Re: [GIT PULL] Asymmetric keys and module signing

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Rusty Russell <rusty@rustcorp.com.au>
To: David Howells <dhowells@redhat.com>
Cc: dhowells@redhat.com, herbert@gondor.hengli.com.au,
	pjones@redhat.com, jwboyer@redhat.com,
	linux-crypto@vger.kernel.org,
	linux-security-module@vger.kernel.org,
	linux-kernel@vger.kernel.org, keyrings@linux-nfs.org
Subject: Re: [GIT PULL] Asymmetric keys and module signing
Date: Tue, 02 Oct 2012 15:42:31 +0930	[thread overview]
Message-ID: <874nmd4d2o.fsf@rustcorp.com.au> (raw)
In-Reply-To: <29451.1348903010@warthog.procyon.org.uk>

David Howells <dhowells@redhat.com> writes:

> Rusty Russell <rusty@rustcorp.com.au> wrote:
>
>> I noticed the Cert number didn't change with rebuilds: "distclean"
>> didn't remove some files:
>> 
>> $ git clean -f -f -x -d
>> Removing extra_certificates
>> Removing signing_key.priv
>> Removing signing_key.x509
>> Removing signing_key.x509.keyid
>> Removing signing_key.x509.signer
>> Removing x509.genkey
>
> I'm not sure whether distclean should remove those, since they can be
> externally supplied, or whether x509.genkey should have a Makefile dependency
> on kernel/Makefile.
>
> I lean towards 'yes' when I'm altering kernel/Makefile trying to get things
> right, and 'no' when I'm doing a make distclean to change my config or
> changing kernel/Makefile for some unrelated reason.

Right.  I think we need to use different names for generated vs supplied
files, then, because 'distclean' really must delete generated files.

But it turns out you do try to clean these files, it just doesn't work.
See below.  I've applied this, as well, to my tree:

        git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux.git modules-next

BTW, you missed a Signed-off-by: on your "MODSIGN: Use the same digest
for the autogen key sig as for the module sig" patch.  Please update.

Cheers,
Rusty.

>From 8921e2ede91f93dcdbd08fa6613f8458de5f8afe Mon Sep 17 00:00:00 2001
From: Rusty Russell <rusty@rustcorp.com.au>
Date: Tue, 2 Oct 2012 14:35:24 +0930
Subject: [PATCH] MODSIGN: Make mrproper should remove generated files.

It doesn't, because the clean targets don't include kernel/Makefile, and
because two files were missing from the list.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>

diff --git a/Makefile b/Makefile
index 1c88ec3..e70ebfe 100644
--- a/Makefile
+++ b/Makefile
@@ -995,7 +995,10 @@ MRPROPER_DIRS  += include/config usr/include include/generated          \
                   arch/*/include/generated
 MRPROPER_FILES += .config .config.old .version .old_version             \
                   include/linux/version.h                               \
-		  Module.symvers tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS
+		  Module.symvers tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS \
+		  signing_key.priv signing_key.x509 x509.genkey		\
+		  extra_certificates signing_key.x509.keyid		\
+		  signing_key.x509.signer
 
 # clean - Delete most, but leave enough to build external modules
 #
diff --git a/kernel/Makefile b/kernel/Makefile
index 86336c9..bb94783 100644
--- a/kernel/Makefile
+++ b/kernel/Makefile
@@ -216,4 +216,3 @@ x509.genkey:
 	@echo >>x509.genkey "subjectKeyIdentifier=hash"
 	@echo >>x509.genkey "authorityKeyIdentifier=keyid"
 endif
-CLEAN_FILES += signing_key.priv signing_key.x509 x509.genkey extra_certificates

next prev parent reply	other threads:[~2012-10-02  6:30 UTC|newest]

Thread overview: 47+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-09-25  0:07 [GIT PULL] Asymmetric keys and module signing David Howells
2012-09-25  0:11 ` David Howells
2012-09-25 15:09 ` Wrong system clock vs X.509 date specifiers David Howells
2012-09-25 15:30   ` Alan Cox
2012-09-25 15:35     ` David Howells
2012-09-25 15:43       ` Paolo Bonzini
2012-09-25 16:00       ` Alan Cox
2012-09-25 21:57         ` David Howells
2012-09-25 16:02       ` Tomas Mraz
2012-09-25 17:31         ` David Howells
2012-09-25 18:39           ` Tomas Mraz
2013-03-14 10:48     ` David Woodhouse
2013-03-14 12:24       ` [PATCH] Fix x509_key_preparse() not to reject keys outside their validity time range David Woodhouse
2013-03-19 21:06         ` Alexander Holler
2012-09-25 15:44 ` [GIT PULL] Asymmetric keys and module signing Kasatkin, Dmitry
2012-09-25 16:15   ` David Howells
2012-09-26  3:46 ` Rusty Russell
2012-09-26  9:09   ` David Howells
2012-09-27  0:12     ` Rusty Russell
2012-09-27  9:08       ` David Howells
2012-09-28  5:55         ` Rusty Russell
2012-09-28  8:13           ` David Howells
2012-09-28  5:58         ` [PATCH 1/2] modsign: don't use bashism in sh scripts Rusty Russell
2012-09-28  8:10           ` David Howells
2012-10-02  2:24             ` Rusty Russell
2012-09-28  5:59         ` [PATCH 2/2] modules: don't call eu-strip if it doesn't exist Rusty Russell
2012-09-28  8:11           ` David Howells
2012-09-28  6:05         ` [GIT PULL] Asymmetric keys and module signing Rusty Russell
2012-09-28  8:09           ` David Howells
2012-09-29  6:53             ` Rusty Russell
2012-09-29  7:13               ` David Howells
2012-10-01 20:41                 ` Josh Boyer
2012-10-02  3:28                   ` Rusty Russell
2012-10-02 12:17                     ` Josh Boyer
2012-09-29  7:16               ` David Howells
2012-10-02  6:12                 ` Rusty Russell [this message]
2012-10-02 14:07                   ` David Howells
2012-10-03 23:22                     ` Rusty Russell
2012-10-09 10:55                       ` Kasatkin, Dmitry
2012-10-10  9:37                         ` Rusty Russell
2012-09-28  9:23           ` David Howells
2012-09-28 10:31           ` David Howells
2012-10-03 17:50         ` [patch] MODSIGN: Fix build error with strict typechecking David Rientjes
2012-09-27  2:04   ` [GIT PULL] Asymmetric keys and module signing Mimi Zohar
2012-09-28  6:54     ` Rusty Russell
2012-09-28  6:27   ` Geert Uytterhoeven
2012-09-28  8:00     ` David Howells

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:1c88ec3 dfblob:e70ebfe dfblob:86336c9 dfblob:bb94783 )
 OR (
bs:"MODSIGN: Make mrproper should remove generated files." )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=874nmd4d2o.fsf@rustcorp.com.au \
    --to=rusty@rustcorp.com.au \
    --cc=dhowells@redhat.com \
    --cc=herbert@gondor.hengli.com.au \
    --cc=jwboyer@redhat.com \
    --cc=keyrings@linux-nfs.org \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=pjones@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox