From: Eric Biggers <ebiggers@kernel.org>
To: David Howells <dhowells@redhat.com>, keyrings@vger.kernel.org
Cc: "Valdis Klētnieks" <valdis.kletnieks@vt.edu>,
"David Woodhouse" <dwmw2@infradead.org>,
linux-kernel@vger.kernel.org
Subject: Re: next-20190705 - problems generating certs/x509_certificate_list
Date: Tue, 9 Jul 2019 13:17:12 -0700 [thread overview]
Message-ID: <20190709201712.GI641@sol.localdomain> (raw)
In-Reply-To: <27671.1562384658@turing-police>
On Fri, Jul 05, 2019 at 11:44:18PM -0400, Valdis Klētnieks wrote:
> This worked fine in next-20190618, but in next-20190701 I'm seeing dmesg
> entries at boot:
>
> dmesg | grep -i x.509
> [ 8.345699] Loading compiled-in X.509 certificates
> [ 8.366137] Problem loading in-kernel X.509 certificate (-13)
> [ 8.507348] cfg80211: Loading compiled-in X.509 certificates for regulatory database
> [ 8.526556] cfg80211: Problem loading in-kernel X.509 certificate (-13)
>
> I start debugging, and discover that certs/x509_certificate_list is a zero-length file.
> I rm it, and 'make V=1 certs/system_certificates.o', which tells me:
>
> (....)
> make -f ./scripts/Makefile.headersinst obj=include/uapi
> make -f ./scripts/Makefile.headersinst obj=arch/x86/include/uapi
> make -f ./scripts/Makefile.build obj=certs certs/system_certificates.o
> ---- smoking gun alert
> scripts/extract-cert "" certs/x509_certificate_list
> ----
> gcc -Wp,-MD,certs/.system_certificates.o.d -nostdinc -isystem /usr/lib/gcc/x86_64-redhat-linux/9/include -I./arch/x86/include -I./arch/x86/include/generated -I./include -I./arch/x86/include/uapi -I./arch/x86/include/generated/uapi -I./include/uapi -I./include/generated/uapi -include ./include/linux/kconfig.h -D__KERNEL__ -D__ASSEMBLY__ -fno-PIE -m64 -DCONFIG_AS_CFI=1 -DCONFIG_AS_CFI_SIGNAL_FRAME=1 -DCONFIG_AS_CFI_SECTIONS=1 -DCONFIG_AS_SSSE3=1 -DCONFIG_AS_AVX=1 -DCONFIG_AS_AVX2=1 -DCONFIG_AS_AVX512=1 -DCONFIG_AS_SHA1_NI=1 -DCONFIG_AS_SHA256_NI=1 -Wa,-gdwarf-2 -DCC_USING_FENTRY -I. -c -o certs/system_certificates.o certs/system_certificates.S
>
> I go look at extract-cert.c, and sure enough, if the first parameter is a null string
> it just goes and creates an empty file.
>
> The Makefile says:
>
> quiet_cmd_extract_certs = EXTRACT_CERTS $(patsubst "%",%,$(2))
> cmd_extract_certs = scripts/extract-cert $(2) $@
>
> and damned if I know why $(2) is "". Diffed the config files from -0618 and -0705,
> not seeing anything relevant difference.
>
> Any ideas?
>
I'm seeing on mainline now:
[ 10.915386] Problem loading in-kernel X.509 certificate (-13)
- Eric
next prev parent reply other threads:[~2019-07-09 20:17 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-06 3:44 next-20190705 - problems generating certs/x509_certificate_list Valdis Klētnieks
2019-07-09 20:17 ` Eric Biggers [this message]
2019-07-10 1:32 ` Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190709201712.GI641@sol.localdomain \
--to=ebiggers@kernel.org \
--cc=dhowells@redhat.com \
--cc=dwmw2@infradead.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=valdis.kletnieks@vt.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox