All of lore.kernel.org
 help / color / mirror / Atom feed
From: Mimi Zohar <zohar@linux.vnet.ibm.com>
To: David Woodhouse <David.Woodhouse@intel.com>
Cc: dhowells@redhat.com, rusty@rustcorp.com.au, mmarek@suse.cz,
	mjg59@srcf.ucam.org, keyrings@linux-nfs.org,
	dmitry.kasatkin@gmail.com, mcgrof@suse.com,
	linux-kernel@vger.kernel.org, seth.forshee@canonical.com,
	linux-security-module@vger.kernel.org
Subject: Re: [PATCH 1/4] modsign: Abort modules_install when signing fails
Date: Mon, 18 May 2015 21:29:30 -0400	[thread overview]
Message-ID: <1431998970.4510.12.camel@linux.vnet.ibm.com> (raw)
In-Reply-To: <1431708779.4727.9.camel@infradead.org>

On Fri, 2015-05-15 at 17:52 +0100, David Woodhouse wrote:
> Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

I assume the patch descriptions will be added before being upstreamed.  

> ---
>  scripts/Makefile.modinst | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/scripts/Makefile.modinst b/scripts/Makefile.modinst
> index e48a4e9..07650ee 100644
> --- a/scripts/Makefile.modinst
> +++ b/scripts/Makefile.modinst
> @@ -22,7 +22,7 @@ quiet_cmd_modules_install = INSTALL $@
>      mkdir -p $(2) ; \
>      cp $@ $(2) ; \
>      $(mod_strip_cmd) $(2)/$(notdir $@) ; \
> -    $(mod_sign_cmd) $(2)/$(notdir $@) $(patsubst %,|| true,$(KBUILD_EXTMOD)) ; \
> +    $(mod_sign_cmd) $(2)/$(notdir $@) $(patsubst %,|| true,$(KBUILD_EXTMOD)) && \
>      $(mod_compress_cmd) $(2)/$(notdir $@)

With this patch, as expected the modules_install aborted on failure.  Is
there any way to capture the reason for the failure?   In my case,
dropping the '-j <num>' option resolved the problem.

Mimi

>  # Modules built outside the kernel source tree go into extra by default


  reply	other threads:[~2015-05-19  1:30 UTC|newest]

Thread overview: 71+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-05-15 12:35 [PATCH 0/8] MODSIGN: Use PKCS#7 for module signatures [ver #4] David Howells
2015-05-15 12:35 ` [PATCH 1/8] X.509: Extract both parts of the AuthorityKeyIdentifier " David Howells
2015-05-15 12:35 ` [PATCH 2/8] X.509: Support X.509 lookup by Issuer+Serial form " David Howells
2015-05-15 12:35 ` [PATCH 3/8] PKCS#7: Allow detached data to be supplied for signature checking purposes " David Howells
2015-05-15 12:35 ` [PATCH 4/8] MODSIGN: Provide a utility to append a PKCS#7 signature to a module " David Howells
2015-05-20  0:50   ` Andy Lutomirski
2015-05-20 13:14     ` David Howells
2015-05-20 16:00       ` Andy Lutomirski
2015-05-15 12:36 ` [PATCH 5/8] MODSIGN: Use PKCS#7 messages as module signatures " David Howells
2015-05-15 12:36 ` [PATCH 6/8] sign-file: Add option to only create signature file " David Howells
2015-05-15 19:07   ` sign-file and detached PKCS#7 firmware signatures David Howells
2015-05-18 23:13     ` Luis R. Rodriguez
2015-05-19  9:25       ` David Howells
2015-05-19 16:19         ` Luis R. Rodriguez
2015-05-19 16:48           ` David Howells
2015-05-19 18:21             ` Luis R. Rodriguez
2015-05-19 18:35             ` Luis R. Rodriguez
2015-05-19 18:47               ` David Howells
2015-05-19 20:12                 ` Luis R. Rodriguez
2015-05-19 20:29                   ` David Howells
2015-05-15 12:36 ` [PATCH 7/8] system_keyring.c doesn't need to #include module-internal.h [ver #4] David Howells
2015-05-15 12:36 ` [PATCH 8/8] MODSIGN: Extract the blob PKCS#7 signature verifier from module signing " David Howells
2015-05-15 13:46 ` [PATCH 0/8] MODSIGN: Use PKCS#7 for module signatures " David Woodhouse
2015-05-15 16:52 ` [PATCH 1/4] modsign: Abort modules_install when signing fails David Woodhouse
2015-05-19  1:29   ` Mimi Zohar [this message]
2015-05-19  6:40     ` Woodhouse, David
2015-05-19 11:45       ` Mimi Zohar
2015-05-19 12:57         ` Woodhouse, David
2015-05-19 13:54           ` Mimi Zohar
2015-05-15 16:53 ` [PATCH 2/4] modsign: Allow external signing key to be specified David Woodhouse
2015-05-15 16:53 ` [PATCH 3/4] modsign: Allow password to be specified for signing key David Woodhouse
2015-05-19  1:37   ` Mimi Zohar
2015-05-15 16:54 ` [PATCH 4/4] modsign: Allow signing key to be PKCS#11 David Woodhouse
2015-05-18 12:43   ` David Howells
2015-05-15 22:51 ` [PATCH 0/8] MODSIGN: Use PKCS#7 for module signatures [ver #4] Rusty Russell
2015-05-19 14:45 ` [PATCH 9/8] modsign: Abort modules_install when signing fails David Woodhouse
2015-05-19 14:45 ` [PATCH 10/8] modsign: Allow password to be specified for signing key David Woodhouse
2015-05-19 15:36   ` David Howells
2015-05-19 15:50   ` Petko Manolov
2015-05-19 16:15     ` David Woodhouse
2015-05-19 16:34       ` Petko Manolov
2015-05-19 18:39   ` Mimi Zohar
2015-05-19 18:48     ` David Howells
2015-05-19 19:14       ` Mimi Zohar
2015-05-19 20:04         ` David Woodhouse
2015-05-19 14:46 ` [PATCH 11/8] modsign: Allow signing key to be PKCS#11 David Woodhouse
2015-05-19 14:46 ` [PATCH 12/8] modsign: Allow external signing key to be specified David Woodhouse
2015-05-19 14:47 ` [PATCH 13/8] modsign: Extract signing cert from CONFIG_MODULE_SIG_KEY if needed David Woodhouse
2015-05-20  0:36 ` [PATCH 0/8] MODSIGN: Use PKCS#7 for module signatures [ver #4] Andy Lutomirski
2015-05-20 13:36   ` David Howells
2015-05-20 15:56     ` Andy Lutomirski
2015-05-20 16:21       ` Petko Manolov
2015-05-20 16:41         ` Andy Lutomirski
2015-05-20 16:55           ` Petko Manolov
2015-05-21 21:38         ` Luis R. Rodriguez
2015-05-21 21:44           ` Andy Lutomirski
2015-05-21 21:59             ` Luis R. Rodriguez
2015-05-21 22:06               ` Andy Lutomirski
2015-05-21 22:16                 ` Luis R. Rodriguez
2015-05-21 22:24                   ` Andy Lutomirski
2015-05-21 22:31                     ` Luis R. Rodriguez
2015-05-21 22:47                       ` Andy Lutomirski
2015-05-21 23:01                         ` Luis R. Rodriguez
2015-05-21 23:09                           ` Andy Lutomirski
2015-05-22  7:56                             ` David Howells
2015-05-22 12:42                               ` Mimi Zohar
2015-05-22  7:49             ` David Howells
2015-05-22  7:48           ` David Howells
2015-05-22 12:28             ` Mimi Zohar
2015-05-24 10:52               ` Petko Manolov
2015-05-21 13:59       ` David Howells

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1431998970.4510.12.camel@linux.vnet.ibm.com \
    --to=zohar@linux.vnet.ibm.com \
    --cc=David.Woodhouse@intel.com \
    --cc=dhowells@redhat.com \
    --cc=dmitry.kasatkin@gmail.com \
    --cc=keyrings@linux-nfs.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=mcgrof@suse.com \
    --cc=mjg59@srcf.ucam.org \
    --cc=mmarek@suse.cz \
    --cc=rusty@rustcorp.com.au \
    --cc=seth.forshee@canonical.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.