From: Nayna Jain <nayna@linux.ibm.com>
To: linux-integrity@vger.kernel.org, keyrings@vger.kernel.org
Cc: dhowells@redhat.com, zohar@linux.ibm.com, jarkko@kernel.org,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org, dimitri.ledkov@canonical.com,
seth@forshee.me, rnsastry@linux.ibm.com, masahiroy@kernel.org,
Nayna Jain <nayna@linux.ibm.com>
Subject: [PATCH v12 3/4] Revert "certs: move scripts/extract-cert to certs/"
Date: Fri, 11 Mar 2022 16:03:43 -0500 [thread overview]
Message-ID: <20220311210344.102396-4-nayna@linux.ibm.com> (raw)
In-Reply-To: <20220311210344.102396-1-nayna@linux.ibm.com>
This reverts commit 340a02535ee785c64c62a9c45706597a0139e972.
extract-cert is used outside certs/ by INTEGRITY_PLATFORM_KEYRING.
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
---
MAINTAINERS | 1 +
certs/.gitignore | 1 -
certs/Makefile | 13 ++++---------
scripts/.gitignore | 1 +
scripts/Makefile | 11 +++++++++--
| 2 +-
scripts/remove-stale-files | 2 --
7 files changed, 16 insertions(+), 15 deletions(-)
rename {certs => scripts}/extract-cert.c (98%)
diff --git a/MAINTAINERS b/MAINTAINERS
index 05fd080b82f3..cf4cd22ca3a0 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -4471,6 +4471,7 @@ L: keyrings@vger.kernel.org
S: Maintained
F: Documentation/admin-guide/module-signing.rst
F: certs/
+F: scripts/extract-cert.c
F: scripts/sign-file.c
CFAG12864B LCD DRIVER
diff --git a/certs/.gitignore b/certs/.gitignore
index 9e42fe3e02f5..8c3763f80be3 100644
--- a/certs/.gitignore
+++ b/certs/.gitignore
@@ -1,4 +1,3 @@
# SPDX-License-Identifier: GPL-2.0-only
-/extract-cert
/x509_certificate_list
/x509_revocation_list
diff --git a/certs/Makefile b/certs/Makefile
index b92b6ff339d5..a4a6f6a78904 100644
--- a/certs/Makefile
+++ b/certs/Makefile
@@ -14,11 +14,11 @@ obj-$(CONFIG_SYSTEM_BLACKLIST_KEYRING) += blacklist_nohashes.o
endif
quiet_cmd_extract_certs = CERT $@
- cmd_extract_certs = $(obj)/extract-cert $(2) $@
+ cmd_extract_certs = scripts/extract-cert $(2) $@
$(obj)/system_certificates.o: $(obj)/x509_certificate_list
-$(obj)/x509_certificate_list: $(CONFIG_SYSTEM_TRUSTED_KEYS) $(obj)/extract-cert FORCE
+$(obj)/x509_certificate_list: $(CONFIG_SYSTEM_TRUSTED_KEYS) scripts/extract-cert FORCE
$(call if_changed,extract_certs,$(if $(CONFIG_SYSTEM_TRUSTED_KEYS),$<,""))
targets += x509_certificate_list
@@ -75,7 +75,7 @@ endif
$(obj)/system_certificates.o: $(obj)/signing_key.x509
-$(obj)/signing_key.x509: $(X509_DEP) $(obj)/extract-cert FORCE
+$(obj)/signing_key.x509: $(X509_DEP) scripts/extract-cert FORCE
$(call if_changed,extract_certs,$(if $(CONFIG_MODULE_SIG_KEY),$(if $(X509_DEP),$<,$(CONFIG_MODULE_SIG_KEY)),""))
endif # CONFIG_MODULE_SIG
@@ -83,12 +83,7 @@ targets += signing_key.x509
$(obj)/revocation_certificates.o: $(obj)/x509_revocation_list
-$(obj)/x509_revocation_list: $(CONFIG_SYSTEM_REVOCATION_KEYS) $(obj)/extract-cert FORCE
+$(obj)/x509_revocation_list: $(CONFIG_SYSTEM_REVOCATION_KEYS) scripts/extract-cert FORCE
$(call if_changed,extract_certs,$(if $(CONFIG_SYSTEM_REVOCATION_KEYS),$<,""))
targets += x509_revocation_list
-
-hostprogs := extract-cert
-
-HOSTCFLAGS_extract-cert.o = $(shell pkg-config --cflags libcrypto 2> /dev/null)
-HOSTLDLIBS_extract-cert = $(shell pkg-config --libs libcrypto 2> /dev/null || echo -lcrypto)
diff --git a/scripts/.gitignore b/scripts/.gitignore
index eed308bef604..e83c620ef52c 100644
--- a/scripts/.gitignore
+++ b/scripts/.gitignore
@@ -1,6 +1,7 @@
# SPDX-License-Identifier: GPL-2.0-only
/asn1_compiler
/bin2c
+/extract-cert
/insert-sys-cert
/kallsyms
/module.lds
diff --git a/scripts/Makefile b/scripts/Makefile
index ce5aa9030b74..cedc1f0e21d8 100644
--- a/scripts/Makefile
+++ b/scripts/Makefile
@@ -3,19 +3,26 @@
# scripts contains sources for various helper programs used throughout
# the kernel for the build process.
+CRYPTO_LIBS = $(shell pkg-config --libs libcrypto 2> /dev/null || echo -lcrypto)
+CRYPTO_CFLAGS = $(shell pkg-config --cflags libcrypto 2> /dev/null)
+
hostprogs-always-$(CONFIG_BUILD_BIN2C) += bin2c
hostprogs-always-$(CONFIG_KALLSYMS) += kallsyms
hostprogs-always-$(BUILD_C_RECORDMCOUNT) += recordmcount
hostprogs-always-$(CONFIG_BUILDTIME_TABLE_SORT) += sorttable
hostprogs-always-$(CONFIG_ASN1) += asn1_compiler
hostprogs-always-$(CONFIG_MODULE_SIG_FORMAT) += sign-file
+hostprogs-always-$(CONFIG_SYSTEM_TRUSTED_KEYRING) += extract-cert
hostprogs-always-$(CONFIG_SYSTEM_EXTRA_CERTIFICATE) += insert-sys-cert
+hostprogs-always-$(CONFIG_SYSTEM_REVOCATION_LIST) += extract-cert
HOSTCFLAGS_sorttable.o = -I$(srctree)/tools/include
HOSTLDLIBS_sorttable = -lpthread
HOSTCFLAGS_asn1_compiler.o = -I$(srctree)/include
-HOSTCFLAGS_sign-file.o = $(shell pkg-config --cflags libcrypto 2> /dev/null)
-HOSTLDLIBS_sign-file = $(shell pkg-config --libs libcrypto 2> /dev/null || echo -lcrypto)
+HOSTCFLAGS_sign-file.o = $(CRYPTO_CFLAGS)
+HOSTLDLIBS_sign-file = $(CRYPTO_LIBS)
+HOSTCFLAGS_extract-cert.o = $(CRYPTO_CFLAGS)
+HOSTLDLIBS_extract-cert = $(CRYPTO_LIBS)
ifdef CONFIG_UNWINDER_ORC
ifeq ($(ARCH),x86_64)
--git a/certs/extract-cert.c b/scripts/extract-cert.c
similarity index 98%
rename from certs/extract-cert.c
rename to scripts/extract-cert.c
index f7ef7862f207..3bc48c726c41 100644
--- a/certs/extract-cert.c
+++ b/scripts/extract-cert.c
@@ -29,7 +29,7 @@ static __attribute__((noreturn))
void format(void)
{
fprintf(stderr,
- "Usage: extract-cert <source> <dest>\n");
+ "Usage: scripts/extract-cert <source> <dest>\n");
exit(2);
}
diff --git a/scripts/remove-stale-files b/scripts/remove-stale-files
index 7adab4618035..80430b8fb617 100755
--- a/scripts/remove-stale-files
+++ b/scripts/remove-stale-files
@@ -39,5 +39,3 @@ if [ -n "${building_out_of_srctree}" ]; then
rm -f arch/parisc/boot/compressed/${f}
done
fi
-
-rm -f scripts/extract-cert
--
2.34.1
next prev parent reply other threads:[~2022-03-11 22:47 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-11 21:03 [PATCH v12 0/4] integrity: support including firmware ".platform" keys at build time Nayna Jain
2022-03-11 21:03 ` [PATCH v12 1/4] certs: export load_certificate_list() to be used outside certs/ Nayna Jain
2022-03-20 21:10 ` Jarkko Sakkinen
2022-03-11 21:03 ` [PATCH v12 2/4] integrity: make integrity_keyring_from_id() non-static Nayna Jain
2022-03-11 21:03 ` Nayna Jain [this message]
2022-03-14 13:42 ` [PATCH v12 3/4] Revert "certs: move scripts/extract-cert to certs/" Nayna
2022-03-11 21:03 ` [PATCH v12 4/4] integrity: support including firmware ".platform" keys at build time Nayna Jain
2022-03-12 2:42 ` [PATCH v12 0/4] " Nageswara Sastry
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220311210344.102396-4-nayna@linux.ibm.com \
--to=nayna@linux.ibm.com \
--cc=dhowells@redhat.com \
--cc=dimitri.ledkov@canonical.com \
--cc=jarkko@kernel.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=masahiroy@kernel.org \
--cc=rnsastry@linux.ibm.com \
--cc=seth@forshee.me \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).