#
27b5b22d |
| 11-Jun-2022 |
Masahiro Yamada <masahiroy@kernel.org> |
certs: fix and refactor CONFIG_SYSTEM_BLACKLIST_HASH_LIST build
Commit addf466389d9 ("certs: Check that builtin blacklist hashes are valid") was applied 8 months after the submission.
In the meanti
certs: fix and refactor CONFIG_SYSTEM_BLACKLIST_HASH_LIST build
Commit addf466389d9 ("certs: Check that builtin blacklist hashes are valid") was applied 8 months after the submission.
In the meantime, the base code had been removed by commit b8c96a6b466c ("certs: simplify $(srctree)/ handling and remove config_filename macro").
Fix the Makefile.
Create a local copy of $(CONFIG_SYSTEM_BLACKLIST_HASH_LIST). It is included from certs/blacklist_hashes.c and also works as a timestamp.
Send error messages from check-blacklist-hashes.awk to stderr instead of stdout.
Fixes: addf466389d9 ("certs: Check that builtin blacklist hashes are valid") Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Reviewed-by: Mickaël Salaün <mic@linux.microsoft.com> Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
show more ...
|
#
addf4663 |
| 12-Jul-2021 |
Mickaël Salaün <mic@linux.microsoft.com> |
certs: Check that builtin blacklist hashes are valid
Add and use a check-blacklist-hashes.awk script to make sure that the builtin blacklist hashes set with CONFIG_SYSTEM_BLACKLIST_HASH_LIST will ef
certs: Check that builtin blacklist hashes are valid
Add and use a check-blacklist-hashes.awk script to make sure that the builtin blacklist hashes set with CONFIG_SYSTEM_BLACKLIST_HASH_LIST will effectively be taken into account as blacklisted hashes. This is useful to debug invalid hash formats, and it make sure that previous hashes which could have been loaded in the kernel, but silently ignored, are now noticed and deal with by the user at kernel build time.
This also prevent stricter blacklist key description checking (provided by following commits) to failed for builtin hashes.
Update CONFIG_SYSTEM_BLACKLIST_HASH_LIST help to explain the content of a hash string and how to generate certificate ones.
Cc: David Howells <dhowells@redhat.com> Cc: David Woodhouse <dwmw2@infradead.org> Cc: Eric Snowberg <eric.snowberg@oracle.com> Cc: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com> Link: https://lore.kernel.org/r/20210712170313.884724-3-mic@digikod.net Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
show more ...
|
#
340a0253 |
| 14-Dec-2021 |
Masahiro Yamada <masahiroy@kernel.org> |
certs: move scripts/extract-cert to certs/
extract-cert is only used in certs/Makefile.
Move it there and build extract-cert on demand.
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
|
#
9009b455 |
| 30-Apr-2021 |
Masahiro Yamada <masahiroy@kernel.org> |
.gitignore: prefix local generated files with a slash
The pattern prefixed with '/' matches files in the same directory, but not ones in sub-directories.
Signed-off-by: Masahiro Yamada <masahiroy@k
.gitignore: prefix local generated files with a slash
The pattern prefixed with '/' matches files in the same directory, but not ones in sub-directories.
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> Acked-by: Miguel Ojeda <ojeda@kernel.org> Acked-by: Rob Herring <robh@kernel.org> Acked-by: Andra Paraschiv <andraprs@amazon.com> Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Acked-by: Gabriel Krisman Bertazi <krisman@collabora.com>
show more ...
|
#
81f20231 |
| 26-Apr-2021 |
Linus Torvalds <torvalds@linux-foundation.org> |
certs: add 'x509_revocation_list' to gitignore
Commit d1f044103dad ("certs: Add ability to preload revocation certs") created a new generated file for revocation certs, but didn't tell git to ignore
certs: add 'x509_revocation_list' to gitignore
Commit d1f044103dad ("certs: Add ability to preload revocation certs") created a new generated file for revocation certs, but didn't tell git to ignore it. Thus causing unnecessary "git status" noise after a kernel build with CONFIG_SYSTEM_REVOCATION_LIST enabled.
Add the proper gitignore magic.
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
show more ...
|
#
d198b34f |
| 03-Mar-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
.gitignore: add SPDX License Identifier
Add SPDX License Identifier to all .gitignore files.
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfou
.gitignore: add SPDX License Identifier
Add SPDX License Identifier to all .gitignore files.
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|
#
2985bed6 |
| 03-Mar-2020 |
Masahiro Yamada <masahiroy@kernel.org> |
.gitignore: remove too obvious comments
Some .gitignore files have comments like "Generated files", "Ignore generated files" at the header part, but they are too obvious.
Signed-off-by: Masahiro Ya
.gitignore: remove too obvious comments
Some .gitignore files have comments like "Generated files", "Ignore generated files" at the header part, but they are too obvious.
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
show more ...
|
#
48dbc164 |
| 21-Oct-2015 |
Paul Gortmaker <paul.gortmaker@windriver.com> |
certs: add .gitignore to stop git nagging about x509_certificate_list
Currently we see this in "git status" if we build in the source dir:
Untracked files: (use "git add <file>..." to include in
certs: add .gitignore to stop git nagging about x509_certificate_list
Currently we see this in "git status" if we build in the source dir:
Untracked files: (use "git add <file>..." to include in what will be committed)
certs/x509_certificate_list
It looks like it used to live in kernel/ so we squash that .gitignore entry at the same time. I didn't bother to dig through git history to see when it moved, since it is just a minor annoyance at most.
Cc: David Woodhouse <dwmw2@infradead.org> Cc: keyrings@linux-nfs.org Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> Signed-off-by: David Howells <dhowells@redhat.com>
show more ...
|