From: Arnd Bergmann <arnd@arndb.de>
To: David Howells <dhowells@redhat.com>,
David Woodhouse <dwmw2@infradead.org>
Cc: linux-arm-kernel@lists.infradead.org,
linux-kbuild@vger.kernel.org, Michal Marek <mmarek@suse.com>,
Arnd Bergmann <arnd@arndb.de>,
keyrings@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH] modsign: hide openssl output in silent builds
Date: Thu, 25 Feb 2016 17:31:32 +0100 [thread overview]
Message-ID: <1456417901-2192433-1-git-send-email-arnd@arndb.de> (raw)
When a user calls 'make -s', we can assume they don't want to
see any output except for warnings and errors, but instead
they see this for a warning free build:
###
### Now generating an X.509 key pair to be used for signing modules.
###
### If this takes a long time, you might wish to run rngd in the
### background to keep the supply of entropy topped up. It
### needs to be run as root, and uses a hardware random
### number generator if one is available.
###
Generating a 4096 bit RSA private key
.................................................................................................................................................................................................................................++
..............................................................................................................................++
writing new private key to 'certs/signing_key.pem'
-----
###
### Key pair generated.
###
The output can confuse simple build testing scripts that just check
for an empty build log.
This patch silences all the output:
- "echo" is changed to "@$(kecho)", which is dropped when "-s" gets
passed
- the openssl command itself is only printed with V=1, using the
$(Q) macro
- The output of openssl gets redircted to /dev/null on "-s" builds.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
---
certs/Makefile | 33 +++++++++++++++++++--------------
1 file changed, 19 insertions(+), 14 deletions(-)
diff --git a/certs/Makefile b/certs/Makefile
index 28ac694dd11a..2773c4afa24c 100644
--- a/certs/Makefile
+++ b/certs/Makefile
@@ -36,29 +36,34 @@ ifndef CONFIG_MODULE_SIG_HASH
$(error Could not determine digest type to use from kernel config)
endif
+redirect_openssl = 2>&1
+quiet_redirect_openssl = 2>&1
+silent_redirect_openssl = 2>/dev/null
+
# We do it this way rather than having a boolean option for enabling an
# external private key, because 'make randconfig' might enable such a
# boolean option and we unfortunately can't make it depend on !RANDCONFIG.
ifeq ($(CONFIG_MODULE_SIG_KEY),"certs/signing_key.pem")
$(obj)/signing_key.pem: $(obj)/x509.genkey
- @echo "###"
- @echo "### Now generating an X.509 key pair to be used for signing modules."
- @echo "###"
- @echo "### If this takes a long time, you might wish to run rngd in the"
- @echo "### background to keep the supply of entropy topped up. It"
- @echo "### needs to be run as root, and uses a hardware random"
- @echo "### number generator if one is available."
- @echo "###"
- openssl req -new -nodes -utf8 -$(CONFIG_MODULE_SIG_HASH) -days 36500 \
+ @$(kecho) "###"
+ @$(kecho) "### Now generating an X.509 key pair to be used for signing modules."
+ @$(kecho) "###"
+ @$(kecho) "### If this takes a long time, you might wish to run rngd in the"
+ @$(kecho) "### background to keep the supply of entropy topped up. It"
+ @$(kecho) "### needs to be run as root, and uses a hardware random"
+ @$(kecho) "### number generator if one is available."
+ @$(kecho) "###"
+ $(Q)openssl req -new -nodes -utf8 -$(CONFIG_MODULE_SIG_HASH) -days 36500 \
-batch -x509 -config $(obj)/x509.genkey \
-outform PEM -out $(obj)/signing_key.pem \
- -keyout $(obj)/signing_key.pem 2>&1
- @echo "###"
- @echo "### Key pair generated."
- @echo "###"
+ -keyout $(obj)/signing_key.pem \
+ $($(quiet)redirect_openssl)
+ @$(kecho) "###"
+ @$(kecho) "### Key pair generated."
+ @$(kecho) "###"
$(obj)/x509.genkey:
- @echo Generating X.509 key generation config
+ @$(kecho) Generating X.509 key generation config
@echo >$@ "[ req ]"
@echo >>$@ "default_bits = 4096"
@echo >>$@ "distinguished_name = req_distinguished_name"
--
2.7.0
next reply other threads:[~2016-02-25 16:32 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-02-25 16:31 Arnd Bergmann [this message]
2016-02-26 11:20 ` [PATCH] modsign: hide openssl output in silent builds David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1456417901-2192433-1-git-send-email-arnd@arndb.de \
--to=arnd@arndb.de \
--cc=dhowells@redhat.com \
--cc=dwmw2@infradead.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kbuild@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mmarek@suse.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox