From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pf1-f181.google.com (mail-pf1-f181.google.com [209.85.210.181]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B6F5139183A for ; Wed, 8 Apr 2026 20:25:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.181 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775679921; cv=none; b=f6aiOJiCFF1OqMtOBfynsJgoJ8kqh2ysmHxP8bdbUh3NatxZH6Any85HzT0UDF9OMxvOWmSqLFT+BCRZuxOrP3Xo1lQrSWn9NJGDMNBZoYRUTIrzfyzLCyu+tVi8eILc5u9HCAQepSovgMr/QAA4WVoL4s65y1Pj1t5+0tkIyCM= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775679921; c=relaxed/simple; bh=YK2ErFGtqJmjNXRFUKyoD+PTGXRuF4JLe0eoAfWTn3o=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=lApEWLlNmmaR+0KqkrUDNh5if+OJdWW9jbYK81BQ6BXihi4PjvEqH2eixeb47t/hwB8XbkXWd8jjG1GCIjHcQxhL/ts6d+y77UMaRK7QxWGQi3X1UQeX0J3TZ3Vglxmkfa+JV0I+dRC9np/7GdtEgoqYdJARDBSh4/FeDlpEwXE= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=h+4CDHXV; arc=none smtp.client-ip=209.85.210.181 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="h+4CDHXV" Received: by mail-pf1-f181.google.com with SMTP id d2e1a72fcca58-82d0b68837aso133936b3a.2 for ; Wed, 08 Apr 2026 13:25:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20251104; t=1775679918; x=1776284718; darn=vger.kernel.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=qtez7uO2X5FjsGHqGis7qBChcDlylFjTSAlBvJbABwk=; b=h+4CDHXVKB5TtWWN1DQ4w19egGCrJEuQ7L2O729FNN6ypKu8RYyLM31dYGeETYo73t 9kUT/25ZSaplj+XAKaDnwuRMSaH11T+IrISdl4sCB/Rc29bS8EMC5uq230Y6jyErv4nZ 5EpYLz9phFMW6iXjY49RUCn6Fr++JRhzC0LeoBiZVY5LcvN+wQ8pE6I76QpP06vzYn/A /AxcW213j6RVOpULzBq9OaZNSK+NFtP3OBZoYz0XLnpYq1QfhZaHbAWHtPSfGL6Z5tvN qZYtwbk3D3dDQDDuakz7IwSijDpLnTTDhA0N4oDKUJ9ylmnDaeyH5V9yu2GQ8iZPimPY S7XQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775679918; x=1776284718; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-gg:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=qtez7uO2X5FjsGHqGis7qBChcDlylFjTSAlBvJbABwk=; b=W2z2jSceW6+BUfcyHsHcFYzo/9p3Rho1TQ0YYU1e1AgTeXKdD1D1aBUTv1d9x44nBO e1EjY4TlHpJUyiLrY6YcRQKgf6SJnV0gEwLOzxdD5iCK2CJWlWg6cjzz3BmAJ+RSjwTr hJ0kXU2HgUO5nFYtAakXTG+HSdtpEF4udOehPVbwjk6H3mJAwxW8RRclOznDFIfwVXK0 GXt3qmTHjBxOysykIDOz/3Xayy760Ra5Z0EFXVyJq2ZiVK+BXl40ZeEemkzdNka46fIo viqoclKqv9f4G4eq/J8/hISVO3KZK7pPUxLPw6XkZh8LX5XxhpW25XoRQkpmvWheUOw8 vFHw== X-Forwarded-Encrypted: i=1; AJvYcCW3k5yNcozzXWAkTde8mLt6tVULgsbqx7j4zhUdnZKAfQJKNa6cXzHDHI4QFE6uIYF5M76OKZHG8y0L934=@vger.kernel.org X-Gm-Message-State: AOJu0Yyspqp8cZn2s2uh4AtFdDOB90puYT/Lf3lZeAUGDNmQ6NXOxPx9 fe1nkn1HHFRm1uLE1tdD4hHhuRjRScSSs7yGkhJ4L1Wptp/K4vOJG1sjQhPAqbaG5Q== X-Gm-Gg: AeBDieusnvQmVJHrzgmzUvqdizuodY6PNq7axlUZpBaeY5TSBRTy02vatxYnXhokcwD DmSAIFWTv+hyZMDe6P5B9ErCKgql4wU/HTkfEmf7k8Meg02IIKFGROeLJyFhfOgHWJTyLSOjEky XfKcQEIuUaBZ2hsRQBgTIC/s49L+f6AESndOfl5deQiGrkX33rhZy8GGQLPEEOdqknNiU8M2xI9 AoOZ3J7+pxAPbC1XWR3fCnB9YdbGqKOaWGDXW5j3FJZ6Io51ox+z6F5t+0W0XWF6f8IqQwubBnD c9P8k6uB13A9DYVV17FTDtvMnkRZSUDWImD5hjsvyk4U1zSyj3SU0zBz7lQY+nHlPk5peH1pU8f OQSTcMsM0Vsk/chGkf66SoAMonwa72aHmSoS66annzkcx1mBW8z1DDHsG0w4Cvq1mYLQiCASrpU 5pihlUmKq3g211KfPqV3AUA0Lys7gy1d8xp8QHodNPpR4G8J7V0nDVsxuJM8SAMHUV X-Received: by 2002:a05:7022:40b:b0:12a:8ea4:252 with SMTP id a92af1059eb24-12c28b7f511mr541759c88.4.1775679917525; Wed, 08 Apr 2026 13:25:17 -0700 (PDT) Received: from google.com (78.93.125.34.bc.googleusercontent.com. [34.125.93.78]) by smtp.gmail.com with ESMTPSA id a92af1059eb24-12bfea5f860sm21165384c88.2.2026.04.08.13.25.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 08 Apr 2026 13:25:16 -0700 (PDT) Date: Wed, 8 Apr 2026 20:25:12 +0000 From: Nick Desaulniers To: Nathan Chancellor Cc: David Howells , David Woodhouse , Nick Desaulniers , Bill Wendling , Justin Stitt , keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, llvm@lists.linux.dev, stable@vger.kernel.org Subject: Re: [PATCH] extract-cert: Wrap key_pass with '#ifdef USE_PKCS11_ENGINE' Message-ID: References: <20260325-certs-extract-cert-key_pass-unused-but-set-global-v1-1-ecf94326d532@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20260325-certs-extract-cert-key_pass-unused-but-set-global-v1-1-ecf94326d532@kernel.org> On Wed, Mar 25, 2026 at 06:19:15PM -0700, Nathan Chancellor wrote: > A recent strengthening of -Wunused-but-set-variable (enabled with -Wall) > in clang under a new subwarning, -Wunused-but-set-global, points out an > unused static global variable in certs/extract-cert.c: > > certs/extract-cert.c:46:20: error: variable 'key_pass' set but not used [-Werror,-Wunused-but-set-global] > 46 | static const char *key_pass; > | ^ > > After commit 558bdc45dfb2 ("sign-file,extract-cert: use pkcs11 provider > for OPENSSL MAJOR >= 3"), key_pass is only used with the OpenSSL engine > API, not the new provider API. Wrap key_pass's declaration and > assignment with '#ifdef USE_PKCS11_ENGINE' so that it is only included > with its use to clear up the warning. While this is a little uglier than > just marking key_pass with the unused attribute, this will make it > easier to clean up all code associated with the use of the engine API if > it were ever removed in the future. While in the area, use a tab for > the key_pass assignment line to match the rest of the file. > > Cc: stable@vger.kernel.org > Fixes: 558bdc45dfb2 ("sign-file,extract-cert: use pkcs11 provider for OPENSSL MAJOR >= 3") > Signed-off-by: Nathan Chancellor Reviewed-by: Nick Desaulniers Tested-by: Nick Desaulniers > --- > I am taking a fix for a similar warning in modpost through the kbuild > tree so I don't mind picking this up with an appropriate Ack or it can > just go through the keyring tree, does not matter to me. > --- > certs/extract-cert.c | 6 +++++- > 1 file changed, 5 insertions(+), 1 deletion(-) > > diff --git a/certs/extract-cert.c b/certs/extract-cert.c > index 7d6d468ed612..54ecd1024274 100644 > --- a/certs/extract-cert.c > +++ b/certs/extract-cert.c > @@ -43,7 +43,9 @@ void format(void) > exit(2); > } > > +#ifdef USE_PKCS11_ENGINE > static const char *key_pass; > +#endif > static BIO *wb; > static char *cert_dst; > static bool verbose; > @@ -135,7 +137,9 @@ int main(int argc, char **argv) > if (verbose_env && strchr(verbose_env, '1')) > verbose = true; > > - key_pass = getenv("KBUILD_SIGN_PIN"); > +#ifdef USE_PKCS11_ENGINE > + key_pass = getenv("KBUILD_SIGN_PIN"); > +#endif > > if (argc != 3) > format(); > > --- > base-commit: d2a43e7f89da55d6f0f96aaadaa243f35557291e > change-id: 20260325-certs-extract-cert-key_pass-unused-but-set-global-23007ecfadf9 > > Best regards, > -- > Nathan Chancellor >