On 2016/04/26 10:02, Steven Rostedt wrote:
> On Sat, 2 Apr 2016 10:55:22 -0700
> Benjamin Poirier <bpoirier@xxxxxxxx> wrote:
>
> > When using `make localmodconfig` and friends, if the input config comes
> > from a kernel that was built in a different environment (for example, the
> > canonical case of using localmodconfig to trim a distribution kernel
> > config) the key files for module signature checking will not be available
> > and should be regenerated or omitted. Otherwise, the user will be faced
> > with annoying errors when trying to build with the generated .config:
> >
> > make[1]: *** No rule to make target 'keyring.crt', needed by 'certs/x509_certificate_list'. Stop.
> > Makefile:1576: recipe for target 'certs/' failed
> >
> > Signed-off-by: Benjamin Poirier <bpoirier@xxxxxxxx>
> > ---
> > scripts/kconfig/streamline_config.pl | 34 ++++++++++++++++++++++++++++++++++
> > 1 file changed, 34 insertions(+)
> >
> > diff --git a/scripts/kconfig/streamline_config.pl b/scripts/kconfig/streamline_config.pl
> > index 7036ae3..514735d 100755
> > --- a/scripts/kconfig/streamline_config.pl
> > +++ b/scripts/kconfig/streamline_config.pl
> > @@ -610,6 +610,40 @@ foreach my $line (@config_file) {
> > next;
> > }
> >
> > + if (/CONFIG_MODULE_SIG_KEY="(.+)"/) {
> > + my $orig_cert = $1;
> > + my $default_cert = "certs/signing_key.pem";
> > +
> > + # Check that the logic in this script still matches the one in Kconfig
> > + if (!defined($depends{"MODULE_SIG_KEY"}) ||
> > + $depends{"MODULE_SIG_KEY"} !~ /"\Q$default_cert\E"/) {
> > + die "Assertion failure, update needed";
>
> Instead of dieing here, what about just going back to the current
> behavior, and ignore the sig keys?
I was concerned that the warning may go unnoticed but I think you're right. It
is the same kind of concern between a BUG() or a WARN_ON(). In this case it
certainly is possible to keep going and ignore the certificate check, as you
suggest.
--
To unsubscribe from this list: send the line "unsubscribe linux-kbuild" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
