* Re: [PATCH] extract-cert: Wrap key_pass with '#ifdef USE_PKCS11_ENGINE'
2026-03-26 1:19 [PATCH] extract-cert: Wrap key_pass with '#ifdef USE_PKCS11_ENGINE' Nathan Chancellor
@ 2026-04-08 20:25 ` Nick Desaulniers
2026-04-16 20:42 ` Nathan Chancellor
2026-04-16 21:21 ` Nathan Chancellor
2 siblings, 0 replies; 4+ messages in thread
From: Nick Desaulniers @ 2026-04-08 20:25 UTC (permalink / raw)
To: Nathan Chancellor
Cc: David Howells, David Woodhouse, Nick Desaulniers, Bill Wendling,
Justin Stitt, keyrings, linux-kernel, llvm, stable
On Wed, Mar 25, 2026 at 06:19:15PM -0700, Nathan Chancellor wrote:
> A recent strengthening of -Wunused-but-set-variable (enabled with -Wall)
> in clang under a new subwarning, -Wunused-but-set-global, points out an
> unused static global variable in certs/extract-cert.c:
>
> certs/extract-cert.c:46:20: error: variable 'key_pass' set but not used [-Werror,-Wunused-but-set-global]
> 46 | static const char *key_pass;
> | ^
>
> After commit 558bdc45dfb2 ("sign-file,extract-cert: use pkcs11 provider
> for OPENSSL MAJOR >= 3"), key_pass is only used with the OpenSSL engine
> API, not the new provider API. Wrap key_pass's declaration and
> assignment with '#ifdef USE_PKCS11_ENGINE' so that it is only included
> with its use to clear up the warning. While this is a little uglier than
> just marking key_pass with the unused attribute, this will make it
> easier to clean up all code associated with the use of the engine API if
> it were ever removed in the future. While in the area, use a tab for
> the key_pass assignment line to match the rest of the file.
>
> Cc: stable@vger.kernel.org
> Fixes: 558bdc45dfb2 ("sign-file,extract-cert: use pkcs11 provider for OPENSSL MAJOR >= 3")
> Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Tested-by: Nick Desaulniers <ndesaulniers@google.com>
> ---
> I am taking a fix for a similar warning in modpost through the kbuild
> tree so I don't mind picking this up with an appropriate Ack or it can
> just go through the keyring tree, does not matter to me.
> ---
> certs/extract-cert.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/certs/extract-cert.c b/certs/extract-cert.c
> index 7d6d468ed612..54ecd1024274 100644
> --- a/certs/extract-cert.c
> +++ b/certs/extract-cert.c
> @@ -43,7 +43,9 @@ void format(void)
> exit(2);
> }
>
> +#ifdef USE_PKCS11_ENGINE
> static const char *key_pass;
> +#endif
> static BIO *wb;
> static char *cert_dst;
> static bool verbose;
> @@ -135,7 +137,9 @@ int main(int argc, char **argv)
> if (verbose_env && strchr(verbose_env, '1'))
> verbose = true;
>
> - key_pass = getenv("KBUILD_SIGN_PIN");
> +#ifdef USE_PKCS11_ENGINE
> + key_pass = getenv("KBUILD_SIGN_PIN");
> +#endif
>
> if (argc != 3)
> format();
>
> ---
> base-commit: d2a43e7f89da55d6f0f96aaadaa243f35557291e
> change-id: 20260325-certs-extract-cert-key_pass-unused-but-set-global-23007ecfadf9
>
> Best regards,
> --
> Nathan Chancellor <nathan@kernel.org>
>
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: [PATCH] extract-cert: Wrap key_pass with '#ifdef USE_PKCS11_ENGINE'
2026-03-26 1:19 [PATCH] extract-cert: Wrap key_pass with '#ifdef USE_PKCS11_ENGINE' Nathan Chancellor
2026-04-08 20:25 ` Nick Desaulniers
@ 2026-04-16 20:42 ` Nathan Chancellor
2026-04-16 21:21 ` Nathan Chancellor
2 siblings, 0 replies; 4+ messages in thread
From: Nathan Chancellor @ 2026-04-16 20:42 UTC (permalink / raw)
To: David Howells, David Woodhouse
Cc: Nick Desaulniers, Bill Wendling, Justin Stitt, keyrings,
linux-kernel, llvm, stable
On Wed, Mar 25, 2026 at 06:19:15PM -0700, Nathan Chancellor wrote:
> A recent strengthening of -Wunused-but-set-variable (enabled with -Wall)
> in clang under a new subwarning, -Wunused-but-set-global, points out an
> unused static global variable in certs/extract-cert.c:
>
> certs/extract-cert.c:46:20: error: variable 'key_pass' set but not used [-Werror,-Wunused-but-set-global]
> 46 | static const char *key_pass;
> | ^
>
> After commit 558bdc45dfb2 ("sign-file,extract-cert: use pkcs11 provider
> for OPENSSL MAJOR >= 3"), key_pass is only used with the OpenSSL engine
> API, not the new provider API. Wrap key_pass's declaration and
> assignment with '#ifdef USE_PKCS11_ENGINE' so that it is only included
> with its use to clear up the warning. While this is a little uglier than
> just marking key_pass with the unused attribute, this will make it
> easier to clean up all code associated with the use of the engine API if
> it were ever removed in the future. While in the area, use a tab for
> the key_pass assignment line to match the rest of the file.
>
> Cc: stable@vger.kernel.org
> Fixes: 558bdc45dfb2 ("sign-file,extract-cert: use pkcs11 provider for OPENSSL MAJOR >= 3")
> Signed-off-by: Nathan Chancellor <nathan@kernel.org>
I am going to apply this to my tree and send it to Linus at some point
during the merge window, as this warning breaks the build early,
disrupting our upstream LLVM testing. If there are any objections to
this, please let me know; it does not seem like extract-cert.c is a hard
owned file.
> ---
> I am taking a fix for a similar warning in modpost through the kbuild
> tree so I don't mind picking this up with an appropriate Ack or it can
> just go through the keyring tree, does not matter to me.
> ---
> certs/extract-cert.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/certs/extract-cert.c b/certs/extract-cert.c
> index 7d6d468ed612..54ecd1024274 100644
> --- a/certs/extract-cert.c
> +++ b/certs/extract-cert.c
> @@ -43,7 +43,9 @@ void format(void)
> exit(2);
> }
>
> +#ifdef USE_PKCS11_ENGINE
> static const char *key_pass;
> +#endif
> static BIO *wb;
> static char *cert_dst;
> static bool verbose;
> @@ -135,7 +137,9 @@ int main(int argc, char **argv)
> if (verbose_env && strchr(verbose_env, '1'))
> verbose = true;
>
> - key_pass = getenv("KBUILD_SIGN_PIN");
> +#ifdef USE_PKCS11_ENGINE
> + key_pass = getenv("KBUILD_SIGN_PIN");
> +#endif
>
> if (argc != 3)
> format();
>
> ---
> base-commit: d2a43e7f89da55d6f0f96aaadaa243f35557291e
> change-id: 20260325-certs-extract-cert-key_pass-unused-but-set-global-23007ecfadf9
>
> Best regards,
> --
> Nathan Chancellor <nathan@kernel.org>
>
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: [PATCH] extract-cert: Wrap key_pass with '#ifdef USE_PKCS11_ENGINE'
2026-03-26 1:19 [PATCH] extract-cert: Wrap key_pass with '#ifdef USE_PKCS11_ENGINE' Nathan Chancellor
2026-04-08 20:25 ` Nick Desaulniers
2026-04-16 20:42 ` Nathan Chancellor
@ 2026-04-16 21:21 ` Nathan Chancellor
2 siblings, 0 replies; 4+ messages in thread
From: Nathan Chancellor @ 2026-04-16 21:21 UTC (permalink / raw)
To: David Howells, David Woodhouse, Nathan Chancellor
Cc: Nick Desaulniers, Bill Wendling, Justin Stitt, keyrings,
linux-kernel, llvm, stable
On Wed, 25 Mar 2026 18:19:15 -0700, Nathan Chancellor wrote:
> A recent strengthening of -Wunused-but-set-variable (enabled with -Wall)
> in clang under a new subwarning, -Wunused-but-set-global, points out an
> unused static global variable in certs/extract-cert.c:
>
> certs/extract-cert.c:46:20: error: variable 'key_pass' set but not used [-Werror,-Wunused-but-set-global]
> 46 | static const char *key_pass;
> | ^
>
> [...]
Applied to
https://git.kernel.org/pub/scm/linux/kernel/git/nathan/linux.git clang-fixes
Thanks!
[1/1] extract-cert: Wrap key_pass with '#ifdef USE_PKCS11_ENGINE'
https://git.kernel.org/nathan/c/4f96b7c68a990
Please look out for regression or issue reports or other follow up
comments, as they may result in the patch/series getting dropped or
reverted.
Best regards,
--
Nathan Chancellor <nathan@kernel.org>
^ permalink raw reply [flat|nested] 4+ messages in thread