Re: [PATCH] MODSIGN: Fix including certificate twice when the signing_key.x509

From: Rusty Russell
Date: Wed Jan 15 2014 - 16:52:35 EST

Next message: Rusty Russell: "Re: [PATCH] scripts/gcc-version.sh: handle CC="gcc -m32""
Previous message: Rusty Russell: "Re: [PATCH net-next RFC] virtio-net: drop rq->max and rq->num"
In reply to: Lee, Chun-Yi: "[PATCH] MODSIGN: Fix including certificate twice when the signing_key.x509"
Next in thread: joeyli: "Re: [PATCH] MODSIGN: Fix including certificate twice when thesigning_key.x509"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Punting to David Howells...

Cheers,
Rusty.
"Lee, Chun-Yi" <joeyli.kernel@xxxxxxxxx> writes:
> From: Chun-Yi Lee <jlee@xxxxxxxx>
>
> This issue was found in devel-pekey branch on linux-modsign.git tree.
> The
> x509_certificate_list includes certificate twice when the
> signing_key.x509
> already exists.
> We can reproduce this issue by making kernel twice, the build log of
> second time looks like this:
>
> ...
> CHK kernel/config_data.h
> CERTS kernel/x509_certificate_list
> - Including cert /ramdisk/working/joey/linux-modsign/signing_key.x509
> - Including cert signing_key.x509
> ...
>
> Actually the build path was the same with the srctree path when building
> kernel. It causes the size of bzImage increased by packaging
> certificates
> twice.
>
> v2:
> Using '$(shell /bin/pwd)' instead of '$(shell pwd)' for more reliable
> between different shells

Hmm, that's not a great test for equality. How about:

ifneq ($(realpath .), $(realpath $(srctree)))

That should cover all the cases.

Cheers,
Rusty.

>
> Cc: Rusty Russell <rusty@xxxxxxxxxxxxxxx>
> Cc: Josh Boyer <jwboyer@xxxxxxxxxx>
> Cc: Randy Dunlap <rdunlap@xxxxxxxxxxxx>
> Cc: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
> Cc: "David S. Miller" <davem@xxxxxxxxxxxxx>
> Cc: Michal Marek <mmarek@xxxxxxxx>
> Signed-off-by: Chun-Yi Lee <jlee@xxxxxxxx>
> Signed-off-by: David Howells <dhowells@xxxxxxxxxx>
> ---
> kernel/Makefile | 5 ++++-
> 1 files changed, 4 insertions(+), 1 deletions(-)
>
> diff --git a/kernel/Makefile b/kernel/Makefile
> index bc010ee..582fa7a 100644
> --- a/kernel/Makefile
> +++ b/kernel/Makefile
> @@ -136,7 +136,10 @@ $(obj)/timeconst.h: $(obj)/hz.bc $(src)/timeconst.bc FORCE
> #
> ###############################################################################
> ifeq ($(CONFIG_SYSTEM_TRUSTED_KEYRING),y)
> -X509_CERTIFICATES-y := $(wildcard *.x509) $(wildcard $(srctree)/*.x509)
> +X509_CERTIFICATES-y := $(wildcard *.x509)
> +ifneq ($(shell /bin/pwd), $(srctree))
> +X509_CERTIFICATES-y += $(wildcard $(srctree)/*.x509)
> +endif
> X509_CERTIFICATES-$(CONFIG_MODULE_SIG) += $(objtree)/signing_key.x509
> X509_CERTIFICATES-raw := $(sort $(foreach CERT,$(X509_CERTIFICATES-y), \
> $(or $(realpath $(CERT)),$(CERT))))
> --
> 1.6.4.2
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Rusty Russell: "Re: [PATCH] scripts/gcc-version.sh: handle CC="gcc -m32""
Previous message: Rusty Russell: "Re: [PATCH net-next RFC] virtio-net: drop rq->max and rq->num"
In reply to: Lee, Chun-Yi: "[PATCH] MODSIGN: Fix including certificate twice when the signing_key.x509"
Next in thread: joeyli: "Re: [PATCH] MODSIGN: Fix including certificate twice when thesigning_key.x509"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]