On Tue, Nov 06, 2012 at 12:04:02PM +1030, Rusty Russell wrote: > Josh Boyer <[email protected]> writes: > > On Mon, Nov 05, 2012 at 12:31:39PM +1030, Rusty Russell wrote: > >> Josh Boyer <[email protected]> writes: > >> > diff --git a/Makefile b/Makefile > >> > index 14c93b3..7e27d51 100644 > >> > --- a/Makefile > >> > +++ b/Makefile > >> > @@ -722,8 +722,14 @@ export mod_strip_cmd > >> > ifeq ($(CONFIG_MODULE_SIG),y) > >> > MODSECKEY = ./signing_key.priv > >> > MODPUBKEY = ./signing_key.x509 > >> > +ifeq ($(KBUILD_EXTMOD),) > >> > +SIGNFAIL = false > >> > +else > >> > +# External builds might not have a signing key, don't break > >> > module_install. > >> > +SIGNFAIL = true > >> > +endif # KBUILD_EXTMOD > >> > export MODPUBKEY > >> > -mod_sign_cmd = perl $(srctree)/scripts/sign-file $(MODSECKEY) > >> > $(MODPUBKEY) > >> > +mod_sign_cmd = $(SIGNFAIL) || perl $(srctree)/scripts/sign-file > >> > $(MODSECKEY) $(MODPUBKEY) > >> > else > >> > mod_sign_cmd = true > >> > endif > >> > >> Huh? 'true || perl' never runs perl due to short circuiting. > > > > Ah. Maybe you were going for "sign all modules if keys are available, > > but don't break external if they aren't" semantics. I was just skipping > > it entirely for external modules. > > Exactly. This way you get warnings, not failure. You probably want > that, since you'll (at least) taint your kernel when you load those > modules. > > I've applied this in my fixes branch, will push to Linus later this > week.
Great. Thanks Rusty! josh -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
