This reverts commit 340a02535ee785c64c62a9c45706597a0139e972.
extract-cert is used outside certs/ by INTEGRITY_PLATFORM_KEYRING.
Signed-off-by: Nayna Jain <[email protected]>
---
MAINTAINERS | 1 +
certs/.gitignore | 1 -
certs/Makefile | 13 ++++---------
scripts/.gitignore | 1 +
scripts/Makefile | 11 +++++++++--
{certs => scripts}/extract-cert.c | 2 +-
scripts/remove-stale-files | 2 --
7 files changed, 16 insertions(+), 15 deletions(-)
rename {certs => scripts}/extract-cert.c (98%)
diff --git a/MAINTAINERS b/MAINTAINERS
index 05fd080b82f3..cf4cd22ca3a0 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -4471,6 +4471,7 @@ L: [email protected]
S: Maintained
F: Documentation/admin-guide/module-signing.rst
F: certs/
+F: scripts/extract-cert.c
F: scripts/sign-file.c
CFAG12864B LCD DRIVER
diff --git a/certs/.gitignore b/certs/.gitignore
index 9e42fe3e02f5..8c3763f80be3 100644
--- a/certs/.gitignore
+++ b/certs/.gitignore
@@ -1,4 +1,3 @@
# SPDX-License-Identifier: GPL-2.0-only
-/extract-cert
/x509_certificate_list
/x509_revocation_list
diff --git a/certs/Makefile b/certs/Makefile
index b92b6ff339d5..a4a6f6a78904 100644
--- a/certs/Makefile
+++ b/certs/Makefile
@@ -14,11 +14,11 @@ obj-$(CONFIG_SYSTEM_BLACKLIST_KEYRING) += blacklist_nohashes.o
endif
quiet_cmd_extract_certs = CERT $@
- cmd_extract_certs = $(obj)/extract-cert $(2) $@
+ cmd_extract_certs = scripts/extract-cert $(2) $@
$(obj)/system_certificates.o: $(obj)/x509_certificate_list
-$(obj)/x509_certificate_list: $(CONFIG_SYSTEM_TRUSTED_KEYS) $(obj)/extract-cert FORCE
+$(obj)/x509_certificate_list: $(CONFIG_SYSTEM_TRUSTED_KEYS) scripts/extract-cert FORCE
$(call if_changed,extract_certs,$(if $(CONFIG_SYSTEM_TRUSTED_KEYS),$<,""))
targets += x509_certificate_list
@@ -75,7 +75,7 @@ endif
$(obj)/system_certificates.o: $(obj)/signing_key.x509
-$(obj)/signing_key.x509: $(X509_DEP) $(obj)/extract-cert FORCE
+$(obj)/signing_key.x509: $(X509_DEP) scripts/extract-cert FORCE
$(call if_changed,extract_certs,$(if $(CONFIG_MODULE_SIG_KEY),$(if $(X509_DEP),$<,$(CONFIG_MODULE_SIG_KEY)),""))
endif # CONFIG_MODULE_SIG
@@ -83,12 +83,7 @@ targets += signing_key.x509
$(obj)/revocation_certificates.o: $(obj)/x509_revocation_list
-$(obj)/x509_revocation_list: $(CONFIG_SYSTEM_REVOCATION_KEYS) $(obj)/extract-cert FORCE
+$(obj)/x509_revocation_list: $(CONFIG_SYSTEM_REVOCATION_KEYS) scripts/extract-cert FORCE
$(call if_changed,extract_certs,$(if $(CONFIG_SYSTEM_REVOCATION_KEYS),$<,""))
targets += x509_revocation_list
-
-hostprogs := extract-cert
-
-HOSTCFLAGS_extract-cert.o = $(shell pkg-config --cflags libcrypto 2> /dev/null)
-HOSTLDLIBS_extract-cert = $(shell pkg-config --libs libcrypto 2> /dev/null || echo -lcrypto)
diff --git a/scripts/.gitignore b/scripts/.gitignore
index eed308bef604..e83c620ef52c 100644
--- a/scripts/.gitignore
+++ b/scripts/.gitignore
@@ -1,6 +1,7 @@
# SPDX-License-Identifier: GPL-2.0-only
/asn1_compiler
/bin2c
+/extract-cert
/insert-sys-cert
/kallsyms
/module.lds
diff --git a/scripts/Makefile b/scripts/Makefile
index ce5aa9030b74..cedc1f0e21d8 100644
--- a/scripts/Makefile
+++ b/scripts/Makefile
@@ -3,19 +3,26 @@
# scripts contains sources for various helper programs used throughout
# the kernel for the build process.
+CRYPTO_LIBS = $(shell pkg-config --libs libcrypto 2> /dev/null || echo -lcrypto)
+CRYPTO_CFLAGS = $(shell pkg-config --cflags libcrypto 2> /dev/null)
+
hostprogs-always-$(CONFIG_BUILD_BIN2C) += bin2c
hostprogs-always-$(CONFIG_KALLSYMS) += kallsyms
hostprogs-always-$(BUILD_C_RECORDMCOUNT) += recordmcount
hostprogs-always-$(CONFIG_BUILDTIME_TABLE_SORT) += sorttable
hostprogs-always-$(CONFIG_ASN1) += asn1_compiler
hostprogs-always-$(CONFIG_MODULE_SIG_FORMAT) += sign-file
+hostprogs-always-$(CONFIG_SYSTEM_TRUSTED_KEYRING) += extract-cert
hostprogs-always-$(CONFIG_SYSTEM_EXTRA_CERTIFICATE) += insert-sys-cert
+hostprogs-always-$(CONFIG_SYSTEM_REVOCATION_LIST) += extract-cert
HOSTCFLAGS_sorttable.o = -I$(srctree)/tools/include
HOSTLDLIBS_sorttable = -lpthread
HOSTCFLAGS_asn1_compiler.o = -I$(srctree)/include
-HOSTCFLAGS_sign-file.o = $(shell pkg-config --cflags libcrypto 2> /dev/null)
-HOSTLDLIBS_sign-file = $(shell pkg-config --libs libcrypto 2> /dev/null || echo -lcrypto)
+HOSTCFLAGS_sign-file.o = $(CRYPTO_CFLAGS)
+HOSTLDLIBS_sign-file = $(CRYPTO_LIBS)
+HOSTCFLAGS_extract-cert.o = $(CRYPTO_CFLAGS)
+HOSTLDLIBS_extract-cert = $(CRYPTO_LIBS)
ifdef CONFIG_UNWINDER_ORC
ifeq ($(ARCH),x86_64)
diff --git a/certs/extract-cert.c b/scripts/extract-cert.c
similarity index 98%
rename from certs/extract-cert.c
rename to scripts/extract-cert.c
index f7ef7862f207..3bc48c726c41 100644
--- a/certs/extract-cert.c
+++ b/scripts/extract-cert.c
@@ -29,7 +29,7 @@ static __attribute__((noreturn))
void format(void)
{
fprintf(stderr,
- "Usage: extract-cert <source> <dest>\n");
+ "Usage: scripts/extract-cert <source> <dest>\n");
exit(2);
}
diff --git a/scripts/remove-stale-files b/scripts/remove-stale-files
index 7adab4618035..80430b8fb617 100755
--- a/scripts/remove-stale-files
+++ b/scripts/remove-stale-files
@@ -39,5 +39,3 @@ if [ -n "${building_out_of_srctree}" ]; then
rm -f arch/parisc/boot/compressed/${f}
done
fi
-
-rm -f scripts/extract-cert
--
2.34.1
On 3/11/22 16:03, Nayna Jain wrote:
> This reverts commit 340a02535ee785c64c62a9c45706597a0139e972.
>
> extract-cert is used outside certs/ by INTEGRITY_PLATFORM_KEYRING.
Hi Masahiro,
Could you review and Ack this patch ?
Thanks & Regards,
- Nayna
>
> Signed-off-by: Nayna Jain <[email protected]>
> ---
> MAINTAINERS | 1 +
> certs/.gitignore | 1 -
> certs/Makefile | 13 ++++---------
> scripts/.gitignore | 1 +
> scripts/Makefile | 11 +++++++++--
> {certs => scripts}/extract-cert.c | 2 +-
> scripts/remove-stale-files | 2 --
> 7 files changed, 16 insertions(+), 15 deletions(-)
> rename {certs => scripts}/extract-cert.c (98%)
>
> diff --git a/MAINTAINERS b/MAINTAINERS
> index 05fd080b82f3..cf4cd22ca3a0 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -4471,6 +4471,7 @@ L: [email protected]
> S: Maintained
> F: Documentation/admin-guide/module-signing.rst
> F: certs/
> +F: scripts/extract-cert.c
> F: scripts/sign-file.c
>
> CFAG12864B LCD DRIVER
> diff --git a/certs/.gitignore b/certs/.gitignore
> index 9e42fe3e02f5..8c3763f80be3 100644
> --- a/certs/.gitignore
> +++ b/certs/.gitignore
> @@ -1,4 +1,3 @@
> # SPDX-License-Identifier: GPL-2.0-only
> -/extract-cert
> /x509_certificate_list
> /x509_revocation_list
> diff --git a/certs/Makefile b/certs/Makefile
> index b92b6ff339d5..a4a6f6a78904 100644
> --- a/certs/Makefile
> +++ b/certs/Makefile
> @@ -14,11 +14,11 @@ obj-$(CONFIG_SYSTEM_BLACKLIST_KEYRING) += blacklist_nohashes.o
> endif
>
> quiet_cmd_extract_certs = CERT $@
> - cmd_extract_certs = $(obj)/extract-cert $(2) $@
> + cmd_extract_certs = scripts/extract-cert $(2) $@
>
> $(obj)/system_certificates.o: $(obj)/x509_certificate_list
>
> -$(obj)/x509_certificate_list: $(CONFIG_SYSTEM_TRUSTED_KEYS) $(obj)/extract-cert FORCE
> +$(obj)/x509_certificate_list: $(CONFIG_SYSTEM_TRUSTED_KEYS) scripts/extract-cert FORCE
> $(call if_changed,extract_certs,$(if $(CONFIG_SYSTEM_TRUSTED_KEYS),$<,""))
>
> targets += x509_certificate_list
> @@ -75,7 +75,7 @@ endif
>
> $(obj)/system_certificates.o: $(obj)/signing_key.x509
>
> -$(obj)/signing_key.x509: $(X509_DEP) $(obj)/extract-cert FORCE
> +$(obj)/signing_key.x509: $(X509_DEP) scripts/extract-cert FORCE
> $(call if_changed,extract_certs,$(if $(CONFIG_MODULE_SIG_KEY),$(if $(X509_DEP),$<,$(CONFIG_MODULE_SIG_KEY)),""))
> endif # CONFIG_MODULE_SIG
>
> @@ -83,12 +83,7 @@ targets += signing_key.x509
>
> $(obj)/revocation_certificates.o: $(obj)/x509_revocation_list
>
> -$(obj)/x509_revocation_list: $(CONFIG_SYSTEM_REVOCATION_KEYS) $(obj)/extract-cert FORCE
> +$(obj)/x509_revocation_list: $(CONFIG_SYSTEM_REVOCATION_KEYS) scripts/extract-cert FORCE
> $(call if_changed,extract_certs,$(if $(CONFIG_SYSTEM_REVOCATION_KEYS),$<,""))
>
> targets += x509_revocation_list
> -
> -hostprogs := extract-cert
> -
> -HOSTCFLAGS_extract-cert.o = $(shell pkg-config --cflags libcrypto 2> /dev/null)
> -HOSTLDLIBS_extract-cert = $(shell pkg-config --libs libcrypto 2> /dev/null || echo -lcrypto)
> diff --git a/scripts/.gitignore b/scripts/.gitignore
> index eed308bef604..e83c620ef52c 100644
> --- a/scripts/.gitignore
> +++ b/scripts/.gitignore
> @@ -1,6 +1,7 @@
> # SPDX-License-Identifier: GPL-2.0-only
> /asn1_compiler
> /bin2c
> +/extract-cert
> /insert-sys-cert
> /kallsyms
> /module.lds
> diff --git a/scripts/Makefile b/scripts/Makefile
> index ce5aa9030b74..cedc1f0e21d8 100644
> --- a/scripts/Makefile
> +++ b/scripts/Makefile
> @@ -3,19 +3,26 @@
> # scripts contains sources for various helper programs used throughout
> # the kernel for the build process.
>
> +CRYPTO_LIBS = $(shell pkg-config --libs libcrypto 2> /dev/null || echo -lcrypto)
> +CRYPTO_CFLAGS = $(shell pkg-config --cflags libcrypto 2> /dev/null)
> +
> hostprogs-always-$(CONFIG_BUILD_BIN2C) += bin2c
> hostprogs-always-$(CONFIG_KALLSYMS) += kallsyms
> hostprogs-always-$(BUILD_C_RECORDMCOUNT) += recordmcount
> hostprogs-always-$(CONFIG_BUILDTIME_TABLE_SORT) += sorttable
> hostprogs-always-$(CONFIG_ASN1) += asn1_compiler
> hostprogs-always-$(CONFIG_MODULE_SIG_FORMAT) += sign-file
> +hostprogs-always-$(CONFIG_SYSTEM_TRUSTED_KEYRING) += extract-cert
> hostprogs-always-$(CONFIG_SYSTEM_EXTRA_CERTIFICATE) += insert-sys-cert
> +hostprogs-always-$(CONFIG_SYSTEM_REVOCATION_LIST) += extract-cert
>
> HOSTCFLAGS_sorttable.o = -I$(srctree)/tools/include
> HOSTLDLIBS_sorttable = -lpthread
> HOSTCFLAGS_asn1_compiler.o = -I$(srctree)/include
> -HOSTCFLAGS_sign-file.o = $(shell pkg-config --cflags libcrypto 2> /dev/null)
> -HOSTLDLIBS_sign-file = $(shell pkg-config --libs libcrypto 2> /dev/null || echo -lcrypto)
> +HOSTCFLAGS_sign-file.o = $(CRYPTO_CFLAGS)
> +HOSTLDLIBS_sign-file = $(CRYPTO_LIBS)
> +HOSTCFLAGS_extract-cert.o = $(CRYPTO_CFLAGS)
> +HOSTLDLIBS_extract-cert = $(CRYPTO_LIBS)
>
> ifdef CONFIG_UNWINDER_ORC
> ifeq ($(ARCH),x86_64)
> diff --git a/certs/extract-cert.c b/scripts/extract-cert.c
> similarity index 98%
> rename from certs/extract-cert.c
> rename to scripts/extract-cert.c
> index f7ef7862f207..3bc48c726c41 100644
> --- a/certs/extract-cert.c
> +++ b/scripts/extract-cert.c
> @@ -29,7 +29,7 @@ static __attribute__((noreturn))
> void format(void)
> {
> fprintf(stderr,
> - "Usage: extract-cert <source> <dest>\n");
> + "Usage: scripts/extract-cert <source> <dest>\n");
> exit(2);
> }
>
> diff --git a/scripts/remove-stale-files b/scripts/remove-stale-files
> index 7adab4618035..80430b8fb617 100755
> --- a/scripts/remove-stale-files
> +++ b/scripts/remove-stale-files
> @@ -39,5 +39,3 @@ if [ -n "${building_out_of_srctree}" ]; then
> rm -f arch/parisc/boot/compressed/${f}
> done
> fi
> -
> -rm -f scripts/extract-cert