) += recordmcount
> hostprogs-always-$(CONFIG_BUILDTIME_TABLE_SORT) += sorttable
> hostprogs-always-$(CONFIG_ASN1) += asn1_compiler
> hostprogs-always-$(CONFIG_MODULE_SIG_FORMAT) += sign-file
> +hostprogs-always-$(CONFIG_SYSTEM_TRUSTED_KEYRING) += extract-cert
> hostprogs-always-$(CONFIG_SYSTEM_EXTRA_CERTIFICATE) += insert-sys-cert
> +hostprogs-always-$(CONFIG_SYSTEM_REVOCATION_LIST) += extract-cert
>
> HOSTCFLAGS_sorttable.o = -I$(srctree)/tools/include
> HOSTLDLIBS_sorttable = -lpthread
> HOSTCFLAGS_asn1_compiler.o = -I$(srctree)/include
> -HOSTCFLAGS_sign-file.o = $(shell pkg-config --cflags libcrypto 2> /dev/null)
> -HOSTLDLIBS_sign-file = $(shell pkg-config --libs libcrypto 2> /dev/null || echo -lcrypto)
> +HOSTCFLAGS_sign-file.o = $(CRYPTO_CFLAGS)
> +HOSTLDLIBS_sign-file = $(CRYPTO_LIBS)
> +HOSTCFLAGS_extract-cert.o = $(CRYPTO_CFLAGS)
> +HOSTLDLIBS_extract-cert = $(CRYPTO_LIBS)
>
> ifdef CONFIG_UNWINDER_ORC
> ifeq ($(ARCH),x86_64)
> diff --git a/certs/extract-cert.c b/scripts/extract-cert.c
> similarity index 98%
> rename from certs/extract-cert.c
> rename to scripts/extract-cert.c
> index f7ef7862f207..3bc48c726c41 100644
> --- a/certs/extract-cert.c
> +++ b/scripts/extract-cert.c
> @@ -29,7 +29,7 @@ static __attribute__((noreturn))
> void format(void)
> {
> fprintf(stderr,
> - "Usage: extract-cert <source> <dest>\n");
> + "Usage: scripts/extract-cert <source> <dest>\n");
> exit(2);
> }
>
> diff --git a/scripts/remove-stale-files b/scripts/remove-stale-files
> index 7adab4618035..80430b8fb617 100755
> --- a/scripts/remove-stale-files
> +++ b/scripts/remove-stale-files
> @@ -39,5 +39,3 @@ if [ -n "${building_out_of_srctree}" ]; then
> rm -f arch/parisc/boot/compressed/${f}
> done
> fi
> -
> -rm -f scripts/extract-cert
More information about the Linux-security-module-archive
mailing list