Re: [PATCH] MODSIGN: Fix including certificate twice when the signing_key.x509

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Rusty Russell <rusty@rustcorp.com.au>
To: "Lee\, Chun-Yi" <joeyli.kernel@gmail.com>, dhowells@redhat.com
Cc: linux-kernel@vger.kernel.org, Chun-Yi Lee <jlee@suse.com>,
	Josh Boyer <jwboyer@redhat.com>,
	Randy Dunlap <rdunlap@xenotime.net>,
	Herbert Xu <herbert@gondor.apana.org.au>,
	"David S. Miller" <davem@davemloft.net>,
	Michal Marek <mmarek@suse.com>
Cc: "David Howells" <dhowells@redhat.com>
Subject: Re: [PATCH] MODSIGN: Fix including certificate twice when the signing_key.x509
Date: Wed, 15 Jan 2014 15:09:54 +1030	[thread overview]
Message-ID: <87eh49x3hh.fsf@rustcorp.com.au> (raw)
In-Reply-To: <1389249983-31265-1-git-send-email-jlee@suse.com>

Punting to David Howells...

Cheers,
Rusty.
"Lee, Chun-Yi" <joeyli.kernel@gmail.com> writes:
> From: Chun-Yi Lee <jlee@suse.com>
>
> This issue was found in devel-pekey branch on linux-modsign.git tree.
> The
> x509_certificate_list includes certificate twice when the
> signing_key.x509
> already exists.
> We can reproduce this issue by making kernel twice, the build log of
> second time looks like this:
>
> ...
>   CHK     kernel/config_data.h
>   CERTS   kernel/x509_certificate_list
>   - Including cert /ramdisk/working/joey/linux-modsign/signing_key.x509
>   - Including cert signing_key.x509
> ...
>
> Actually the build path was the same with the srctree path when building
> kernel. It causes the size of bzImage increased by packaging
> certificates
> twice.
>
> v2:
> Using '$(shell /bin/pwd)' instead of '$(shell pwd)' for more reliable
> between different shells

Hmm, that's not a great test for equality.  How about:

     ifneq ($(realpath .), $(realpath $(srctree)))

That should cover all the cases.

Cheers,
Rusty.

>
> Cc: Rusty Russell <rusty@rustcorp.com.au>
> Cc: Josh Boyer <jwboyer@redhat.com>
> Cc: Randy Dunlap <rdunlap@xenotime.net>
> Cc: Herbert Xu <herbert@gondor.apana.org.au>
> Cc: "David S. Miller" <davem@davemloft.net>
> Cc: Michal Marek <mmarek@suse.com>
> Signed-off-by: Chun-Yi Lee <jlee@suse.com>
> Signed-off-by: David Howells <dhowells@redhat.com>
> ---
>  kernel/Makefile |    5 ++++-
>  1 files changed, 4 insertions(+), 1 deletions(-)
>
> diff --git a/kernel/Makefile b/kernel/Makefile
> index bc010ee..582fa7a 100644
> --- a/kernel/Makefile
> +++ b/kernel/Makefile
> @@ -136,7 +136,10 @@ $(obj)/timeconst.h: $(obj)/hz.bc $(src)/timeconst.bc FORCE
>  #
>  ###############################################################################
>  ifeq ($(CONFIG_SYSTEM_TRUSTED_KEYRING),y)
> -X509_CERTIFICATES-y := $(wildcard *.x509) $(wildcard $(srctree)/*.x509)
> +X509_CERTIFICATES-y := $(wildcard *.x509)
> +ifneq ($(shell /bin/pwd), $(srctree))
> +X509_CERTIFICATES-y += $(wildcard $(srctree)/*.x509)
> +endif
>  X509_CERTIFICATES-$(CONFIG_MODULE_SIG) += $(objtree)/signing_key.x509
>  X509_CERTIFICATES-raw := $(sort $(foreach CERT,$(X509_CERTIFICATES-y), \
>  				$(or $(realpath $(CERT)),$(CERT))))
> -- 
> 1.6.4.2

next prev parent reply	other threads:[~2014-01-15 21:51 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-01-09  6:46 [PATCH] MODSIGN: Fix including certificate twice when the signing_key.x509 Lee, Chun-Yi
2014-01-15  4:39 ` Rusty Russell [this message]
2014-01-16  4:03   ` joeyli
2014-01-16 15:35   ` Michal Marek
2014-01-16 22:06     ` Rusty Russell
2014-01-16 12:31 ` David Howells
2014-01-17  5:56   ` joeyli

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87eh49x3hh.fsf@rustcorp.com.au \
    --to=rusty@rustcorp.com.au \
    --cc=davem@davemloft.net \
    --cc=dhowells@redhat.com \
    --cc=herbert@gondor.apana.org.au \
    --cc=jlee@suse.com \
    --cc=joeyli.kernel@gmail.com \
    --cc=jwboyer@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mmarek@suse.com \
    --cc=rdunlap@xenotime.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.