[PATCH] scripts: Add intended executable mode and SPDX license

[PATCH] scripts: Add intended executable mode and SPDX license

[Mrinal Pandey]

[-- Attachment #1: Type: text/plain, Size: 2011 bytes --]

commit b72231eb7084 ("scripts: add spdxcheck.py self test") added the file
spdxcheck-test.sh to the repository without the executable flag and license
information.

commit eb8305aecb95 ("scripts: Coccinelle script for namespace
dependencies.") added the file nsdeps, commit 313dd1b62921 ("gcc-plugins:
Add the randstruct plugin") added the file gcc-plugins/gen-random-seed.sh
and commit 9b4ade226f74 ("xen: build infrastructure for generating
hypercall depending symbols") added the file xen-hypercalls.sh without the
executable bit.

Set to usual modes for these files and provide the SPDX license for
spdxcheck-test.sh. No functional changes.

Signed-off-by: Mrinal Pandey <mrinalmni@gmail.com>
---
applies cleanly on next-20200827

Kees, Matthias, Thomas, please ack this patch.

Andrew, please pick this minor non-urgent cleanup patch once the
mainainers ack.

 scripts/gcc-plugins/gen-random-seed.sh | 0
 scripts/nsdeps                         | 0
 scripts/spdxcheck-test.sh              | 1 +
 scripts/xen-hypercalls.sh              | 0
 4 files changed, 1 insertion(+)
 mode change 100644 => 100755 scripts/gcc-plugins/gen-random-seed.sh
 mode change 100644 => 100755 scripts/nsdeps
 mode change 100644 => 100755 scripts/spdxcheck-test.sh
 mode change 100644 => 100755 scripts/xen-hypercalls.sh

diff --git a/scripts/gcc-plugins/gen-random-seed.sh b/scripts/gcc-plugins/gen-random-seed.sh
old mode 100644
new mode 100755
diff --git a/scripts/nsdeps b/scripts/nsdeps
old mode 100644
new mode 100755
diff --git a/scripts/spdxcheck-test.sh b/scripts/spdxcheck-test.sh
old mode 100644
new mode 100755
index cfea6a0d1cc0..e2902520a081
--- a/scripts/spdxcheck-test.sh
+++ b/scripts/spdxcheck-test.sh
@@ -1,4 +1,5 @@
 #!/bin/sh
+# SPDX-License-Identifier: GPL-2.0
 
 for PYTHON in python2 python3; do
 	# run check on a text and a binary file
diff --git a/scripts/xen-hypercalls.sh b/scripts/xen-hypercalls.sh
old mode 100644
new mode 100755
-- 
2.25.1


[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: [PATCH] scripts: Add intended executable mode and SPDX license

[Lukas Bulwahn]

On Thu, 27 Aug 2020, Mrinal Pandey wrote:

> commit b72231eb7084 ("scripts: add spdxcheck.py self test") added the file
> spdxcheck-test.sh to the repository without the executable flag and license
> information.
> 
> commit eb8305aecb95 ("scripts: Coccinelle script for namespace
> dependencies.") added the file nsdeps, commit 313dd1b62921 ("gcc-plugins:
> Add the randstruct plugin") added the file gcc-plugins/gen-random-seed.sh
> and commit 9b4ade226f74 ("xen: build infrastructure for generating
> hypercall depending symbols") added the file xen-hypercalls.sh without the
> executable bit.
> 
> Set to usual modes for these files and provide the SPDX license for
> spdxcheck-test.sh. No functional changes.
> 
> Signed-off-by: Mrinal Pandey <mrinalmni@gmail.com>

This is a contribution from a candidate of the Linux Kernel Onboarding 
Mentorship. If successful, the candidate will work on improving 
checkpatch.pl so that we get closer to a state where we can run it as a 
bot reporting on patch submissions to mailing lists.

This was clean-up work we came across looking at SPDX license warnings,
script shebangs, and executable modes of files.

Acked-by: Lukas Bulwahn <lukas.bulwahn@gmail.com>

> ---
> applies cleanly on next-20200827
> 
> Kees, Matthias, Thomas, please ack this patch.
> 
> Andrew, please pick this minor non-urgent cleanup patch once the
> mainainers ack.
> 
>  scripts/gcc-plugins/gen-random-seed.sh | 0
>  scripts/nsdeps                         | 0
>  scripts/spdxcheck-test.sh              | 1 +
>  scripts/xen-hypercalls.sh              | 0
>  4 files changed, 1 insertion(+)
>  mode change 100644 => 100755 scripts/gcc-plugins/gen-random-seed.sh
>  mode change 100644 => 100755 scripts/nsdeps
>  mode change 100644 => 100755 scripts/spdxcheck-test.sh
>  mode change 100644 => 100755 scripts/xen-hypercalls.sh
> 
> diff --git a/scripts/gcc-plugins/gen-random-seed.sh b/scripts/gcc-plugins/gen-random-seed.sh
> old mode 100644
> new mode 100755
> diff --git a/scripts/nsdeps b/scripts/nsdeps
> old mode 100644
> new mode 100755
> diff --git a/scripts/spdxcheck-test.sh b/scripts/spdxcheck-test.sh
> old mode 100644
> new mode 100755
> index cfea6a0d1cc0..e2902520a081
> --- a/scripts/spdxcheck-test.sh
> +++ b/scripts/spdxcheck-test.sh
> @@ -1,4 +1,5 @@
>  #!/bin/sh
> +# SPDX-License-Identifier: GPL-2.0
>  
>  for PYTHON in python2 python3; do
>  	# run check on a text and a binary file
> diff --git a/scripts/xen-hypercalls.sh b/scripts/xen-hypercalls.sh
> old mode 100644
> new mode 100755
> -- 
> 2.25.1
> 
> 

Re: [PATCH] scripts: Add intended executable mode and SPDX license

[Greg KH]

On Thu, Aug 27, 2020 at 02:54:05PM +0530, Mrinal Pandey wrote:
> commit b72231eb7084 ("scripts: add spdxcheck.py self test") added the file
> spdxcheck-test.sh to the repository without the executable flag and license
> information.
> 
> commit eb8305aecb95 ("scripts: Coccinelle script for namespace
> dependencies.") added the file nsdeps, commit 313dd1b62921 ("gcc-plugins:
> Add the randstruct plugin") added the file gcc-plugins/gen-random-seed.sh
> and commit 9b4ade226f74 ("xen: build infrastructure for generating
> hypercall depending symbols") added the file xen-hypercalls.sh without the
> executable bit.
> 
> Set to usual modes for these files and provide the SPDX license for
> spdxcheck-test.sh. No functional changes.
> 
> Signed-off-by: Mrinal Pandey <mrinalmni@gmail.com>
> ---
> applies cleanly on next-20200827
> 
> Kees, Matthias, Thomas, please ack this patch.
> 
> Andrew, please pick this minor non-urgent cleanup patch once the
> mainainers ack.
> 
>  scripts/gcc-plugins/gen-random-seed.sh | 0
>  scripts/nsdeps                         | 0
>  scripts/spdxcheck-test.sh              | 1 +
>  scripts/xen-hypercalls.sh              | 0
>  4 files changed, 1 insertion(+)
>  mode change 100644 => 100755 scripts/gcc-plugins/gen-random-seed.sh
>  mode change 100644 => 100755 scripts/nsdeps
>  mode change 100644 => 100755 scripts/spdxcheck-test.sh
>  mode change 100644 => 100755 scripts/xen-hypercalls.sh

This does 2 different things in one patch, shouldn't this be 2 different
patches?  One to change the permissions and one to add the SPDX line?

thanks,

greg k-h

Re: [PATCH] scripts: Add intended executable mode and SPDX license

[Lukas Bulwahn]

On Thu, 27 Aug 2020, Greg KH wrote:

> On Thu, Aug 27, 2020 at 02:54:05PM +0530, Mrinal Pandey wrote:
> > commit b72231eb7084 ("scripts: add spdxcheck.py self test") added the file
> > spdxcheck-test.sh to the repository without the executable flag and license
> > information.
> > 
> > commit eb8305aecb95 ("scripts: Coccinelle script for namespace
> > dependencies.") added the file nsdeps, commit 313dd1b62921 ("gcc-plugins:
> > Add the randstruct plugin") added the file gcc-plugins/gen-random-seed.sh
> > and commit 9b4ade226f74 ("xen: build infrastructure for generating
> > hypercall depending symbols") added the file xen-hypercalls.sh without the
> > executable bit.
> > 
> > Set to usual modes for these files and provide the SPDX license for
> > spdxcheck-test.sh. No functional changes.
> > 
> > Signed-off-by: Mrinal Pandey <mrinalmni@gmail.com>
> > ---
> > applies cleanly on next-20200827
> > 
> > Kees, Matthias, Thomas, please ack this patch.
> > 
> > Andrew, please pick this minor non-urgent cleanup patch once the
> > mainainers ack.
> > 
> >  scripts/gcc-plugins/gen-random-seed.sh | 0
> >  scripts/nsdeps                         | 0
> >  scripts/spdxcheck-test.sh              | 1 +
> >  scripts/xen-hypercalls.sh              | 0
> >  4 files changed, 1 insertion(+)
> >  mode change 100644 => 100755 scripts/gcc-plugins/gen-random-seed.sh
> >  mode change 100644 => 100755 scripts/nsdeps
> >  mode change 100644 => 100755 scripts/spdxcheck-test.sh
> >  mode change 100644 => 100755 scripts/xen-hypercalls.sh
> 
> This does 2 different things in one patch, shouldn't this be 2 different
> patches?  One to change the permissions and one to add the SPDX line?
>

For me, this was one thing: minor cleanup; and taking one 
minor patch is easier than taking two, but you make the call. Then, the 
two or even three patches would also just travel through different trees, 
the spdx tree and Andrew's.

Lukas

Re: [PATCH] scripts: Add intended executable mode and SPDX license

[Greg KH]

On Thu, Aug 27, 2020 at 11:49:31AM +0200, Lukas Bulwahn wrote:
> 
> 
> On Thu, 27 Aug 2020, Greg KH wrote:
> 
> > On Thu, Aug 27, 2020 at 02:54:05PM +0530, Mrinal Pandey wrote:
> > > commit b72231eb7084 ("scripts: add spdxcheck.py self test") added the file
> > > spdxcheck-test.sh to the repository without the executable flag and license
> > > information.
> > > 
> > > commit eb8305aecb95 ("scripts: Coccinelle script for namespace
> > > dependencies.") added the file nsdeps, commit 313dd1b62921 ("gcc-plugins:
> > > Add the randstruct plugin") added the file gcc-plugins/gen-random-seed.sh
> > > and commit 9b4ade226f74 ("xen: build infrastructure for generating
> > > hypercall depending symbols") added the file xen-hypercalls.sh without the
> > > executable bit.
> > > 
> > > Set to usual modes for these files and provide the SPDX license for
> > > spdxcheck-test.sh. No functional changes.
> > > 
> > > Signed-off-by: Mrinal Pandey <mrinalmni@gmail.com>
> > > ---
> > > applies cleanly on next-20200827
> > > 
> > > Kees, Matthias, Thomas, please ack this patch.
> > > 
> > > Andrew, please pick this minor non-urgent cleanup patch once the
> > > mainainers ack.
> > > 
> > >  scripts/gcc-plugins/gen-random-seed.sh | 0
> > >  scripts/nsdeps                         | 0
> > >  scripts/spdxcheck-test.sh              | 1 +
> > >  scripts/xen-hypercalls.sh              | 0
> > >  4 files changed, 1 insertion(+)
> > >  mode change 100644 => 100755 scripts/gcc-plugins/gen-random-seed.sh
> > >  mode change 100644 => 100755 scripts/nsdeps
> > >  mode change 100644 => 100755 scripts/spdxcheck-test.sh
> > >  mode change 100644 => 100755 scripts/xen-hypercalls.sh
> > 
> > This does 2 different things in one patch, shouldn't this be 2 different
> > patches?  One to change the permissions and one to add the SPDX line?
> >
> 
> For me, this was one thing: minor cleanup; and taking one 
> minor patch is easier than taking two, but you make the call. Then, the 
> two or even three patches would also just travel through different trees, 
> the spdx tree and Andrew's.

License "additions" are good to separate from other changes, in case
people have questions/comments/objections about them, they can be easier
to discuss and possibly reverted.

More patches is not a problem :)

thanks,

greg k-h

Re: [PATCH] scripts: Add intended executable mode and SPDX license

[Solar Designer]

[CC list trimmed]

On Thu, Aug 27, 2020 at 02:54:05PM +0530, Mrinal Pandey wrote:
>  mode change 100644 => 100755 scripts/gcc-plugins/gen-random-seed.sh

This is basically the only change relevant to the contribution initially
made via kernel-hardening, and in my opinion (and I am list admin) isn't
worth bringing to the list.  Now we have this bikeshed thread in here
(and I'm guilty for adding to it), and would have more (which I hope
this message of mine will prevent) if changes to something else in the
patch(es) are requested (which Greg KH sort of already did).

I recall we previously had lots of "similar" bikeshedding in here when
someone was converting the documentation to rST.  The more bikeshedding
we have, the less actual kernel-hardening work is going to happen,
because the list gets the reputation of yet another kernel maintenance
list rather than the place where actual/potential new contributions to
improve the kernel's security are discussed, and because bikeshedding
makes the most capable people unsubscribe or stop paying attention.

How about we remove kernel-hardening from the MAINTAINERS entries it's
currently in? -

GCC PLUGINS
M:      Kees Cook <keescook@chromium.org>
R:      Emese Revfy <re.emese@gmail.com>
L:      kernel-hardening@lists.openwall.com
S:      Maintained
F:      Documentation/kbuild/gcc-plugins.rst
F:      scripts/Makefile.gcc-plugins
F:      scripts/gcc-plugin.sh
F:      scripts/gcc-plugins/

LEAKING_ADDRESSES
M:      Tobin C. Harding <me@tobin.cc>
M:      Tycho Andersen <tycho@tycho.ws>
L:      kernel-hardening@lists.openwall.com
S:      Maintained
T:      git git://git.kernel.org/pub/scm/linux/kernel/git/tobin/leaks.git
F:      scripts/leaking_addresses.pl

Alternatively, would this be acceptable? -

L:      kernel-hardening@lists.openwall.com (only for messages focused on core functionality, not for maintenance detail)

I think the latter would be best, if allowed.

Kees, please comment (so that we'd hopefully not need that next time),
and if you agree please make a change to MAINTAINERS.

Mrinal, we appreciate your contribution, and the problem above isn't
yours - it's with the way MAINTAINERS doesn't fit this group well.

Thanks,

Alexander

Re: [PATCH] scripts: Add intended executable mode and SPDX license

[Kees Cook]

On Thu, Aug 27, 2020 at 03:06:53PM +0200, Solar Designer wrote:
> On Thu, Aug 27, 2020 at 02:54:05PM +0530, Mrinal Pandey wrote:
> >  mode change 100644 => 100755 scripts/gcc-plugins/gen-random-seed.sh
> 
> This is basically the only change relevant to the contribution initially
> made via kernel-hardening, and in my opinion (and I am list admin) isn't
> worth bringing to the list.  Now we have this bikeshed thread in here
> (and I'm guilty for adding to it), and would have more (which I hope
> this message of mine will prevent) if changes to something else in the
> patch(es) are requested (which Greg KH sort of already did).
> 
> I recall we previously had lots of "similar" bikeshedding in here when
> someone was converting the documentation to rST.  The more bikeshedding
> we have, the less actual kernel-hardening work is going to happen,
> because the list gets the reputation of yet another kernel maintenance
> list rather than the place where actual/potential new contributions to
> improve the kernel's security are discussed, and because bikeshedding
> makes the most capable people unsubscribe or stop paying attention.
> 
> How about we remove kernel-hardening from the MAINTAINERS entries it's
> currently in? -
> 
> GCC PLUGINS
> M:      Kees Cook <keescook@chromium.org>
> R:      Emese Revfy <re.emese@gmail.com>
> L:      kernel-hardening@lists.openwall.com
> S:      Maintained
> F:      Documentation/kbuild/gcc-plugins.rst
> F:      scripts/Makefile.gcc-plugins
> F:      scripts/gcc-plugin.sh
> F:      scripts/gcc-plugins/
> 
> LEAKING_ADDRESSES
> M:      Tobin C. Harding <me@tobin.cc>
> M:      Tycho Andersen <tycho@tycho.ws>
> L:      kernel-hardening@lists.openwall.com
> S:      Maintained
> T:      git git://git.kernel.org/pub/scm/linux/kernel/git/tobin/leaks.git
> F:      scripts/leaking_addresses.pl
> 
> Alternatively, would this be acceptable? -
> 
> L:      kernel-hardening@lists.openwall.com (only for messages focused on core functionality, not for maintenance detail)
> 
> I think the latter would be best, if allowed.
> 
> Kees, please comment (so that we'd hopefully not need that next time),
> and if you agree please make a change to MAINTAINERS.

A comment isn't going to really help fix this (much of the CCing is done
by scripts, etc).

I've tended to prefer more emails than missing discussions, and I think
it's not unreasonable to have the list mentioned in MAINTAINERS for
those things. It does, of course, mean that "maintenance" patches get
directed there too, as you say.

If it's really something you'd like to avoid, I can drop those
references. My instinct is to leave it as-is, but the strength of my
opinion is pretty small. Let me know what you prefer...

-- 
Kees Cook

Re: [PATCH] scripts: Add intended executable mode and SPDX license

[Tycho Andersen]

On Thu, Aug 27, 2020 at 11:02:00AM -0700, Kees Cook wrote:
> On Thu, Aug 27, 2020 at 03:06:53PM +0200, Solar Designer wrote:
> > On Thu, Aug 27, 2020 at 02:54:05PM +0530, Mrinal Pandey wrote:
> > >  mode change 100644 => 100755 scripts/gcc-plugins/gen-random-seed.sh
> > 
> > This is basically the only change relevant to the contribution initially
> > made via kernel-hardening, and in my opinion (and I am list admin) isn't
> > worth bringing to the list.  Now we have this bikeshed thread in here
> > (and I'm guilty for adding to it), and would have more (which I hope
> > this message of mine will prevent) if changes to something else in the
> > patch(es) are requested (which Greg KH sort of already did).
> > 
> > I recall we previously had lots of "similar" bikeshedding in here when
> > someone was converting the documentation to rST.  The more bikeshedding
> > we have, the less actual kernel-hardening work is going to happen,
> > because the list gets the reputation of yet another kernel maintenance
> > list rather than the place where actual/potential new contributions to
> > improve the kernel's security are discussed, and because bikeshedding
> > makes the most capable people unsubscribe or stop paying attention.
> > 
> > How about we remove kernel-hardening from the MAINTAINERS entries it's
> > currently in? -
> > 
> > GCC PLUGINS
> > M:      Kees Cook <keescook@chromium.org>
> > R:      Emese Revfy <re.emese@gmail.com>
> > L:      kernel-hardening@lists.openwall.com
> > S:      Maintained
> > F:      Documentation/kbuild/gcc-plugins.rst
> > F:      scripts/Makefile.gcc-plugins
> > F:      scripts/gcc-plugin.sh
> > F:      scripts/gcc-plugins/
> > 
> > LEAKING_ADDRESSES
> > M:      Tobin C. Harding <me@tobin.cc>
> > M:      Tycho Andersen <tycho@tycho.ws>
> > L:      kernel-hardening@lists.openwall.com
> > S:      Maintained
> > T:      git git://git.kernel.org/pub/scm/linux/kernel/git/tobin/leaks.git
> > F:      scripts/leaking_addresses.pl
> > 
> > Alternatively, would this be acceptable? -
> > 
> > L:      kernel-hardening@lists.openwall.com (only for messages focused on core functionality, not for maintenance detail)
> > 
> > I think the latter would be best, if allowed.
> > 
> > Kees, please comment (so that we'd hopefully not need that next time),
> > and if you agree please make a change to MAINTAINERS.
> 
> A comment isn't going to really help fix this (much of the CCing is done
> by scripts, etc).
> 
> I've tended to prefer more emails than missing discussions, and I think
> it's not unreasonable to have the list mentioned in MAINTAINERS for
> those things. It does, of course, mean that "maintenance" patches get
> directed there too, as you say.
> 
> If it's really something you'd like to avoid, I can drop those
> references. My instinct is to leave it as-is, but the strength of my
> opinion is pretty small. Let me know what you prefer...

One thing about leaking_addresses.pl is that I'm not sure anyone is
actively using it at this point. I told Tobin I'd help review stuff,
but I don't even have a GPG key with enough signatures to send PRs.
I'm slowly working on figuring that out, but in the meantime I wonder
if we couldn't move it into some self test somehow, so that at least
nobody adds new leaks? Does that seem worth doing?

It would then probably go away as a separate perl script and live
under selftests, which could mean we could drop the reference to the
list. But that's me making it someone else's problem then, kind of :)

Also, I'm switching my e-mail address to tycho@tycho.pizza, so future
replies will be from there.

Tycho

Re: [PATCH] scripts: Add intended executable mode and SPDX license

[Tobin C. Harding]

On Mon, Aug 31, 2020 at 06:15:19PM -0600, Tycho Andersen wrote:
> On Thu, Aug 27, 2020 at 11:02:00AM -0700, Kees Cook wrote:
> > On Thu, Aug 27, 2020 at 03:06:53PM +0200, Solar Designer wrote:
> > > On Thu, Aug 27, 2020 at 02:54:05PM +0530, Mrinal Pandey wrote:
> > > >  mode change 100644 => 100755 scripts/gcc-plugins/gen-random-seed.sh
> > > 
> > > This is basically the only change relevant to the contribution initially
> > > made via kernel-hardening, and in my opinion (and I am list admin) isn't
> > > worth bringing to the list.  Now we have this bikeshed thread in here
> > > (and I'm guilty for adding to it), and would have more (which I hope
> > > this message of mine will prevent) if changes to something else in the
> > > patch(es) are requested (which Greg KH sort of already did).
> > > 
> > > I recall we previously had lots of "similar" bikeshedding in here when
> > > someone was converting the documentation to rST.  The more bikeshedding
> > > we have, the less actual kernel-hardening work is going to happen,
> > > because the list gets the reputation of yet another kernel maintenance
> > > list rather than the place where actual/potential new contributions to
> > > improve the kernel's security are discussed, and because bikeshedding
> > > makes the most capable people unsubscribe or stop paying attention.
> > > 
> > > How about we remove kernel-hardening from the MAINTAINERS entries it's
> > > currently in? -
> > > 
> > > GCC PLUGINS
> > > M:      Kees Cook <keescook@chromium.org>
> > > R:      Emese Revfy <re.emese@gmail.com>
> > > L:      kernel-hardening@lists.openwall.com
> > > S:      Maintained
> > > F:      Documentation/kbuild/gcc-plugins.rst
> > > F:      scripts/Makefile.gcc-plugins
> > > F:      scripts/gcc-plugin.sh
> > > F:      scripts/gcc-plugins/
> > > 
> > > LEAKING_ADDRESSES
> > > M:      Tobin C. Harding <me@tobin.cc>
> > > M:      Tycho Andersen <tycho@tycho.ws>
> > > L:      kernel-hardening@lists.openwall.com
> > > S:      Maintained
> > > T:      git git://git.kernel.org/pub/scm/linux/kernel/git/tobin/leaks.git
> > > F:      scripts/leaking_addresses.pl
> > > 
> > > Alternatively, would this be acceptable? -
> > > 
> > > L:      kernel-hardening@lists.openwall.com (only for messages focused on core functionality, not for maintenance detail)
> > > 
> > > I think the latter would be best, if allowed.
> > > 
> > > Kees, please comment (so that we'd hopefully not need that next time),
> > > and if you agree please make a change to MAINTAINERS.
> > 
> > A comment isn't going to really help fix this (much of the CCing is done
> > by scripts, etc).
> > 
> > I've tended to prefer more emails than missing discussions, and I think
> > it's not unreasonable to have the list mentioned in MAINTAINERS for
> > those things. It does, of course, mean that "maintenance" patches get
> > directed there too, as you say.
> > 
> > If it's really something you'd like to avoid, I can drop those
> > references. My instinct is to leave it as-is, but the strength of my
> > opinion is pretty small. Let me know what you prefer...
> 
> One thing about leaking_addresses.pl is that I'm not sure anyone is
> actively using it at this point. I told Tobin I'd help review stuff,
> but I don't even have a GPG key with enough signatures to send PRs.
> I'm slowly working on figuring that out, but in the meantime I wonder
> if we couldn't move it into some self test somehow, so that at least
> nobody adds new leaks? Does that seem worth doing?
> 
> It would then probably go away as a separate perl script and live
> under selftests, which could mean we could drop the reference to the
> list. But that's me making it someone else's problem then, kind of :)
> 
> Also, I'm switching my e-mail address to tycho@tycho.pizza, so future
> replies will be from there.

I don't mind if the reference to kernel-hardening is removed, if in
the event that someone sends a patch that needs input from the kernel
hardening community we can always mail the list.

Thanks,
Tobin

Re: [PATCH] scripts: Add intended executable mode and SPDX license

[Solar Designer]

On Tue, Sep 01, 2020 at 02:24:50PM +1000, Tobin C. Harding wrote:
> On Mon, Aug 31, 2020 at 06:15:19PM -0600, Tycho Andersen wrote:
> > On Thu, Aug 27, 2020 at 11:02:00AM -0700, Kees Cook wrote:
> > > On Thu, Aug 27, 2020 at 03:06:53PM +0200, Solar Designer wrote:
> > > > How about we remove kernel-hardening from the MAINTAINERS entries it's
> > > > currently in? -
> > > > 
> > > > GCC PLUGINS
> > > > M:      Kees Cook <keescook@chromium.org>
> > > > R:      Emese Revfy <re.emese@gmail.com>
> > > > L:      kernel-hardening@lists.openwall.com
> > > > S:      Maintained
> > > > F:      Documentation/kbuild/gcc-plugins.rst
> > > > F:      scripts/Makefile.gcc-plugins
> > > > F:      scripts/gcc-plugin.sh
> > > > F:      scripts/gcc-plugins/
> > > > 
> > > > LEAKING_ADDRESSES
> > > > M:      Tobin C. Harding <me@tobin.cc>
> > > > M:      Tycho Andersen <tycho@tycho.ws>
> > > > L:      kernel-hardening@lists.openwall.com
> > > > S:      Maintained
> > > > T:      git git://git.kernel.org/pub/scm/linux/kernel/git/tobin/leaks.git
> > > > F:      scripts/leaking_addresses.pl
> > > > 
> > > > Alternatively, would this be acceptable? -
> > > > 
> > > > L:      kernel-hardening@lists.openwall.com (only for messages focused on core functionality, not for maintenance detail)
> > > > 
> > > > I think the latter would be best, if allowed.
> > > > 
> > > > Kees, please comment (so that we'd hopefully not need that next time),
> > > > and if you agree please make a change to MAINTAINERS.
> > > 
> > > A comment isn't going to really help fix this (much of the CCing is done
> > > by scripts, etc).

Understood.  Maybe some other agreed-upon syntax would help - a new tag
letter in place of "L" and/or e-mail address obfuscation or an https URL
for further information instead of a direct posting address - but I
guess this is only worth introducing if we're not unique with this wish.

> > > I've tended to prefer more emails than missing discussions, and I think
> > > it's not unreasonable to have the list mentioned in MAINTAINERS for
> > > those things. It does, of course, mean that "maintenance" patches get
> > > directed there too, as you say.
> > > 
> > > If it's really something you'd like to avoid, I can drop those
> > > references. My instinct is to leave it as-is, but the strength of my
> > > opinion is pretty small. Let me know what you prefer...

Thank you for your comments, Kees.

It's not a matter of my preference, but of what works best for getting
more actual work done.  Unfortunately, we have to make our subjective
guesses on this.  FYI, when we dropped the [kernel-hardening] prefix on
Subjects this appears to have resulted in some people unsubscribing.
I agree we had to do that anyway because of CC'ing other lists, which
is customary in Linux kernel development.  Before that change, we had a
slow but steady growth in the number of subscribers.  When we made that
change, the numbers of people joining and leaving became about the same,
so we're staying at 600 to 650 subscribed addresses for a long time now.
These numbers are fine by themselves; it's more relevant who is on the
list, not how many.  I think we might have "forced" some capable people
to unsubscribe, but like I explained we kind of had to.  Now I think
we're doing the same with these maintenance-only threads, and I think we
don't have to.  This is why I think we should preferably either somehow
limit the requested CC's to messages focused on core functionality, or
if we can't then drop the list references from MAINTAINERS.  We should
also not discuss this for very long, as this discussion itself hurts
actual work in a similar way.

> > One thing about leaking_addresses.pl is that I'm not sure anyone is
> > actively using it at this point. I told Tobin I'd help review stuff,
> > but I don't even have a GPG key with enough signatures to send PRs.
> > I'm slowly working on figuring that out, but in the meantime I wonder
> > if we couldn't move it into some self test somehow, so that at least
> > nobody adds new leaks? Does that seem worth doing?
> > 
> > It would then probably go away as a separate perl script and live
> > under selftests, which could mean we could drop the reference to the
> > list. But that's me making it someone else's problem then, kind of :)
> > 
> > Also, I'm switching my e-mail address to tycho@tycho.pizza, so future
> > replies will be from there.
> 
> I don't mind if the reference to kernel-hardening is removed, if in
> the event that someone sends a patch that needs input from the kernel
> hardening community we can always mail the list.

Thank you for your comments as well, Tycho and Tobin.

Alexander

Re: [PATCH] scripts: Add intended executable mode and SPDX license

[Andrew Morton]

On Thu, 27 Aug 2020 14:54:05 +0530 Mrinal Pandey <mrinalmni@gmail.com> wrote:

> commit b72231eb7084 ("scripts: add spdxcheck.py self test") added the file
> spdxcheck-test.sh to the repository without the executable flag and license
> information.

The x bit shouldn't matter.

If someone downloads and applies patch-5.9.xz (which is a supported way
of obtaining a kernel) then patch(1) will erase the x bit anyway.

Is some other script invoking spdxcheck-test.sh directly, instead of
using `/bin/sh spdxcheck-test.sh'?  If so, please let's fix that.

Re: [PATCH] scripts: Add intended executable mode and SPDX license

[Lukas Bulwahn]

On Sun, 30 Aug 2020, Andrew Morton wrote:

> On Thu, 27 Aug 2020 14:54:05 +0530 Mrinal Pandey <mrinalmni@gmail.com> wrote:
> 
> > commit b72231eb7084 ("scripts: add spdxcheck.py self test") added the file
> > spdxcheck-test.sh to the repository without the executable flag and license
> > information.
> 
> The x bit shouldn't matter.
> 
> If someone downloads and applies patch-5.9.xz (which is a supported way
> of obtaining a kernel) then patch(1) will erase the x bit anyway.
>

Andrew, Kees,

thanks for the feedback.

As his mentor, I see two valuable tasks for Mrinal to work on:

1. Document this knowledge how scripts should be called, not relying on 
the executable bit, probably best somewhere here:
./Documentation/kbuild/makefiles.rst, a new section on using dedicated 
scripts in chapter 3 ("The  kbuild files").

https://www.kernel.org/doc/html/latest/kbuild/makefiles.html#the-kbuild-files

2. Determine if there are places in the build Makefiles that do rely on 
the executable bit and fix those script invocations. (Kees' idea of remove 
all executable bits and see...)


Lukas

Re: [PATCH] scripts: Add intended executable mode and SPDX license

[Kees Cook]

On Mon, Aug 31, 2020 at 07:45:25AM +0200, Lukas Bulwahn wrote:
> 
> 
> On Sun, 30 Aug 2020, Andrew Morton wrote:
> 
> > On Thu, 27 Aug 2020 14:54:05 +0530 Mrinal Pandey <mrinalmni@gmail.com> wrote:
> > 
> > > commit b72231eb7084 ("scripts: add spdxcheck.py self test") added the file
> > > spdxcheck-test.sh to the repository without the executable flag and license
> > > information.
> > 
> > The x bit shouldn't matter.
> > 
> > If someone downloads and applies patch-5.9.xz (which is a supported way
> > of obtaining a kernel) then patch(1) will erase the x bit anyway.
> >
> 
> Andrew, Kees,
> 
> thanks for the feedback.
> 
> As his mentor, I see two valuable tasks for Mrinal to work on:
> 
> 1. Document this knowledge how scripts should be called, not relying on 
> the executable bit, probably best somewhere here:
> ./Documentation/kbuild/makefiles.rst, a new section on using dedicated 
> scripts in chapter 3 ("The  kbuild files").
> 
> https://www.kernel.org/doc/html/latest/kbuild/makefiles.html#the-kbuild-files

Yes, that would be excellent.

> 2. Determine if there are places in the build Makefiles that do rely on 
> the executable bit and fix those script invocations. (Kees' idea of remove 
> all executable bits and see...)

I think this has value, yes. I don't think patches to remove the x bits
are needed, but any cases where they are depended on need to be fixed.

And I think "3" could be "wire up or remove spdx shell script"

-- 
Kees Cook