subject:"\[PATCH\] MODSIGN\: Fix including certificate twice when the signing

Re: [PATCH] MODSIGN: Fix including certificate twice when the signing_key.x509 already exists

2013-02-22 Thread joeyli

Hi David, 

Thanks for your review and point out!

於 四，2013-02-21 於 14:16 +，David Howells 提到：
> > +ifneq ($(shell pwd), $(srctree))
> 
> How reliable is this, I wonder?
> 
> David
> 

My current shell is bash, and I tried the '$(shell pwd)' in Makefile
works for grab the REAL path when the build path is a symbolic links to
kernel source directory. Looks the '$(shell pwd)' in Makefile was call
'/bin/pwd' but not 'the shell builtin pwd'.

But, in case the behavior is different between shells, I think used
'$(shell /bin/pwd)' will be better for make sure we call /bin/pwd from
coreutils.

I will send a second version of this patch, please consider for accept
if we need this change.


Thanks a lot!
Joey Lee

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH] MODSIGN: Fix including certificate twice when the signing_key.x509 already exists

2013-02-22 Thread joeyli

Hi David, 

Thanks for your review and point out!

於 四，2013-02-21 於 14:16 +，David Howells 提到：
  +ifneq ($(shell pwd), $(srctree))
 
 How reliable is this, I wonder?
 
 David
 

My current shell is bash, and I tried the '$(shell pwd)' in Makefile
works for grab the REAL path when the build path is a symbolic links to
kernel source directory. Looks the '$(shell pwd)' in Makefile was call
'/bin/pwd' but not 'the shell builtin pwd'.

But, in case the behavior is different between shells, I think used
'$(shell /bin/pwd)' will be better for make sure we call /bin/pwd from
coreutils.

I will send a second version of this patch, please consider for accept
if we need this change.


Thanks a lot!
Joey Lee

--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH] MODSIGN: Fix including certificate twice when the signing_key.x509 already exists

2013-02-21 Thread David Howells


> +ifneq ($(shell pwd), $(srctree))

How reliable is this, I wonder?

David
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH] MODSIGN: Fix including certificate twice when the signing_key.x509 already exists

2013-02-21 Thread Chun-Yi Lee

This issue was found in devel-pekey branch on linux-modsign.git tree. The
x509_certificate_list includes certificate twice when the signing_key.x509
already exists.
We can reproduce this issue by making kernel twice, the build log of
second time looks like this:

...
  CHK kernel/config_data.h
  CERTS   kernel/x509_certificate_list
  - Including cert /ramdisk/working/joey/linux-modsign/signing_key.x509
  - Including cert signing_key.x509
...

Actually the build path was the same with the srctree path when building
kernel. It causes the size of bzImage increased by packaging certificates
twice.

Cc: David Howells 
Cc: Rusty Russell 
Cc: Josh Boyer 
Cc: Randy Dunlap 
Cc: Herbert Xu 
Cc: "David S. Miller" 
Cc: Michal Marek 
Signed-off-by: Chun-Yi Lee 
---
 kernel/Makefile |5 -
 1 files changed, 4 insertions(+), 1 deletions(-)

diff --git a/kernel/Makefile b/kernel/Makefile
index 0ca8c0a..ecbe73f 100644
--- a/kernel/Makefile
+++ b/kernel/Makefile
@@ -142,7 +142,10 @@ $(obj)/timeconst.h: $(src)/timeconst.pl FORCE
 #
 ###
 ifeq ($(CONFIG_SYSTEM_TRUSTED_KEYRING),y)
-X509_CERTIFICATES-y := $(wildcard *.x509) $(wildcard $(srctree)/*.x509)
+X509_CERTIFICATES-y := $(wildcard *.x509)
+ifneq ($(shell pwd), $(srctree))
+X509_CERTIFICATES-y += $(wildcard $(srctree)/*.x509)
+endif
 X509_CERTIFICATES-$(CONFIG_MODULE_SIG) += signing_key.x509
 X509_CERTIFICATES := $(sort $(X509_CERTIFICATES-y))
 
-- 
1.6.4.2

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH] MODSIGN: Fix including certificate twice when the signing_key.x509 already exists

2013-02-21 Thread Chun-Yi Lee

This issue was found in devel-pekey branch on linux-modsign.git tree. The
x509_certificate_list includes certificate twice when the signing_key.x509
already exists.
We can reproduce this issue by making kernel twice, the build log of
second time looks like this:

...
  CHK kernel/config_data.h
  CERTS   kernel/x509_certificate_list
  - Including cert /ramdisk/working/joey/linux-modsign/signing_key.x509
  - Including cert signing_key.x509
...

Actually the build path was the same with the srctree path when building
kernel. It causes the size of bzImage increased by packaging certificates
twice.

Cc: David Howells dhowe...@redhat.com
Cc: Rusty Russell ru...@rustcorp.com.au
Cc: Josh Boyer jwbo...@redhat.com
Cc: Randy Dunlap rdun...@xenotime.net
Cc: Herbert Xu herb...@gondor.apana.org.au
Cc: David S. Miller da...@davemloft.net
Cc: Michal Marek mma...@suse.com
Signed-off-by: Chun-Yi Lee j...@suse.com
---
 kernel/Makefile |5 -
 1 files changed, 4 insertions(+), 1 deletions(-)

diff --git a/kernel/Makefile b/kernel/Makefile
index 0ca8c0a..ecbe73f 100644
--- a/kernel/Makefile
+++ b/kernel/Makefile
@@ -142,7 +142,10 @@ $(obj)/timeconst.h: $(src)/timeconst.pl FORCE
 #
 ###
 ifeq ($(CONFIG_SYSTEM_TRUSTED_KEYRING),y)
-X509_CERTIFICATES-y := $(wildcard *.x509) $(wildcard $(srctree)/*.x509)
+X509_CERTIFICATES-y := $(wildcard *.x509)
+ifneq ($(shell pwd), $(srctree))
+X509_CERTIFICATES-y += $(wildcard $(srctree)/*.x509)
+endif
 X509_CERTIFICATES-$(CONFIG_MODULE_SIG) += signing_key.x509
 X509_CERTIFICATES := $(sort $(X509_CERTIFICATES-y))
 
-- 
1.6.4.2

--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH] MODSIGN: Fix including certificate twice when the signing_key.x509 already exists

2013-02-21 Thread David Howells


 +ifneq ($(shell pwd), $(srctree))

How reliable is this, I wonder?

David
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH] MODSIGN: Fix including certificate twice when the signing_key.x509 already exists

Re: [PATCH] MODSIGN: Fix including certificate twice when the signing_key.x509 already exists

Re: [PATCH] MODSIGN: Fix including certificate twice when the signing_key.x509 already exists

[PATCH] MODSIGN: Fix including certificate twice when the signing_key.x509 already exists

[PATCH] MODSIGN: Fix including certificate twice when the signing_key.x509 already exists

Re: [PATCH] MODSIGN: Fix including certificate twice when the signing_key.x509 already exists

6 matches

Site Navigation

Mail list logo

Footer information