This patch refactors the code as outlined in:
https://lore.kernel.org/linux-kbuild/CAK7LNAR-VXwHFEJqCcrFDZj+_4+Xd6oynbj_0eS8N504_ydmyw@mail.gmail.com/
First some patches refactor certs/Makefile. This Makefile is written
in a too complicated way.
I will revert cd8c917a56f20f48748dd43d9ae3caff51d5b987
after this lands in the upstream.
Masahiro Yamada (10):
certs: use $@ to simplify the key generation rule
certs: unify duplicated cmd_extract_certs and improve the log
certs: remove unneeded -I$(srctree) option for system_certificates.o
certs: refactor file cleaning
certs: remove misleading comments about GCC PR
kbuild: stop using config_filename in scripts/Makefile.modsign
certs: simplify $(srctree)/ handling and remove config_filename macro
kbuild: do not include include/config/auto.conf from shell scripts
kbuild: do not quote string values in include/config/auto.conf
microblaze: use built-in function to get CPU_{MAJOR,MINOR,REV}
Makefile | 6 +--
arch/arc/Makefile | 4 +-
arch/arc/boot/dts/Makefile | 4 +-
arch/h8300/boot/dts/Makefile | 6 +--
arch/microblaze/Makefile | 8 ++--
arch/nds32/boot/dts/Makefile | 7 +--
arch/nios2/boot/dts/Makefile | 2 +-
arch/openrisc/boot/dts/Makefile | 7 +--
arch/powerpc/boot/Makefile | 2 +-
arch/riscv/boot/dts/canaan/Makefile | 4 +-
arch/sh/boot/dts/Makefile | 4 +-
arch/xtensa/Makefile | 2 +-
arch/xtensa/boot/dts/Makefile | 5 +-
certs/Makefile | 48 ++++++-------------
drivers/acpi/Makefile | 2 +-
drivers/base/firmware_loader/builtin/Makefile | 4 +-
init/Makefile | 2 +-
net/wireless/Makefile | 4 +-
scripts/Kbuild.include | 47 ------------------
scripts/Makefile.modinst | 4 +-
scripts/gen_autoksyms.sh | 6 +--
scripts/kconfig/confdata.c | 2 +-
scripts/link-vmlinux.sh | 47 +++++++++---------
scripts/setlocalversion | 9 ++--
usr/Makefile | 2 +-
25 files changed, 74 insertions(+), 164 deletions(-)
--
2.32.0
Do not repeat $(obj)/signing_key.pem
Signed-off-by: Masahiro Yamada <[email protected]>
---
certs/Makefile | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/certs/Makefile b/certs/Makefile
index a702b70f3cb9..97fd6cc02972 100644
--- a/certs/Makefile
+++ b/certs/Makefile
@@ -61,8 +61,7 @@ keytype-$(CONFIG_MODULE_SIG_KEY_TYPE_ECDSA) := -newkey ec -pkeyopt ec_paramgen_c
quiet_cmd_gen_key = GENKEY $@
cmd_gen_key = openssl req -new -nodes -utf8 -$(CONFIG_MODULE_SIG_HASH) -days 36500 \
-batch -x509 -config $(obj)/x509.genkey \
- -outform PEM -out $(obj)/signing_key.pem \
- -keyout $(obj)/signing_key.pem $(keytype-y) 2>&1
+ -outform PEM -out $@ -keyout $@ $(keytype-y) 2>&1
$(obj)/signing_key.pem: $(obj)/x509.genkey FORCE
$(call if_changed,gen_key)
--
2.32.0
The complex macro, config_filename, was introduced to do:
[1] drop double-quotes from the string value
[2] add $(srctree)/ prefix in case the file is not found in $(objtree)
[3] escape spaces and more
[1] will be more generally handled by Kconfig later.
As for [2], Kbuild uses VPATH to search for files in $(objtree),
$(srctree) in this order. GNU Make can natively handle it.
As for [3], converting $(space) to $(space_escape) back and forth looks
questionable to me. It is well-known that GNU Make cannot handle file
paths with spaces in the first place.
Instead of using the complex macro, use $< so it will be expanded to
the file path of the key.
Remove config_filename, finally.
Signed-off-by: Masahiro Yamada <[email protected]>
---
certs/Makefile | 32 ++++++++++++----------------
scripts/Kbuild.include | 47 ------------------------------------------
2 files changed, 13 insertions(+), 66 deletions(-)
diff --git a/certs/Makefile b/certs/Makefile
index d21d1612b7fd..4bdff8fe8ee1 100644
--- a/certs/Makefile
+++ b/certs/Makefile
@@ -15,15 +15,12 @@ endif
quiet_cmd_extract_certs = CERT $@
cmd_extract_certs = scripts/extract-cert $(2) $@
-ifeq ($(CONFIG_SYSTEM_TRUSTED_KEYRING),y)
-
-$(eval $(call config_filename,SYSTEM_TRUSTED_KEYS))
-
$(obj)/system_certificates.o: $(obj)/x509_certificate_list
-$(obj)/x509_certificate_list: scripts/extract-cert $(SYSTEM_TRUSTED_KEYS_SRCPREFIX)$(SYSTEM_TRUSTED_KEYS_FILENAME) FORCE
- $(call if_changed,extract_certs,$(SYSTEM_TRUSTED_KEYS_SRCPREFIX)$(CONFIG_SYSTEM_TRUSTED_KEYS))
-endif # CONFIG_SYSTEM_TRUSTED_KEYRING
+CONFIG_SYSTEM_TRUSTED_KEYS := $(CONFIG_SYSTEM_TRUSTED_KEYS:"%"=%)
+
+$(obj)/x509_certificate_list: $(CONFIG_SYSTEM_TRUSTED_KEYS) scripts/extract-cert FORCE
+ $(call if_changed,extract_certs,$(if $(CONFIG_SYSTEM_TRUSTED_KEYS),$<,""))
targets += x509_certificate_list
@@ -72,29 +69,26 @@ $(obj)/x509.genkey:
endif # CONFIG_MODULE_SIG_KEY
-$(eval $(call config_filename,MODULE_SIG_KEY))
+CONFIG_MODULE_SIG_KEY := $(CONFIG_MODULE_SIG_KEY:"%"=%)
# If CONFIG_MODULE_SIG_KEY isn't a PKCS#11 URI, depend on it
-ifeq ($(patsubst pkcs11:%,%,$(firstword $(MODULE_SIG_KEY_FILENAME))),$(firstword $(MODULE_SIG_KEY_FILENAME)))
-X509_DEP := $(MODULE_SIG_KEY_SRCPREFIX)$(MODULE_SIG_KEY_FILENAME)
+ifneq ($(filter-out pkcs11:%, %(CONFIG_MODULE_SIG_KEY)),)
+X509_DEP := $(CONFIG_MODULE_SIG_KEY)
endif
$(obj)/system_certificates.o: $(obj)/signing_key.x509
-$(obj)/signing_key.x509: scripts/extract-cert $(X509_DEP) FORCE
- $(call if_changed,extract_certs,$(MODULE_SIG_KEY_SRCPREFIX)$(CONFIG_MODULE_SIG_KEY))
+$(obj)/signing_key.x509: $(X509_DEP) scripts/extract-cert FORCE
+ $(call if_changed,extract_certs,$(if $(X509_DEP),$<,$(CONFIG_MODULE_SIG_KEY)))
endif # CONFIG_MODULE_SIG
targets += signing_key.x509
-ifeq ($(CONFIG_SYSTEM_REVOCATION_LIST),y)
-
-$(eval $(call config_filename,SYSTEM_REVOCATION_KEYS))
-
$(obj)/revocation_certificates.o: $(obj)/x509_revocation_list
-$(obj)/x509_revocation_list: scripts/extract-cert $(SYSTEM_REVOCATION_KEYS_SRCPREFIX)$(SYSTEM_REVOCATION_KEYS_FILENAME) FORCE
- $(call if_changed,extract_certs,$(SYSTEM_REVOCATION_KEYS_SRCPREFIX)$(CONFIG_SYSTEM_REVOCATION_KEYS))
-endif
+CONFIG_SYSTEM_REVOCATION_KEYS := $(CONFIG_SYSTEM_REVOCATION_KEYS:"%"=%)
+
+$(obj)/x509_revocation_list: $(CONFIG_SYSTEM_REVOCATION_KEYS) scripts/extract-cert FORCE
+ $(call if_changed,extract_certs,$(if $(CONFIG_SYSTEM_REVOCATION_KEYS),$<,""))
targets += x509_revocation_list
diff --git a/scripts/Kbuild.include b/scripts/Kbuild.include
index cdec22088423..3514c2149e9d 100644
--- a/scripts/Kbuild.include
+++ b/scripts/Kbuild.include
@@ -195,53 +195,6 @@ why = \
echo-why = $(call escsq, $(strip $(why)))
endif
-###############################################################################
-#
-# When a Kconfig string contains a filename, it is suitable for
-# passing to shell commands. It is surrounded by double-quotes, and
-# any double-quotes or backslashes within it are escaped by
-# backslashes.
-#
-# This is no use for dependencies or $(wildcard). We need to strip the
-# surrounding quotes and the escaping from quotes and backslashes, and
-# we *do* need to escape any spaces in the string. So, for example:
-#
-# Usage: $(eval $(call config_filename,FOO))
-#
-# Defines FOO_FILENAME based on the contents of the CONFIG_FOO option,
-# transformed as described above to be suitable for use within the
-# makefile.
-#
-# Also, if the filename is a relative filename and exists in the source
-# tree but not the build tree, define FOO_SRCPREFIX as $(srctree)/ to
-# be prefixed to *both* command invocation and dependencies.
-#
-# Note: We also print the filenames in the quiet_cmd_foo text, and
-# perhaps ought to have a version specially escaped for that purpose.
-# But it's only cosmetic, and $(patsubst "%",%,$(CONFIG_FOO)) is good
-# enough. It'll strip the quotes in the common case where there's no
-# space and it's a simple filename, and it'll retain the quotes when
-# there's a space. There are some esoteric cases in which it'll print
-# the wrong thing, but we don't really care. The actual dependencies
-# and commands *do* get it right, with various combinations of single
-# and double quotes, backslashes and spaces in the filenames.
-#
-###############################################################################
-#
-define config_filename
-ifneq ($$(CONFIG_$(1)),"")
-$(1)_FILENAME := $$(subst \\,\,$$(subst \$$(quote),$$(quote),$$(subst $$(space_escape),\$$(space),$$(patsubst "%",%,$$(subst $$(space),$$(space_escape),$$(CONFIG_$(1)))))))
-ifneq ($$(patsubst /%,%,$$(firstword $$($(1)_FILENAME))),$$(firstword $$($(1)_FILENAME)))
-else
-ifeq ($$(wildcard $$($(1)_FILENAME)),)
-ifneq ($$(wildcard $$(srctree)/$$($(1)_FILENAME)),)
-$(1)_SRCPREFIX := $(srctree)/
-endif
-endif
-endif
-endif
-endef
-#
###############################################################################
# delete partially updated (i.e. corrupted) files on error
--
2.32.0
Use built-in functions instead of shell commands to avoid forking
processes.
Signed-off-by: Masahiro Yamada <[email protected]>
---
arch/microblaze/Makefile | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/arch/microblaze/Makefile b/arch/microblaze/Makefile
index a25e76d89e86..1826d9ce4459 100644
--- a/arch/microblaze/Makefile
+++ b/arch/microblaze/Makefile
@@ -6,9 +6,9 @@ UTS_SYSNAME = -DUTS_SYSNAME=\"Linux\"
# What CPU version are we building for, and crack it open
# as major.minor.rev
CPU_VER := $(CONFIG_XILINX_MICROBLAZE0_HW_VER)
-CPU_MAJOR := $(shell echo $(CPU_VER) | cut -d '.' -f 1)
-CPU_MINOR := $(shell echo $(CPU_VER) | cut -d '.' -f 2)
-CPU_REV := $(shell echo $(CPU_VER) | cut -d '.' -f 3)
+CPU_MAJOR := $(word 1, $(subst ., , $(CPU_VER)))
+CPU_MINOR := $(word 2, $(subst ., , $(CPU_VER)))
+CPU_REV := $(word 3, $(subst ., , $(CPU_VER)))
export CPU_VER CPU_MAJOR CPU_MINOR CPU_REV
--
2.32.0
Toward the goal of removing the config_filename macro, drop
the double-quotes and add $(srctree)/ prefix in an ad hoc way.
Signed-off-by: Masahiro Yamada <[email protected]>
---
scripts/Makefile.modinst | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/scripts/Makefile.modinst b/scripts/Makefile.modinst
index ff9b09e4cfca..df7e3d578ef5 100644
--- a/scripts/Makefile.modinst
+++ b/scripts/Makefile.modinst
@@ -66,9 +66,10 @@ endif
# Don't stop modules_install even if we can't sign external modules.
#
ifeq ($(CONFIG_MODULE_SIG_ALL),y)
+CONFIG_MODULE_SIG_KEY := $(CONFIG_MODULE_SIG_KEY:"%"=%)
+sig-key := $(if $(wildcard $(CONFIG_MODULE_SIG_KEY)),,$(srctree)/)$(CONFIG_MODULE_SIG_KEY)
quiet_cmd_sign = SIGN $@
-$(eval $(call config_filename,MODULE_SIG_KEY))
- cmd_sign = scripts/sign-file $(CONFIG_MODULE_SIG_HASH) $(MODULE_SIG_KEY_SRCPREFIX)$(CONFIG_MODULE_SIG_KEY) certs/signing_key.x509 $@ \
+ cmd_sign = scripts/sign-file $(CONFIG_MODULE_SIG_HASH) $(sig-key) certs/signing_key.x509 $@ \
$(if $(KBUILD_EXTMOD),|| true)
else
quiet_cmd_sign :=
--
2.32.0
The previous commit fixed up all shell scripts to not include
include/config/auto.conf.
Now that include/config/auto.conf is only included by Makefiles,
we can change it into a more Make-friendly form.
Previously, Kconfig output string values enclosed with double-quotes
(both in the .config and include/config/auto.conf):
CONFIG_X="foo bar"
Unlike shell, Make handles double-quotes (and single-quotes as well)
verbatim. We must rip them off when used.
There are some patterns:
[1] $(patsubst "%",%,$(CONFIG_X))
[2] $(CONFIG_X:"%"=%)
[3] $(subst ",,$(CONFIG_X))
[4] $(shell echo $(CONFIG_X))
These are not only ugly, but also fragile.
[1] and [2] do not work if the value contains spaces, like
CONFIG_X=" foo bar "
[3] does not work correctly if the value contains double-quotes like
CONFIG_X="foo\"bar"
[4] seems to work better, but has a cost of forking a process.
Anyway, quoted strings were always PITA for our Makefiles.
This commit changes Kconfig to stop quoting in include/config/auto.conf.
These are the string type symbols referenced in Makefiles or scripts:
ACPI_CUSTOM_DSDT_FILE
ARC_BUILTIN_DTB_NAME
ARC_TUNE_MCPU
BUILTIN_DTB_SOURCE
CC_IMPLICIT_FALLTHROUGH
CC_VERSION_TEXT
CFG80211_EXTRA_REGDB_KEYDIR
EXTRA_FIRMWARE
EXTRA_FIRMWARE_DIR
EXTRA_TARGETS
H8300_BUILTIN_DTB
INITRAMFS_SOURCE
LOCALVERSION
MODULE_SIG_HASH
MODULE_SIG_KEY
NDS32_BUILTIN_DTB
NIOS2_DTB_SOURCE
OPENRISC_BUILTIN_DTB
SOC_CANAAN_K210_DTB_SOURCE
SYSTEM_BLACKLIST_HASH_LIST
SYSTEM_REVOCATION_KEYS
SYSTEM_TRUSTED_KEYS
TARGET_CPU
UNUSED_KSYMS_WHITELIST
XILINX_MICROBLAZE0_FAMILY
XILINX_MICROBLAZE0_HW_VER
XTENSA_VARIANT_NAME
I checked them one by one, and fixed up the code where necessary.
Signed-off-by: Masahiro Yamada <[email protected]>
---
Makefile | 4 ++--
arch/arc/Makefile | 4 ++--
arch/arc/boot/dts/Makefile | 4 ++--
arch/h8300/boot/dts/Makefile | 6 +-----
arch/microblaze/Makefile | 2 +-
arch/nds32/boot/dts/Makefile | 7 +------
arch/nios2/boot/dts/Makefile | 2 +-
arch/openrisc/boot/dts/Makefile | 7 +------
arch/powerpc/boot/Makefile | 2 +-
arch/riscv/boot/dts/canaan/Makefile | 4 +---
arch/sh/boot/dts/Makefile | 4 +---
arch/xtensa/Makefile | 2 +-
arch/xtensa/boot/dts/Makefile | 5 +----
certs/Makefile | 10 ++--------
drivers/acpi/Makefile | 2 +-
drivers/base/firmware_loader/builtin/Makefile | 4 ++--
init/Makefile | 2 +-
net/wireless/Makefile | 4 ++--
scripts/Makefile.modinst | 1 -
scripts/gen_autoksyms.sh | 2 +-
scripts/kconfig/confdata.c | 2 +-
scripts/setlocalversion | 2 +-
usr/Makefile | 2 +-
23 files changed, 28 insertions(+), 56 deletions(-)
diff --git a/Makefile b/Makefile
index 4e8ac0730f51..aa4e5dc12049 100644
--- a/Makefile
+++ b/Makefile
@@ -1729,9 +1729,9 @@ PHONY += prepare
# now expand this into a simple variable to reduce the cost of shell evaluations
prepare: CC_VERSION_TEXT := $(CC_VERSION_TEXT)
prepare:
- @if [ "$(CC_VERSION_TEXT)" != $(CONFIG_CC_VERSION_TEXT) ]; then \
+ @if [ "$(CC_VERSION_TEXT)" != "$(CONFIG_CC_VERSION_TEXT)" ]; then \
echo >&2 "warning: the compiler differs from the one used to build the kernel"; \
- echo >&2 " The kernel was built by: "$(CONFIG_CC_VERSION_TEXT); \
+ echo >&2 " The kernel was built by: $(CONFIG_CC_VERSION_TEXT)"; \
echo >&2 " You are using: $(CC_VERSION_TEXT)"; \
fi
diff --git a/arch/arc/Makefile b/arch/arc/Makefile
index f252e7b924e9..efc54f3e35e0 100644
--- a/arch/arc/Makefile
+++ b/arch/arc/Makefile
@@ -14,10 +14,10 @@ cflags-y += -fno-common -pipe -fno-builtin -mmedium-calls -D__linux__
tune-mcpu-def-$(CONFIG_ISA_ARCOMPACT) := -mcpu=arc700
tune-mcpu-def-$(CONFIG_ISA_ARCV2) := -mcpu=hs38
-ifeq ($(CONFIG_ARC_TUNE_MCPU),"")
+ifeq ($(CONFIG_ARC_TUNE_MCPU),)
cflags-y += $(tune-mcpu-def-y)
else
-tune-mcpu := $(shell echo $(CONFIG_ARC_TUNE_MCPU))
+tune-mcpu := $(CONFIG_ARC_TUNE_MCPU)
ifneq ($(call cc-option,$(tune-mcpu)),)
cflags-y += $(tune-mcpu)
else
diff --git a/arch/arc/boot/dts/Makefile b/arch/arc/boot/dts/Makefile
index 8483a86c743d..4237aa5de3a3 100644
--- a/arch/arc/boot/dts/Makefile
+++ b/arch/arc/boot/dts/Makefile
@@ -2,8 +2,8 @@
# Built-in dtb
builtindtb-y := nsim_700
-ifneq ($(CONFIG_ARC_BUILTIN_DTB_NAME),"")
- builtindtb-y := $(patsubst "%",%,$(CONFIG_ARC_BUILTIN_DTB_NAME))
+ifneq ($(CONFIG_ARC_BUILTIN_DTB_NAME),)
+ builtindtb-y := $(CONFIG_ARC_BUILTIN_DTB_NAME)
endif
obj-y += $(builtindtb-y).dtb.o
diff --git a/arch/h8300/boot/dts/Makefile b/arch/h8300/boot/dts/Makefile
index 69fcd817892c..c36bbd1f2592 100644
--- a/arch/h8300/boot/dts/Makefile
+++ b/arch/h8300/boot/dts/Makefile
@@ -1,9 +1,5 @@
# SPDX-License-Identifier: GPL-2.0
-ifneq '$(CONFIG_H8300_BUILTIN_DTB)' '""'
-BUILTIN_DTB := $(patsubst "%",%,$(CONFIG_H8300_BUILTIN_DTB)).dtb.o
-endif
-
-obj-y += $(BUILTIN_DTB)
+obj-y += $(addsuffix .dtb.o, $(CONFIG_H8300_BUILTIN_DTB))
dtb-$(CONFIG_H8300H_SIM) := h8300h_sim.dtb
dtb-$(CONFIG_H8S_SIM) := h8s_sim.dtb
diff --git a/arch/microblaze/Makefile b/arch/microblaze/Makefile
index e775a696aa6f..a25e76d89e86 100644
--- a/arch/microblaze/Makefile
+++ b/arch/microblaze/Makefile
@@ -5,7 +5,7 @@ UTS_SYSNAME = -DUTS_SYSNAME=\"Linux\"
# What CPU version are we building for, and crack it open
# as major.minor.rev
-CPU_VER := $(shell echo $(CONFIG_XILINX_MICROBLAZE0_HW_VER))
+CPU_VER := $(CONFIG_XILINX_MICROBLAZE0_HW_VER)
CPU_MAJOR := $(shell echo $(CPU_VER) | cut -d '.' -f 1)
CPU_MINOR := $(shell echo $(CPU_VER) | cut -d '.' -f 2)
CPU_REV := $(shell echo $(CPU_VER) | cut -d '.' -f 3)
diff --git a/arch/nds32/boot/dts/Makefile b/arch/nds32/boot/dts/Makefile
index f84bd529b6fd..4fc69562eae8 100644
--- a/arch/nds32/boot/dts/Makefile
+++ b/arch/nds32/boot/dts/Makefile
@@ -1,7 +1,2 @@
# SPDX-License-Identifier: GPL-2.0-only
-ifneq '$(CONFIG_NDS32_BUILTIN_DTB)' '""'
-BUILTIN_DTB := $(patsubst "%",%,$(CONFIG_NDS32_BUILTIN_DTB)).dtb.o
-else
-BUILTIN_DTB :=
-endif
-obj-$(CONFIG_OF) += $(BUILTIN_DTB)
+obj-$(CONFIG_OF) += $(addsuffix .dtb.o, $(CONFIG_NDS32_BUILTIN_DTB))
diff --git a/arch/nios2/boot/dts/Makefile b/arch/nios2/boot/dts/Makefile
index a91a0b09be63..e9e31bb40df8 100644
--- a/arch/nios2/boot/dts/Makefile
+++ b/arch/nios2/boot/dts/Makefile
@@ -1,6 +1,6 @@
# SPDX-License-Identifier: GPL-2.0
-obj-y := $(patsubst "%.dts",%.dtb.o,$(CONFIG_NIOS2_DTB_SOURCE))
+obj-y := $(patsubst %.dts,%.dtb.o,$(CONFIG_NIOS2_DTB_SOURCE))
dtstree := $(srctree)/$(src)
dtb-$(CONFIG_OF_ALL_DTBS) := $(patsubst $(dtstree)/%.dts,%.dtb, $(wildcard $(dtstree)/*.dts))
diff --git a/arch/openrisc/boot/dts/Makefile b/arch/openrisc/boot/dts/Makefile
index 17dd791a833f..13db5a2aab52 100644
--- a/arch/openrisc/boot/dts/Makefile
+++ b/arch/openrisc/boot/dts/Makefile
@@ -1,9 +1,4 @@
# SPDX-License-Identifier: GPL-2.0
-ifneq '$(CONFIG_OPENRISC_BUILTIN_DTB)' '""'
-BUILTIN_DTB := $(patsubst "%",%,$(CONFIG_OPENRISC_BUILTIN_DTB)).dtb.o
-else
-BUILTIN_DTB :=
-endif
-obj-y += $(BUILTIN_DTB)
+obj-y += $(addsuffix .dtb.o, $(CONFIG_OPENRISC_BUILTIN_DTB))
#DTC_FLAGS ?= -p 1024
diff --git a/arch/powerpc/boot/Makefile b/arch/powerpc/boot/Makefile
index 9993c6256ad2..4b4827c475c6 100644
--- a/arch/powerpc/boot/Makefile
+++ b/arch/powerpc/boot/Makefile
@@ -365,7 +365,7 @@ image-$(CONFIG_PPC_PMAC) += zImage.coff zImage.miboot
endif
# Allow extra targets to be added to the defconfig
-image-y += $(subst ",,$(CONFIG_EXTRA_TARGETS))
+image-y += $(CONFIG_EXTRA_TARGETS)
initrd- := $(patsubst zImage%, zImage.initrd%, $(image-))
initrd-y := $(patsubst zImage%, zImage.initrd%, \
diff --git a/arch/riscv/boot/dts/canaan/Makefile b/arch/riscv/boot/dts/canaan/Makefile
index 9ee7156c0c31..c61b08ac8554 100644
--- a/arch/riscv/boot/dts/canaan/Makefile
+++ b/arch/riscv/boot/dts/canaan/Makefile
@@ -1,5 +1,3 @@
# SPDX-License-Identifier: GPL-2.0
-ifneq ($(CONFIG_SOC_CANAAN_K210_DTB_SOURCE),"")
-dtb-y += $(strip $(shell echo $(CONFIG_SOC_CANAAN_K210_DTB_SOURCE))).dtb
+dtb-$(CONFIG_SOC_CANAAN_K210_DTB_BUILTIN) += $(addsuffix .dtb, $(CONFIG_SOC_CANAAN_K210_DTB_SOURCE))
obj-$(CONFIG_SOC_CANAAN_K210_DTB_BUILTIN) += $(addsuffix .o, $(dtb-y))
-endif
diff --git a/arch/sh/boot/dts/Makefile b/arch/sh/boot/dts/Makefile
index c17d65b82abe..4a6dec9714a9 100644
--- a/arch/sh/boot/dts/Makefile
+++ b/arch/sh/boot/dts/Makefile
@@ -1,4 +1,2 @@
# SPDX-License-Identifier: GPL-2.0-only
-ifneq ($(CONFIG_BUILTIN_DTB_SOURCE),"")
-obj-$(CONFIG_USE_BUILTIN_DTB) += $(patsubst "%",%,$(CONFIG_BUILTIN_DTB_SOURCE)).dtb.o
-endif
+obj-$(CONFIG_USE_BUILTIN_DTB) += $(addsuffix .dtb.o, $(CONFIG_BUILTIN_DTB_SOURCE))
diff --git a/arch/xtensa/Makefile b/arch/xtensa/Makefile
index 9778216d6e09..ee2769519eaf 100644
--- a/arch/xtensa/Makefile
+++ b/arch/xtensa/Makefile
@@ -12,7 +12,7 @@
# Core configuration.
# (Use VAR=<xtensa_config> to use another default compiler.)
-variant-y := $(patsubst "%",%,$(CONFIG_XTENSA_VARIANT_NAME))
+variant-y := $(CONFIG_XTENSA_VARIANT_NAME)
VARIANT = $(variant-y)
diff --git a/arch/xtensa/boot/dts/Makefile b/arch/xtensa/boot/dts/Makefile
index 0b8d00cdae7c..720628c0d8b9 100644
--- a/arch/xtensa/boot/dts/Makefile
+++ b/arch/xtensa/boot/dts/Makefile
@@ -7,10 +7,7 @@
#
#
-BUILTIN_DTB_SOURCE := $(patsubst "%",%,$(CONFIG_BUILTIN_DTB_SOURCE)).dtb.o
-ifneq ($(CONFIG_BUILTIN_DTB_SOURCE),"")
-obj-$(CONFIG_OF) += $(BUILTIN_DTB_SOURCE)
-endif
+obj-$(CONFIG_OF) += $(addsuffix .dtb.o, $(CONFIG_BUILTIN_DTB_SOURCE))
# for CONFIG_OF_ALL_DTBS test
dtstree := $(srctree)/$(src)
diff --git a/certs/Makefile b/certs/Makefile
index 4bdff8fe8ee1..fb44ca509ebe 100644
--- a/certs/Makefile
+++ b/certs/Makefile
@@ -6,7 +6,7 @@
obj-$(CONFIG_SYSTEM_TRUSTED_KEYRING) += system_keyring.o system_certificates.o common.o
obj-$(CONFIG_SYSTEM_BLACKLIST_KEYRING) += blacklist.o common.o
obj-$(CONFIG_SYSTEM_REVOCATION_LIST) += revocation_certificates.o
-ifneq ($(CONFIG_SYSTEM_BLACKLIST_HASH_LIST),"")
+ifneq ($(CONFIG_SYSTEM_BLACKLIST_HASH_LIST),)
obj-$(CONFIG_SYSTEM_BLACKLIST_KEYRING) += blacklist_hashes.o
else
obj-$(CONFIG_SYSTEM_BLACKLIST_KEYRING) += blacklist_nohashes.o
@@ -17,8 +17,6 @@ quiet_cmd_extract_certs = CERT $@
$(obj)/system_certificates.o: $(obj)/x509_certificate_list
-CONFIG_SYSTEM_TRUSTED_KEYS := $(CONFIG_SYSTEM_TRUSTED_KEYS:"%"=%)
-
$(obj)/x509_certificate_list: $(CONFIG_SYSTEM_TRUSTED_KEYS) scripts/extract-cert FORCE
$(call if_changed,extract_certs,$(if $(CONFIG_SYSTEM_TRUSTED_KEYS),$<,""))
@@ -46,7 +44,7 @@ ifdef SIGN_KEY
# We do it this way rather than having a boolean option for enabling an
# external private key, because 'make randconfig' might enable such a
# boolean option and we unfortunately can't make it depend on !RANDCONFIG.
-ifeq ($(CONFIG_MODULE_SIG_KEY),"certs/signing_key.pem")
+ifeq ($(CONFIG_MODULE_SIG_KEY),certs/signing_key.pem)
keytype-$(CONFIG_MODULE_SIG_KEY_TYPE_ECDSA) := -newkey ec -pkeyopt ec_paramgen_curve:secp384r1
@@ -69,8 +67,6 @@ $(obj)/x509.genkey:
endif # CONFIG_MODULE_SIG_KEY
-CONFIG_MODULE_SIG_KEY := $(CONFIG_MODULE_SIG_KEY:"%"=%)
-
# If CONFIG_MODULE_SIG_KEY isn't a PKCS#11 URI, depend on it
ifneq ($(filter-out pkcs11:%, %(CONFIG_MODULE_SIG_KEY)),)
X509_DEP := $(CONFIG_MODULE_SIG_KEY)
@@ -86,8 +82,6 @@ targets += signing_key.x509
$(obj)/revocation_certificates.o: $(obj)/x509_revocation_list
-CONFIG_SYSTEM_REVOCATION_KEYS := $(CONFIG_SYSTEM_REVOCATION_KEYS:"%"=%)
-
$(obj)/x509_revocation_list: $(CONFIG_SYSTEM_REVOCATION_KEYS) scripts/extract-cert FORCE
$(call if_changed,extract_certs,$(if $(CONFIG_SYSTEM_REVOCATION_KEYS),$<,""))
diff --git a/drivers/acpi/Makefile b/drivers/acpi/Makefile
index 3018714e87d9..da0cdd1e9380 100644
--- a/drivers/acpi/Makefile
+++ b/drivers/acpi/Makefile
@@ -9,7 +9,7 @@ ccflags-$(CONFIG_ACPI_DEBUG) += -DACPI_DEBUG_OUTPUT
# ACPI Boot-Time Table Parsing
#
ifeq ($(CONFIG_ACPI_CUSTOM_DSDT),y)
-tables.o: $(src)/../../include/$(subst $\",,$(CONFIG_ACPI_CUSTOM_DSDT_FILE)) ;
+tables.o: $(src)/../../include/$(CONFIG_ACPI_CUSTOM_DSDT_FILE) ;
endif
diff --git a/drivers/base/firmware_loader/builtin/Makefile b/drivers/base/firmware_loader/builtin/Makefile
index eb4be452062a..6c067dedc01e 100644
--- a/drivers/base/firmware_loader/builtin/Makefile
+++ b/drivers/base/firmware_loader/builtin/Makefile
@@ -3,10 +3,10 @@ obj-y += main.o
# Create $(fwdir) from $(CONFIG_EXTRA_FIRMWARE_DIR) -- if it doesn't have a
# leading /, it's relative to $(srctree).
-fwdir := $(subst $(quote),,$(CONFIG_EXTRA_FIRMWARE_DIR))
+fwdir := $(CONFIG_EXTRA_FIRMWARE_DIR)
fwdir := $(addprefix $(srctree)/,$(filter-out /%,$(fwdir)))$(filter /%,$(fwdir))
-firmware := $(addsuffix .gen.o, $(subst $(quote),,$(CONFIG_EXTRA_FIRMWARE)))
+firmware := $(addsuffix .gen.o, $(CONFIG_EXTRA_FIRMWARE))
obj-y += $(firmware)
FWNAME = $(patsubst $(obj)/%.gen.S,%,$@)
diff --git a/init/Makefile b/init/Makefile
index 04eeee12c076..06326e304384 100644
--- a/init/Makefile
+++ b/init/Makefile
@@ -31,7 +31,7 @@ quiet_cmd_compile.h = CHK $@
cmd_compile.h = \
$(CONFIG_SHELL) $(srctree)/scripts/mkcompile_h $@ \
"$(UTS_MACHINE)" "$(CONFIG_SMP)" "$(CONFIG_PREEMPT_BUILD)" \
- "$(CONFIG_PREEMPT_RT)" $(CONFIG_CC_VERSION_TEXT) "$(LD)"
+ "$(CONFIG_PREEMPT_RT)" "$(CONFIG_CC_VERSION_TEXT)" "$(LD)"
include/generated/compile.h: FORCE
$(call cmd,compile.h)
diff --git a/net/wireless/Makefile b/net/wireless/Makefile
index 756e7de7e33f..1e9be50469ce 100644
--- a/net/wireless/Makefile
+++ b/net/wireless/Makefile
@@ -33,8 +33,8 @@ $(obj)/shipped-certs.c: $(wildcard $(srctree)/$(src)/certs/*.hex)
echo 'unsigned int shipped_regdb_certs_len = sizeof(shipped_regdb_certs);'; \
) > $@
-$(obj)/extra-certs.c: $(CONFIG_CFG80211_EXTRA_REGDB_KEYDIR:"%"=%) \
- $(wildcard $(CONFIG_CFG80211_EXTRA_REGDB_KEYDIR:"%"=%)/*.x509)
+$(obj)/extra-certs.c: $(CONFIG_CFG80211_EXTRA_REGDB_KEYDI) \
+ $(wildcard $(CONFIG_CFG80211_EXTRA_REGDB_KEYDIR)/*.x509)
@$(kecho) " GEN $@"
$(Q)(set -e; \
allf=""; \
diff --git a/scripts/Makefile.modinst b/scripts/Makefile.modinst
index df7e3d578ef5..c2c43a0ecfe0 100644
--- a/scripts/Makefile.modinst
+++ b/scripts/Makefile.modinst
@@ -66,7 +66,6 @@ endif
# Don't stop modules_install even if we can't sign external modules.
#
ifeq ($(CONFIG_MODULE_SIG_ALL),y)
-CONFIG_MODULE_SIG_KEY := $(CONFIG_MODULE_SIG_KEY:"%"=%)
sig-key := $(if $(wildcard $(CONFIG_MODULE_SIG_KEY)),,$(srctree)/)$(CONFIG_MODULE_SIG_KEY)
quiet_cmd_sign = SIGN $@
cmd_sign = scripts/sign-file $(CONFIG_MODULE_SIG_HASH) $(sig-key) certs/signing_key.x509 $@ \
diff --git a/scripts/gen_autoksyms.sh b/scripts/gen_autoksyms.sh
index 12ffb01f13cb..31872d95468b 100755
--- a/scripts/gen_autoksyms.sh
+++ b/scripts/gen_autoksyms.sh
@@ -26,7 +26,7 @@ if [ -n "$CONFIG_MODVERSIONS" ]; then
needed_symbols="$needed_symbols module_layout"
fi
-ksym_wl=$(sed -n 's/^CONFIG_UNUSED_KSYMS_WHITELIST="\(.*\)"$/\1/p' include/config/auto.conf)
+ksym_wl=$(sed -n 's/^CONFIG_UNUSED_KSYMS_WHITELIST=\(.*\)$/\1/p' include/config/auto.conf)
if [ -n "$ksym_wl" ]; then
[ "${ksym_wl}" != "${ksym_wl#/}" ] || ksym_wl="$abs_srctree/$ksym_wl"
if [ ! -f "$ksym_wl" ] || [ ! -r "$ksym_wl" ]; then
diff --git a/scripts/kconfig/confdata.c b/scripts/kconfig/confdata.c
index 42bc56ee238c..35a723a2a4c2 100644
--- a/scripts/kconfig/confdata.c
+++ b/scripts/kconfig/confdata.c
@@ -700,7 +700,7 @@ static void print_symbol_for_dotconfig(FILE *fp, struct symbol *sym)
static void print_symbol_for_autoconf(FILE *fp, struct symbol *sym)
{
- __print_symbol(fp, sym, OUTPUT_N_NONE, true);
+ __print_symbol(fp, sym, OUTPUT_N_NONE, false);
}
void print_symbol_for_listconfig(struct symbol *sym)
diff --git a/scripts/setlocalversion b/scripts/setlocalversion
index d06137405190..af4754a35e66 100755
--- a/scripts/setlocalversion
+++ b/scripts/setlocalversion
@@ -123,7 +123,7 @@ if test ! "$srctree" -ef .; then
fi
# CONFIG_LOCALVERSION and LOCALVERSION (if set)
-config_localversion=$(sed -n 's/^CONFIG_LOCALVERSION="\(.*\)"$/\1/p' include/config/auto.conf)
+config_localversion=$(sed -n 's/^CONFIG_LOCALVERSION=\(.*\)$/\1/p' include/config/auto.conf)
res="${res}${config_localversion}${LOCALVERSION}"
# scm version string if not at a tagged commit
diff --git a/usr/Makefile b/usr/Makefile
index b1a81a40eab1..7374873a539f 100644
--- a/usr/Makefile
+++ b/usr/Makefile
@@ -21,7 +21,7 @@ obj-$(CONFIG_BLK_DEV_INITRD) := initramfs_data.o
$(obj)/initramfs_data.o: $(obj)/initramfs_inc_data
-ramfs-input := $(strip $(shell echo $(CONFIG_INITRAMFS_SOURCE)))
+ramfs-input := $(CONFIG_INITRAMFS_SOURCE)
cpio-data :=
# If CONFIG_INITRAMFS_SOURCE is empty, generate a small initramfs with the
--
2.32.0
This dependency is necessary irrespective of the mentioned GCC PR
because the embedded certificates are build artifacts and must be
generated by extract_certs before *.S files are compiled.
The comment sounds like we are hoping to remove these dependencies
someday. No, we cannot remove them.
Signed-off-by: Masahiro Yamada <[email protected]>
---
certs/Makefile | 2 --
1 file changed, 2 deletions(-)
diff --git a/certs/Makefile b/certs/Makefile
index 0dc523e8ca7c..d21d1612b7fd 100644
--- a/certs/Makefile
+++ b/certs/Makefile
@@ -19,7 +19,6 @@ ifeq ($(CONFIG_SYSTEM_TRUSTED_KEYRING),y)
$(eval $(call config_filename,SYSTEM_TRUSTED_KEYS))
-# GCC doesn't include .incbin files in -MD generated dependencies (PR#66871)
$(obj)/system_certificates.o: $(obj)/x509_certificate_list
$(obj)/x509_certificate_list: scripts/extract-cert $(SYSTEM_TRUSTED_KEYS_SRCPREFIX)$(SYSTEM_TRUSTED_KEYS_FILENAME) FORCE
@@ -80,7 +79,6 @@ ifeq ($(patsubst pkcs11:%,%,$(firstword $(MODULE_SIG_KEY_FILENAME))),$(firstword
X509_DEP := $(MODULE_SIG_KEY_SRCPREFIX)$(MODULE_SIG_KEY_FILENAME)
endif
-# GCC PR#66871 again.
$(obj)/system_certificates.o: $(obj)/signing_key.x509
$(obj)/signing_key.x509: scripts/extract-cert $(X509_DEP) FORCE
--
2.32.0
Richard Weinberger pointed out the risk of sourcing the kernel config
from shell scripts [1], and proposed some patches [2], [3]. It is a good
point, but it took a long time because I was wondering how to fix this.
This commit goes with simple grep approach because there are only a few
scripts including the kernel configuration.
scripts/link_vmlinux.sh has references to a bunch of CONFIG options,
all of which are boolean. I added is_enabled() helper as
scripts/package/{mkdebian,builddeb} do.
scripts/gen_autoksyms.sh uses 'eval', stating "to expand the whitelist
path". I removed it since it is the issue we are trying to fix.
I was a bit worried about the cost of invoking the grep command over
again. I extracted the grep parts from it, and measured the cost. It
was approximately 0.03 sec, which I hope is acceptable.
[test code]
$ cat test-grep.sh
#!/bin/sh
is_enabled() {
grep -q "^$1=y" include/config/auto.conf
}
is_enabled CONFIG_LTO_CLANG
is_enabled CONFIG_LTO_CLANG
is_enabled CONFIG_STACK_VALIDATION
is_enabled CONFIG_UNWINDER_ORC
is_enabled CONFIG_FTRACE_MCOUNT_USE_OBJTOOL
is_enabled CONFIG_VMLINUX_VALIDATION
is_enabled CONFIG_FRAME_POINTER
is_enabled CONFIG_GCOV_KERNEL
is_enabled CONFIG_LTO_CLANG
is_enabled CONFIG_RETPOLINE
is_enabled CONFIG_X86_SMAP
is_enabled CONFIG_LTO_CLANG
is_enabled CONFIG_VMLINUX_MAP
is_enabled CONFIG_KALLSYMS_ALL
is_enabled CONFIG_KALLSYMS_ABSOLUTE_PERCPU
is_enabled CONFIG_KALLSYMS_BASE_RELATIVE
is_enabled CONFIG_DEBUG_INFO_BTF
is_enabled CONFIG_KALLSYMS
is_enabled CONFIG_DEBUG_INFO_BTF
is_enabled CONFIG_BPF
is_enabled CONFIG_BUILDTIME_TABLE_SORT
is_enabled CONFIG_KALLSYMS
$ time ./test-grep.sh
real 0m0.036s
user 0m0.027s
sys m0.009s
[1]: https://lore.kernel.org/all/1919455.eZKeABUfgV@blindfold/
[2]: https://lore.kernel.org/all/[email protected]/
[3]: https://lore.kernel.org/all/[email protected]/
Signed-off-by: Masahiro Yamada <[email protected]>
---
scripts/gen_autoksyms.sh | 6 ++---
scripts/link-vmlinux.sh | 47 ++++++++++++++++++++--------------------
scripts/setlocalversion | 9 ++++----
3 files changed, 30 insertions(+), 32 deletions(-)
diff --git a/scripts/gen_autoksyms.sh b/scripts/gen_autoksyms.sh
index 6ed0d225c8b1..12ffb01f13cb 100755
--- a/scripts/gen_autoksyms.sh
+++ b/scripts/gen_autoksyms.sh
@@ -26,10 +26,8 @@ if [ -n "$CONFIG_MODVERSIONS" ]; then
needed_symbols="$needed_symbols module_layout"
fi
-ksym_wl=
-if [ -n "$CONFIG_UNUSED_KSYMS_WHITELIST" ]; then
- # Use 'eval' to expand the whitelist path and check if it is relative
- eval ksym_wl="$CONFIG_UNUSED_KSYMS_WHITELIST"
+ksym_wl=$(sed -n 's/^CONFIG_UNUSED_KSYMS_WHITELIST="\(.*\)"$/\1/p' include/config/auto.conf)
+if [ -n "$ksym_wl" ]; then
[ "${ksym_wl}" != "${ksym_wl#/}" ] || ksym_wl="$abs_srctree/$ksym_wl"
if [ ! -f "$ksym_wl" ] || [ ! -r "$ksym_wl" ]; then
echo "ERROR: '$ksym_wl' whitelist file not found" >&2
diff --git a/scripts/link-vmlinux.sh b/scripts/link-vmlinux.sh
index 5cdd9bc5c385..a4b61a2f65db 100755
--- a/scripts/link-vmlinux.sh
+++ b/scripts/link-vmlinux.sh
@@ -34,6 +34,10 @@ LD="$1"
KBUILD_LDFLAGS="$2"
LDFLAGS_vmlinux="$3"
+is_enabled() {
+ grep -q "^$1=y" include/config/auto.conf
+}
+
# Nice output in kbuild format
# Will be supressed by "make -s"
info()
@@ -80,11 +84,11 @@ modpost_link()
${KBUILD_VMLINUX_LIBS} \
--end-group"
- if [ -n "${CONFIG_LTO_CLANG}" ]; then
+ if is_enabled CONFIG_LTO_CLANG; then
gen_initcalls
lds="-T .tmp_initcalls.lds"
- if [ -n "${CONFIG_MODVERSIONS}" ]; then
+ if is_enabled CONFIG_MODVERSIONS; then
gen_symversions
lds="${lds} -T .tmp_symversions.lds"
fi
@@ -104,21 +108,21 @@ objtool_link()
local objtoolcmd;
local objtoolopt;
- if [ "${CONFIG_LTO_CLANG} ${CONFIG_STACK_VALIDATION}" = "y y" ]; then
+ if is_enabled CONFIG_LTO_CLANG && is_enabled CONFIG_STACK_VALIDATION; then
# Don't perform vmlinux validation unless explicitly requested,
# but run objtool on vmlinux.o now that we have an object file.
- if [ -n "${CONFIG_UNWINDER_ORC}" ]; then
+ if is_enabled CONFIG_UNWINDER_ORC; then
objtoolcmd="orc generate"
fi
objtoolopt="${objtoolopt} --duplicate"
- if [ -n "${CONFIG_FTRACE_MCOUNT_USE_OBJTOOL}" ]; then
+ if is_enabled CONFIG_FTRACE_MCOUNT_USE_OBJTOOL; then
objtoolopt="${objtoolopt} --mcount"
fi
fi
- if [ -n "${CONFIG_VMLINUX_VALIDATION}" ]; then
+ if is_enabled CONFIG_VMLINUX_VALIDATION; then
objtoolopt="${objtoolopt} --noinstr"
fi
@@ -127,16 +131,16 @@ objtool_link()
objtoolcmd="check"
fi
objtoolopt="${objtoolopt} --vmlinux"
- if [ -z "${CONFIG_FRAME_POINTER}" ]; then
+ if ! is_enabled CONFIG_FRAME_POINTER; then
objtoolopt="${objtoolopt} --no-fp"
fi
- if [ -n "${CONFIG_GCOV_KERNEL}" ] || [ -n "${CONFIG_LTO_CLANG}" ]; then
+ if is_enabled CONFIG_GCOV_KERNEL || is_enabled CONFIG_LTO_CLANG; then
objtoolopt="${objtoolopt} --no-unreachable"
fi
- if [ -n "${CONFIG_RETPOLINE}" ]; then
+ if is_enabled CONFIG_RETPOLINE; then
objtoolopt="${objtoolopt} --retpoline"
fi
- if [ -n "${CONFIG_X86_SMAP}" ]; then
+ if is_enabled CONFIG_X86_SMAP; then
objtoolopt="${objtoolopt} --uaccess"
fi
info OBJTOOL ${1}
@@ -161,7 +165,7 @@ vmlinux_link()
# skip output file argument
shift
- if [ -n "${CONFIG_LTO_CLANG}" ]; then
+ if is_enabled CONFIG_LTO_CLANG; then
# Use vmlinux.o instead of performing the slow LTO link again.
objs=vmlinux.o
libs=
@@ -189,7 +193,7 @@ vmlinux_link()
ldflags="${ldflags} ${wl}--strip-debug"
fi
- if [ -n "${CONFIG_VMLINUX_MAP}" ]; then
+ if is_enabled CONFIG_VMLINUX_MAP; then
ldflags="${ldflags} ${wl}-Map=${output}.map"
fi
@@ -239,15 +243,15 @@ kallsyms()
{
local kallsymopt;
- if [ -n "${CONFIG_KALLSYMS_ALL}" ]; then
+ if is_enabled CONFIG_KALLSYMS_ALL; then
kallsymopt="${kallsymopt} --all-symbols"
fi
- if [ -n "${CONFIG_KALLSYMS_ABSOLUTE_PERCPU}" ]; then
+ if is_enabled CONFIG_KALLSYMS_ABSOLUTE_PERCPU; then
kallsymopt="${kallsymopt} --absolute-percpu"
fi
- if [ -n "${CONFIG_KALLSYMS_BASE_RELATIVE}" ]; then
+ if is_enabled CONFIG_KALLSYMS_BASE_RELATIVE; then
kallsymopt="${kallsymopt} --base-relative"
fi
@@ -312,9 +316,6 @@ if [ "$1" = "clean" ]; then
exit 0
fi
-# We need access to CONFIG_ symbols
-. include/config/auto.conf
-
# Update version
info GEN .version
if [ -r .version ]; then
@@ -343,7 +344,7 @@ tr '\0' '\n' < modules.builtin.modinfo | sed -n 's/^[[:alnum:]:_]*\.file=//p' |
tr ' ' '\n' | uniq | sed -e 's:^:kernel/:' -e 's/$/.ko/' > modules.builtin
btf_vmlinux_bin_o=""
-if [ -n "${CONFIG_DEBUG_INFO_BTF}" ]; then
+if is_enabled CONFIG_DEBUG_INFO_BTF; then
btf_vmlinux_bin_o=.btf.vmlinux.bin.o
if ! gen_btf .tmp_vmlinux.btf $btf_vmlinux_bin_o ; then
echo >&2 "Failed to generate BTF for vmlinux"
@@ -355,7 +356,7 @@ fi
kallsymso=""
kallsymso_prev=""
kallsyms_vmlinux=""
-if [ -n "${CONFIG_KALLSYMS}" ]; then
+if is_enabled CONFIG_KALLSYMS; then
# kallsyms support
# Generate section listing all symbols and add it into vmlinux
@@ -395,12 +396,12 @@ fi
vmlinux_link vmlinux "${kallsymso}" ${btf_vmlinux_bin_o}
# fill in BTF IDs
-if [ -n "${CONFIG_DEBUG_INFO_BTF}" -a -n "${CONFIG_BPF}" ]; then
+if is_enabled CONFIG_DEBUG_INFO_BTF && is_enabled CONFIG_BPF; then
info BTFIDS vmlinux
${RESOLVE_BTFIDS} vmlinux
fi
-if [ -n "${CONFIG_BUILDTIME_TABLE_SORT}" ]; then
+if is_enabled CONFIG_BUILDTIME_TABLE_SORT; then
info SORTTAB vmlinux
if ! sorttable vmlinux; then
echo >&2 Failed to sort kernel tables
@@ -412,7 +413,7 @@ info SYSMAP System.map
mksysmap vmlinux System.map
# step a (see comment above)
-if [ -n "${CONFIG_KALLSYMS}" ]; then
+if is_enabled CONFIG_KALLSYMS; then
mksysmap ${kallsyms_vmlinux} .tmp_System.map
if ! cmp -s System.map .tmp_System.map; then
diff --git a/scripts/setlocalversion b/scripts/setlocalversion
index 6b54e46a0f12..d06137405190 100755
--- a/scripts/setlocalversion
+++ b/scripts/setlocalversion
@@ -111,9 +111,7 @@ if $scm_only; then
exit
fi
-if test -e include/config/auto.conf; then
- . include/config/auto.conf
-else
+if ! test -e include/config/auto.conf; then
echo "Error: kernelrelease not valid - run 'make prepare' to update it" >&2
exit 1
fi
@@ -125,10 +123,11 @@ if test ! "$srctree" -ef .; then
fi
# CONFIG_LOCALVERSION and LOCALVERSION (if set)
-res="${res}${CONFIG_LOCALVERSION}${LOCALVERSION}"
+config_localversion=$(sed -n 's/^CONFIG_LOCALVERSION="\(.*\)"$/\1/p' include/config/auto.conf)
+res="${res}${config_localversion}${LOCALVERSION}"
# scm version string if not at a tagged commit
-if test "$CONFIG_LOCALVERSION_AUTO" = "y"; then
+if grep -q "^CONFIG_LOCALVERSION_AUTO=y$" include/config/auto.conf; then
# full scm version string
res="$res$(scm_version)"
elif [ "${LOCALVERSION+set}" != "set" ]; then
--
2.32.0
The .incbin directive in certs/system_certificates.S includes
certs/signing_key.x509 and certs/x509_certificate_list, both of which
are generated by extract_certs, i.e. exist in $(objtree).
This option -I$(srctree) is unneeded.
Signed-off-by: Masahiro Yamada <[email protected]>
---
certs/Makefile | 3 ---
1 file changed, 3 deletions(-)
diff --git a/certs/Makefile b/certs/Makefile
index 945e53d90d38..e7d6ee183496 100644
--- a/certs/Makefile
+++ b/certs/Makefile
@@ -22,9 +22,6 @@ $(eval $(call config_filename,SYSTEM_TRUSTED_KEYS))
# GCC doesn't include .incbin files in -MD generated dependencies (PR#66871)
$(obj)/system_certificates.o: $(obj)/x509_certificate_list
-# Cope with signing_key.x509 existing in $(srctree) not $(objtree)
-AFLAGS_system_certificates.o := -I$(srctree)
-
targets += x509_certificate_list
$(obj)/x509_certificate_list: scripts/extract-cert $(SYSTEM_TRUSTED_KEYS_SRCPREFIX)$(SYSTEM_TRUSTED_KEYS_FILENAME) FORCE
$(call if_changed,extract_certs,$(SYSTEM_TRUSTED_KEYS_SRCPREFIX)$(CONFIG_SYSTEM_TRUSTED_KEYS))
--
2.32.0
'make clean' removes files listed in 'targets'. It is redundant to
specify both 'targets' and 'clean-files'.
Move 'targets' assignments out of the ifeq-conditionals so
scripts/Makefile.clean can see them.
One effective change is that certs/certs/signing_key.x509 is now
deleted by 'make clean' instead of 'make mrproper. This certificate
is embedded in the kernel. It is not used in any way by external
module builds.
Signed-off-by: Masahiro Yamada <[email protected]>
---
Makefile | 2 +-
certs/Makefile | 9 +++++----
2 files changed, 6 insertions(+), 5 deletions(-)
diff --git a/Makefile b/Makefile
index 0a6ecc8bb2d2..4e8ac0730f51 100644
--- a/Makefile
+++ b/Makefile
@@ -1503,7 +1503,7 @@ MRPROPER_FILES += include/config include/generated \
debian snap tar-install \
.config .config.old .version \
Module.symvers \
- certs/signing_key.pem certs/signing_key.x509 \
+ certs/signing_key.pem \
certs/x509.genkey \
vmlinux-gdb.py \
*.spec
diff --git a/certs/Makefile b/certs/Makefile
index e7d6ee183496..0dc523e8ca7c 100644
--- a/certs/Makefile
+++ b/certs/Makefile
@@ -22,12 +22,11 @@ $(eval $(call config_filename,SYSTEM_TRUSTED_KEYS))
# GCC doesn't include .incbin files in -MD generated dependencies (PR#66871)
$(obj)/system_certificates.o: $(obj)/x509_certificate_list
-targets += x509_certificate_list
$(obj)/x509_certificate_list: scripts/extract-cert $(SYSTEM_TRUSTED_KEYS_SRCPREFIX)$(SYSTEM_TRUSTED_KEYS_FILENAME) FORCE
$(call if_changed,extract_certs,$(SYSTEM_TRUSTED_KEYS_SRCPREFIX)$(CONFIG_SYSTEM_TRUSTED_KEYS))
endif # CONFIG_SYSTEM_TRUSTED_KEYRING
-clean-files := x509_certificate_list .x509.list x509_revocation_list
+targets += x509_certificate_list
ifeq ($(CONFIG_MODULE_SIG),y)
SIGN_KEY = y
@@ -84,18 +83,20 @@ endif
# GCC PR#66871 again.
$(obj)/system_certificates.o: $(obj)/signing_key.x509
-targets += signing_key.x509
$(obj)/signing_key.x509: scripts/extract-cert $(X509_DEP) FORCE
$(call if_changed,extract_certs,$(MODULE_SIG_KEY_SRCPREFIX)$(CONFIG_MODULE_SIG_KEY))
endif # CONFIG_MODULE_SIG
+targets += signing_key.x509
+
ifeq ($(CONFIG_SYSTEM_REVOCATION_LIST),y)
$(eval $(call config_filename,SYSTEM_REVOCATION_KEYS))
$(obj)/revocation_certificates.o: $(obj)/x509_revocation_list
-targets += x509_revocation_list
$(obj)/x509_revocation_list: scripts/extract-cert $(SYSTEM_REVOCATION_KEYS_SRCPREFIX)$(SYSTEM_REVOCATION_KEYS_FILENAME) FORCE
$(call if_changed,extract_certs,$(SYSTEM_REVOCATION_KEYS_SRCPREFIX)$(CONFIG_SYSTEM_REVOCATION_KEYS))
endif
+
+targets += x509_revocation_list
--
2.32.0
On Mon, Dec 13, 2021 at 04:29:35AM +0900, Masahiro Yamada wrote:
> 'make clean' removes files listed in 'targets'. It is redundant to
> specify both 'targets' and 'clean-files'.
>
> Move 'targets' assignments out of the ifeq-conditionals so
> scripts/Makefile.clean can see them.
>
> One effective change is that certs/certs/signing_key.x509 is now
> deleted by 'make clean' instead of 'make mrproper. This certificate
> is embedded in the kernel. It is not used in any way by external
> module builds.
>
> Signed-off-by: Masahiro Yamada <[email protected]>
> ---
Reviewed-by: Nicolas Schier <[email protected]>
>
> Makefile | 2 +-
> certs/Makefile | 9 +++++----
> 2 files changed, 6 insertions(+), 5 deletions(-)
>
> diff --git a/Makefile b/Makefile
> index 0a6ecc8bb2d2..4e8ac0730f51 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -1503,7 +1503,7 @@ MRPROPER_FILES += include/config include/generated \
> debian snap tar-install \
> .config .config.old .version \
> Module.symvers \
> - certs/signing_key.pem certs/signing_key.x509 \
> + certs/signing_key.pem \
> certs/x509.genkey \
> vmlinux-gdb.py \
> *.spec
> diff --git a/certs/Makefile b/certs/Makefile
> index e7d6ee183496..0dc523e8ca7c 100644
> --- a/certs/Makefile
> +++ b/certs/Makefile
> @@ -22,12 +22,11 @@ $(eval $(call config_filename,SYSTEM_TRUSTED_KEYS))
> # GCC doesn't include .incbin files in -MD generated dependencies (PR#66871)
> $(obj)/system_certificates.o: $(obj)/x509_certificate_list
>
> -targets += x509_certificate_list
> $(obj)/x509_certificate_list: scripts/extract-cert $(SYSTEM_TRUSTED_KEYS_SRCPREFIX)$(SYSTEM_TRUSTED_KEYS_FILENAME) FORCE
> $(call if_changed,extract_certs,$(SYSTEM_TRUSTED_KEYS_SRCPREFIX)$(CONFIG_SYSTEM_TRUSTED_KEYS))
> endif # CONFIG_SYSTEM_TRUSTED_KEYRING
>
> -clean-files := x509_certificate_list .x509.list x509_revocation_list
> +targets += x509_certificate_list
>
> ifeq ($(CONFIG_MODULE_SIG),y)
> SIGN_KEY = y
> @@ -84,18 +83,20 @@ endif
> # GCC PR#66871 again.
> $(obj)/system_certificates.o: $(obj)/signing_key.x509
>
> -targets += signing_key.x509
> $(obj)/signing_key.x509: scripts/extract-cert $(X509_DEP) FORCE
> $(call if_changed,extract_certs,$(MODULE_SIG_KEY_SRCPREFIX)$(CONFIG_MODULE_SIG_KEY))
> endif # CONFIG_MODULE_SIG
>
> +targets += signing_key.x509
> +
> ifeq ($(CONFIG_SYSTEM_REVOCATION_LIST),y)
>
> $(eval $(call config_filename,SYSTEM_REVOCATION_KEYS))
>
> $(obj)/revocation_certificates.o: $(obj)/x509_revocation_list
>
> -targets += x509_revocation_list
> $(obj)/x509_revocation_list: scripts/extract-cert $(SYSTEM_REVOCATION_KEYS_SRCPREFIX)$(SYSTEM_REVOCATION_KEYS_FILENAME) FORCE
> $(call if_changed,extract_certs,$(SYSTEM_REVOCATION_KEYS_SRCPREFIX)$(CONFIG_SYSTEM_REVOCATION_KEYS))
> endif
> +
> +targets += x509_revocation_list
> --
> 2.32.0
>
On Mon, Dec 13, 2021 at 04:29:37AM +0900, Masahiro Yamada wrote:
> Toward the goal of removing the config_filename macro, drop
> the double-quotes and add $(srctree)/ prefix in an ad hoc way.
>
> Signed-off-by: Masahiro Yamada <[email protected]>
> ---
Reviewed-by: Nicolas Schier <[email protected]>
>
> scripts/Makefile.modinst | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/scripts/Makefile.modinst b/scripts/Makefile.modinst
> index ff9b09e4cfca..df7e3d578ef5 100644
> --- a/scripts/Makefile.modinst
> +++ b/scripts/Makefile.modinst
> @@ -66,9 +66,10 @@ endif
> # Don't stop modules_install even if we can't sign external modules.
> #
> ifeq ($(CONFIG_MODULE_SIG_ALL),y)
> +CONFIG_MODULE_SIG_KEY := $(CONFIG_MODULE_SIG_KEY:"%"=%)
> +sig-key := $(if $(wildcard $(CONFIG_MODULE_SIG_KEY)),,$(srctree)/)$(CONFIG_MODULE_SIG_KEY)
> quiet_cmd_sign = SIGN $@
> -$(eval $(call config_filename,MODULE_SIG_KEY))
> - cmd_sign = scripts/sign-file $(CONFIG_MODULE_SIG_HASH) $(MODULE_SIG_KEY_SRCPREFIX)$(CONFIG_MODULE_SIG_KEY) certs/signing_key.x509 $@ \
> + cmd_sign = scripts/sign-file $(CONFIG_MODULE_SIG_HASH) $(sig-key) certs/signing_key.x509 $@ \
> $(if $(KBUILD_EXTMOD),|| true)
> else
> quiet_cmd_sign :=
> --
> 2.32.0
>
On Mon, Dec 13, 2021 at 04:29:32AM +0900, Masahiro Yamada wrote:
> Do not repeat $(obj)/signing_key.pem
>
> Signed-off-by: Masahiro Yamada <[email protected]>
> ---
>
> certs/Makefile | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/certs/Makefile b/certs/Makefile
> index a702b70f3cb9..97fd6cc02972 100644
> --- a/certs/Makefile
> +++ b/certs/Makefile
> @@ -61,8 +61,7 @@ keytype-$(CONFIG_MODULE_SIG_KEY_TYPE_ECDSA) := -newkey ec -pkeyopt ec_paramgen_c
> quiet_cmd_gen_key = GENKEY $@
> cmd_gen_key = openssl req -new -nodes -utf8 -$(CONFIG_MODULE_SIG_HASH) -days 36500 \
> -batch -x509 -config $(obj)/x509.genkey \
Don't you want to replace $< too?
Reviewed-by: Nicolas Schier <[email protected]>
> - -outform PEM -out $(obj)/signing_key.pem \
> - -keyout $(obj)/signing_key.pem $(keytype-y) 2>&1
> + -outform PEM -out $@ -keyout $@ $(keytype-y) 2>&1
>
> $(obj)/signing_key.pem: $(obj)/x509.genkey FORCE
> $(call if_changed,gen_key)
> --
> 2.32.0
>
On Mon, Dec 13, 2021 at 04:29:39AM +0900, Masahiro Yamada wrote:
> Richard Weinberger pointed out the risk of sourcing the kernel config
> from shell scripts [1], and proposed some patches [2], [3]. It is a good
> point, but it took a long time because I was wondering how to fix this.
>
> This commit goes with simple grep approach because there are only a few
> scripts including the kernel configuration.
>
> scripts/link_vmlinux.sh has references to a bunch of CONFIG options,
> all of which are boolean. I added is_enabled() helper as
> scripts/package/{mkdebian,builddeb} do.
>
> scripts/gen_autoksyms.sh uses 'eval', stating "to expand the whitelist
> path". I removed it since it is the issue we are trying to fix.
>
> I was a bit worried about the cost of invoking the grep command over
> again. I extracted the grep parts from it, and measured the cost. It
> was approximately 0.03 sec, which I hope is acceptable.
>
> [test code]
>
> $ cat test-grep.sh
> #!/bin/sh
>
> is_enabled() {
> grep -q "^$1=y" include/config/auto.conf
> }
>
> is_enabled CONFIG_LTO_CLANG
> is_enabled CONFIG_LTO_CLANG
> is_enabled CONFIG_STACK_VALIDATION
> is_enabled CONFIG_UNWINDER_ORC
> is_enabled CONFIG_FTRACE_MCOUNT_USE_OBJTOOL
> is_enabled CONFIG_VMLINUX_VALIDATION
> is_enabled CONFIG_FRAME_POINTER
> is_enabled CONFIG_GCOV_KERNEL
> is_enabled CONFIG_LTO_CLANG
> is_enabled CONFIG_RETPOLINE
> is_enabled CONFIG_X86_SMAP
> is_enabled CONFIG_LTO_CLANG
> is_enabled CONFIG_VMLINUX_MAP
> is_enabled CONFIG_KALLSYMS_ALL
> is_enabled CONFIG_KALLSYMS_ABSOLUTE_PERCPU
> is_enabled CONFIG_KALLSYMS_BASE_RELATIVE
> is_enabled CONFIG_DEBUG_INFO_BTF
> is_enabled CONFIG_KALLSYMS
> is_enabled CONFIG_DEBUG_INFO_BTF
> is_enabled CONFIG_BPF
> is_enabled CONFIG_BUILDTIME_TABLE_SORT
> is_enabled CONFIG_KALLSYMS
>
> $ time ./test-grep.sh
> real 0m0.036s
> user 0m0.027s
> sys m0.009s
>
> [1]: https://lore.kernel.org/all/1919455.eZKeABUfgV@blindfold/
> [2]: https://lore.kernel.org/all/[email protected]/
> [3]: https://lore.kernel.org/all/[email protected]/
> Signed-off-by: Masahiro Yamada <[email protected]>
> ---
>
> scripts/gen_autoksyms.sh | 6 ++---
> scripts/link-vmlinux.sh | 47 ++++++++++++++++++++--------------------
> scripts/setlocalversion | 9 ++++----
> 3 files changed, 30 insertions(+), 32 deletions(-)
>
> diff --git a/scripts/gen_autoksyms.sh b/scripts/gen_autoksyms.sh
> index 6ed0d225c8b1..12ffb01f13cb 100755
> --- a/scripts/gen_autoksyms.sh
> +++ b/scripts/gen_autoksyms.sh
> @@ -26,10 +26,8 @@ if [ -n "$CONFIG_MODVERSIONS" ]; then
> needed_symbols="$needed_symbols module_layout"
> fi
As kernel test robot pointed out, gen_autoksyms.sh still sources
include/config/auto.conf. What about this:
diff --git a/scripts/gen_autoksyms.sh b/scripts/gen_autoksyms.sh
index 31872d95468b..be9ee250200e 100755
--- a/scripts/gen_autoksyms.sh
+++ b/scripts/gen_autoksyms.sh
@@ -16,13 +16,11 @@ case "$KBUILD_VERBOSE" in
;;
esac
-# We need access to CONFIG_ symbols
-. include/config/auto.conf
needed_symbols=
# Special case for modversions (see modpost.c)
-if [ -n "$CONFIG_MODVERSIONS" ]; then
+if grep -qe "^CONFIG_MODVERSIONS=y" include/config/auto.conf; then
needed_symbols="$needed_symbols module_layout"
fi
For the other hunks:
Reviewed-by: Nicolas Schier <[email protected]>
>
> -ksym_wl=
> -if [ -n "$CONFIG_UNUSED_KSYMS_WHITELIST" ]; then
> - # Use 'eval' to expand the whitelist path and check if it is relative
> - eval ksym_wl="$CONFIG_UNUSED_KSYMS_WHITELIST"
> +ksym_wl=$(sed -n 's/^CONFIG_UNUSED_KSYMS_WHITELIST="\(.*\)"$/\1/p' include/config/auto.conf)
> +if [ -n "$ksym_wl" ]; then
> [ "${ksym_wl}" != "${ksym_wl#/}" ] || ksym_wl="$abs_srctree/$ksym_wl"
> if [ ! -f "$ksym_wl" ] || [ ! -r "$ksym_wl" ]; then
> echo "ERROR: '$ksym_wl' whitelist file not found" >&2
> diff --git a/scripts/link-vmlinux.sh b/scripts/link-vmlinux.sh
> index 5cdd9bc5c385..a4b61a2f65db 100755
> --- a/scripts/link-vmlinux.sh
> +++ b/scripts/link-vmlinux.sh
> @@ -34,6 +34,10 @@ LD="$1"
> KBUILD_LDFLAGS="$2"
> LDFLAGS_vmlinux="$3"
>
> +is_enabled() {
> + grep -q "^$1=y" include/config/auto.conf
> +}
> +
> # Nice output in kbuild format
> # Will be supressed by "make -s"
> info()
> @@ -80,11 +84,11 @@ modpost_link()
> ${KBUILD_VMLINUX_LIBS} \
> --end-group"
>
> - if [ -n "${CONFIG_LTO_CLANG}" ]; then
> + if is_enabled CONFIG_LTO_CLANG; then
> gen_initcalls
> lds="-T .tmp_initcalls.lds"
>
> - if [ -n "${CONFIG_MODVERSIONS}" ]; then
> + if is_enabled CONFIG_MODVERSIONS; then
> gen_symversions
> lds="${lds} -T .tmp_symversions.lds"
> fi
> @@ -104,21 +108,21 @@ objtool_link()
> local objtoolcmd;
> local objtoolopt;
>
> - if [ "${CONFIG_LTO_CLANG} ${CONFIG_STACK_VALIDATION}" = "y y" ]; then
> + if is_enabled CONFIG_LTO_CLANG && is_enabled CONFIG_STACK_VALIDATION; then
> # Don't perform vmlinux validation unless explicitly requested,
> # but run objtool on vmlinux.o now that we have an object file.
> - if [ -n "${CONFIG_UNWINDER_ORC}" ]; then
> + if is_enabled CONFIG_UNWINDER_ORC; then
> objtoolcmd="orc generate"
> fi
>
> objtoolopt="${objtoolopt} --duplicate"
>
> - if [ -n "${CONFIG_FTRACE_MCOUNT_USE_OBJTOOL}" ]; then
> + if is_enabled CONFIG_FTRACE_MCOUNT_USE_OBJTOOL; then
> objtoolopt="${objtoolopt} --mcount"
> fi
> fi
>
> - if [ -n "${CONFIG_VMLINUX_VALIDATION}" ]; then
> + if is_enabled CONFIG_VMLINUX_VALIDATION; then
> objtoolopt="${objtoolopt} --noinstr"
> fi
>
> @@ -127,16 +131,16 @@ objtool_link()
> objtoolcmd="check"
> fi
> objtoolopt="${objtoolopt} --vmlinux"
> - if [ -z "${CONFIG_FRAME_POINTER}" ]; then
> + if ! is_enabled CONFIG_FRAME_POINTER; then
> objtoolopt="${objtoolopt} --no-fp"
> fi
> - if [ -n "${CONFIG_GCOV_KERNEL}" ] || [ -n "${CONFIG_LTO_CLANG}" ]; then
> + if is_enabled CONFIG_GCOV_KERNEL || is_enabled CONFIG_LTO_CLANG; then
> objtoolopt="${objtoolopt} --no-unreachable"
> fi
> - if [ -n "${CONFIG_RETPOLINE}" ]; then
> + if is_enabled CONFIG_RETPOLINE; then
> objtoolopt="${objtoolopt} --retpoline"
> fi
> - if [ -n "${CONFIG_X86_SMAP}" ]; then
> + if is_enabled CONFIG_X86_SMAP; then
> objtoolopt="${objtoolopt} --uaccess"
> fi
> info OBJTOOL ${1}
> @@ -161,7 +165,7 @@ vmlinux_link()
> # skip output file argument
> shift
>
> - if [ -n "${CONFIG_LTO_CLANG}" ]; then
> + if is_enabled CONFIG_LTO_CLANG; then
> # Use vmlinux.o instead of performing the slow LTO link again.
> objs=vmlinux.o
> libs=
> @@ -189,7 +193,7 @@ vmlinux_link()
> ldflags="${ldflags} ${wl}--strip-debug"
> fi
>
> - if [ -n "${CONFIG_VMLINUX_MAP}" ]; then
> + if is_enabled CONFIG_VMLINUX_MAP; then
> ldflags="${ldflags} ${wl}-Map=${output}.map"
> fi
>
> @@ -239,15 +243,15 @@ kallsyms()
> {
> local kallsymopt;
>
> - if [ -n "${CONFIG_KALLSYMS_ALL}" ]; then
> + if is_enabled CONFIG_KALLSYMS_ALL; then
> kallsymopt="${kallsymopt} --all-symbols"
> fi
>
> - if [ -n "${CONFIG_KALLSYMS_ABSOLUTE_PERCPU}" ]; then
> + if is_enabled CONFIG_KALLSYMS_ABSOLUTE_PERCPU; then
> kallsymopt="${kallsymopt} --absolute-percpu"
> fi
>
> - if [ -n "${CONFIG_KALLSYMS_BASE_RELATIVE}" ]; then
> + if is_enabled CONFIG_KALLSYMS_BASE_RELATIVE; then
> kallsymopt="${kallsymopt} --base-relative"
> fi
>
> @@ -312,9 +316,6 @@ if [ "$1" = "clean" ]; then
> exit 0
> fi
>
> -# We need access to CONFIG_ symbols
> -. include/config/auto.conf
> -
> # Update version
> info GEN .version
> if [ -r .version ]; then
> @@ -343,7 +344,7 @@ tr '\0' '\n' < modules.builtin.modinfo | sed -n 's/^[[:alnum:]:_]*\.file=//p' |
> tr ' ' '\n' | uniq | sed -e 's:^:kernel/:' -e 's/$/.ko/' > modules.builtin
>
> btf_vmlinux_bin_o=""
> -if [ -n "${CONFIG_DEBUG_INFO_BTF}" ]; then
> +if is_enabled CONFIG_DEBUG_INFO_BTF; then
> btf_vmlinux_bin_o=.btf.vmlinux.bin.o
> if ! gen_btf .tmp_vmlinux.btf $btf_vmlinux_bin_o ; then
> echo >&2 "Failed to generate BTF for vmlinux"
> @@ -355,7 +356,7 @@ fi
> kallsymso=""
> kallsymso_prev=""
> kallsyms_vmlinux=""
> -if [ -n "${CONFIG_KALLSYMS}" ]; then
> +if is_enabled CONFIG_KALLSYMS; then
>
> # kallsyms support
> # Generate section listing all symbols and add it into vmlinux
> @@ -395,12 +396,12 @@ fi
> vmlinux_link vmlinux "${kallsymso}" ${btf_vmlinux_bin_o}
>
> # fill in BTF IDs
> -if [ -n "${CONFIG_DEBUG_INFO_BTF}" -a -n "${CONFIG_BPF}" ]; then
> +if is_enabled CONFIG_DEBUG_INFO_BTF && is_enabled CONFIG_BPF; then
> info BTFIDS vmlinux
> ${RESOLVE_BTFIDS} vmlinux
> fi
>
> -if [ -n "${CONFIG_BUILDTIME_TABLE_SORT}" ]; then
> +if is_enabled CONFIG_BUILDTIME_TABLE_SORT; then
> info SORTTAB vmlinux
> if ! sorttable vmlinux; then
> echo >&2 Failed to sort kernel tables
> @@ -412,7 +413,7 @@ info SYSMAP System.map
> mksysmap vmlinux System.map
>
> # step a (see comment above)
> -if [ -n "${CONFIG_KALLSYMS}" ]; then
> +if is_enabled CONFIG_KALLSYMS; then
> mksysmap ${kallsyms_vmlinux} .tmp_System.map
>
> if ! cmp -s System.map .tmp_System.map; then
> diff --git a/scripts/setlocalversion b/scripts/setlocalversion
> index 6b54e46a0f12..d06137405190 100755
> --- a/scripts/setlocalversion
> +++ b/scripts/setlocalversion
> @@ -111,9 +111,7 @@ if $scm_only; then
> exit
> fi
>
> -if test -e include/config/auto.conf; then
> - . include/config/auto.conf
> -else
> +if ! test -e include/config/auto.conf; then
> echo "Error: kernelrelease not valid - run 'make prepare' to update it" >&2
> exit 1
> fi
> @@ -125,10 +123,11 @@ if test ! "$srctree" -ef .; then
> fi
>
> # CONFIG_LOCALVERSION and LOCALVERSION (if set)
> -res="${res}${CONFIG_LOCALVERSION}${LOCALVERSION}"
> +config_localversion=$(sed -n 's/^CONFIG_LOCALVERSION="\(.*\)"$/\1/p' include/config/auto.conf)
> +res="${res}${config_localversion}${LOCALVERSION}"
>
> # scm version string if not at a tagged commit
> -if test "$CONFIG_LOCALVERSION_AUTO" = "y"; then
> +if grep -q "^CONFIG_LOCALVERSION_AUTO=y$" include/config/auto.conf; then
> # full scm version string
> res="$res$(scm_version)"
> elif [ "${LOCALVERSION+set}" != "set" ]; then
> --
> 2.32.0
>
On Mon, Dec 13, 2021 at 04:29:41AM +0900, Masahiro Yamada wrote:
> Use built-in functions instead of shell commands to avoid forking
> processes.
>
> Signed-off-by: Masahiro Yamada <[email protected]>
> ---
Reviewed-by: Nicolas Schier <[email protected]>
>
> arch/microblaze/Makefile | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/arch/microblaze/Makefile b/arch/microblaze/Makefile
> index a25e76d89e86..1826d9ce4459 100644
> --- a/arch/microblaze/Makefile
> +++ b/arch/microblaze/Makefile
> @@ -6,9 +6,9 @@ UTS_SYSNAME = -DUTS_SYSNAME=\"Linux\"
> # What CPU version are we building for, and crack it open
> # as major.minor.rev
> CPU_VER := $(CONFIG_XILINX_MICROBLAZE0_HW_VER)
> -CPU_MAJOR := $(shell echo $(CPU_VER) | cut -d '.' -f 1)
> -CPU_MINOR := $(shell echo $(CPU_VER) | cut -d '.' -f 2)
> -CPU_REV := $(shell echo $(CPU_VER) | cut -d '.' -f 3)
> +CPU_MAJOR := $(word 1, $(subst ., , $(CPU_VER)))
> +CPU_MINOR := $(word 2, $(subst ., , $(CPU_VER)))
> +CPU_REV := $(word 3, $(subst ., , $(CPU_VER)))
>
> export CPU_VER CPU_MAJOR CPU_MINOR CPU_REV
>
> --
> 2.32.0
>
On Mon, Dec 13, 2021 at 10:30 PM Nicolas Schier <[email protected]> wrote:
>
> On Mon, Dec 13, 2021 at 04:29:32AM +0900, Masahiro Yamada wrote:
> > Do not repeat $(obj)/signing_key.pem
> >
> > Signed-off-by: Masahiro Yamada <[email protected]>
> > ---
> >
> > certs/Makefile | 3 +--
> > 1 file changed, 1 insertion(+), 2 deletions(-)
> >
> > diff --git a/certs/Makefile b/certs/Makefile
> > index a702b70f3cb9..97fd6cc02972 100644
> > --- a/certs/Makefile
> > +++ b/certs/Makefile
> > @@ -61,8 +61,7 @@ keytype-$(CONFIG_MODULE_SIG_KEY_TYPE_ECDSA) := -newkey ec -pkeyopt ec_paramgen_c
> > quiet_cmd_gen_key = GENKEY $@
> > cmd_gen_key = openssl req -new -nodes -utf8 -$(CONFIG_MODULE_SIG_HASH) -days 36500 \
> > -batch -x509 -config $(obj)/x509.genkey \
>
> Don't you want to replace $< too?
Ah, goot catch! Thanks.
I will change it as well.
> Reviewed-by: Nicolas Schier <[email protected]>
>
> > - -outform PEM -out $(obj)/signing_key.pem \
> > - -keyout $(obj)/signing_key.pem $(keytype-y) 2>&1
> > + -outform PEM -out $@ -keyout $@ $(keytype-y) 2>&1
> >
> > $(obj)/signing_key.pem: $(obj)/x509.genkey FORCE
> > $(call if_changed,gen_key)
> > --
> > 2.32.0
> >
--
Best Regards
Masahiro Yamada
On Mon, Dec 13, 2021 at 10:34 PM Nicolas Schier <[email protected]> wrote:
>
> On Mon, Dec 13, 2021 at 04:29:39AM +0900, Masahiro Yamada wrote:
> > Richard Weinberger pointed out the risk of sourcing the kernel config
> > from shell scripts [1], and proposed some patches [2], [3]. It is a good
> > point, but it took a long time because I was wondering how to fix this.
> >
> > This commit goes with simple grep approach because there are only a few
> > scripts including the kernel configuration.
> >
> > scripts/link_vmlinux.sh has references to a bunch of CONFIG options,
> > all of which are boolean. I added is_enabled() helper as
> > scripts/package/{mkdebian,builddeb} do.
> >
> > scripts/gen_autoksyms.sh uses 'eval', stating "to expand the whitelist
> > path". I removed it since it is the issue we are trying to fix.
> >
> > I was a bit worried about the cost of invoking the grep command over
> > again. I extracted the grep parts from it, and measured the cost. It
> > was approximately 0.03 sec, which I hope is acceptable.
> >
> > [test code]
> >
> > $ cat test-grep.sh
> > #!/bin/sh
> >
> > is_enabled() {
> > grep -q "^$1=y" include/config/auto.conf
> > }
> >
> > is_enabled CONFIG_LTO_CLANG
> > is_enabled CONFIG_LTO_CLANG
> > is_enabled CONFIG_STACK_VALIDATION
> > is_enabled CONFIG_UNWINDER_ORC
> > is_enabled CONFIG_FTRACE_MCOUNT_USE_OBJTOOL
> > is_enabled CONFIG_VMLINUX_VALIDATION
> > is_enabled CONFIG_FRAME_POINTER
> > is_enabled CONFIG_GCOV_KERNEL
> > is_enabled CONFIG_LTO_CLANG
> > is_enabled CONFIG_RETPOLINE
> > is_enabled CONFIG_X86_SMAP
> > is_enabled CONFIG_LTO_CLANG
> > is_enabled CONFIG_VMLINUX_MAP
> > is_enabled CONFIG_KALLSYMS_ALL
> > is_enabled CONFIG_KALLSYMS_ABSOLUTE_PERCPU
> > is_enabled CONFIG_KALLSYMS_BASE_RELATIVE
> > is_enabled CONFIG_DEBUG_INFO_BTF
> > is_enabled CONFIG_KALLSYMS
> > is_enabled CONFIG_DEBUG_INFO_BTF
> > is_enabled CONFIG_BPF
> > is_enabled CONFIG_BUILDTIME_TABLE_SORT
> > is_enabled CONFIG_KALLSYMS
> >
> > $ time ./test-grep.sh
> > real 0m0.036s
> > user 0m0.027s
> > sys m0.009s
> >
> > [1]: https://lore.kernel.org/all/1919455.eZKeABUfgV@blindfold/
> > [2]: https://lore.kernel.org/all/[email protected]/
> > [3]: https://lore.kernel.org/all/[email protected]/
> > Signed-off-by: Masahiro Yamada <[email protected]>
> > ---
> >
> > scripts/gen_autoksyms.sh | 6 ++---
> > scripts/link-vmlinux.sh | 47 ++++++++++++++++++++--------------------
> > scripts/setlocalversion | 9 ++++----
> > 3 files changed, 30 insertions(+), 32 deletions(-)
> >
> > diff --git a/scripts/gen_autoksyms.sh b/scripts/gen_autoksyms.sh
> > index 6ed0d225c8b1..12ffb01f13cb 100755
> > --- a/scripts/gen_autoksyms.sh
> > +++ b/scripts/gen_autoksyms.sh
> > @@ -26,10 +26,8 @@ if [ -n "$CONFIG_MODVERSIONS" ]; then
> > needed_symbols="$needed_symbols module_layout"
> > fi
>
> As kernel test robot pointed out, gen_autoksyms.sh still sources
> include/config/auto.conf. What about this:
Ah, right.
I missed to fix up this hunk somehow...
Thanks for the view.
>
> diff --git a/scripts/gen_autoksyms.sh b/scripts/gen_autoksyms.sh
> index 31872d95468b..be9ee250200e 100755
> --- a/scripts/gen_autoksyms.sh
> +++ b/scripts/gen_autoksyms.sh
> @@ -16,13 +16,11 @@ case "$KBUILD_VERBOSE" in
> ;;
> esac
>
> -# We need access to CONFIG_ symbols
> -. include/config/auto.conf
>
> needed_symbols=
>
> # Special case for modversions (see modpost.c)
> -if [ -n "$CONFIG_MODVERSIONS" ]; then
> +if grep -qe "^CONFIG_MODVERSIONS=y" include/config/auto.conf; then
> needed_symbols="$needed_symbols module_layout"
> fi
>
>
> For the other hunks:
>
> Reviewed-by: Nicolas Schier <[email protected]>
>
>
> >
> > -ksym_wl=
> > -if [ -n "$CONFIG_UNUSED_KSYMS_WHITELIST" ]; then
> > - # Use 'eval' to expand the whitelist path and check if it is relative
> > - eval ksym_wl="$CONFIG_UNUSED_KSYMS_WHITELIST"
> > +ksym_wl=$(sed -n 's/^CONFIG_UNUSED_KSYMS_WHITELIST="\(.*\)"$/\1/p' include/config/auto.conf)
> > +if [ -n "$ksym_wl" ]; then
> > [ "${ksym_wl}" != "${ksym_wl#/}" ] || ksym_wl="$abs_srctree/$ksym_wl"
> > if [ ! -f "$ksym_wl" ] || [ ! -r "$ksym_wl" ]; then
> > echo "ERROR: '$ksym_wl' whitelist file not found" >&2
> > diff --git a/scripts/link-vmlinux.sh b/scripts/link-vmlinux.sh
> > index 5cdd9bc5c385..a4b61a2f65db 100755
> > --- a/scripts/link-vmlinux.sh
> > +++ b/scripts/link-vmlinux.sh
> > @@ -34,6 +34,10 @@ LD="$1"
> > KBUILD_LDFLAGS="$2"
> > LDFLAGS_vmlinux="$3"
> >
> > +is_enabled() {
> > + grep -q "^$1=y" include/config/auto.conf
> > +}
> > +
> > # Nice output in kbuild format
> > # Will be supressed by "make -s"
> > info()
> > @@ -80,11 +84,11 @@ modpost_link()
> > ${KBUILD_VMLINUX_LIBS} \
> > --end-group"
> >
> > - if [ -n "${CONFIG_LTO_CLANG}" ]; then
> > + if is_enabled CONFIG_LTO_CLANG; then
> > gen_initcalls
> > lds="-T .tmp_initcalls.lds"
> >
> > - if [ -n "${CONFIG_MODVERSIONS}" ]; then
> > + if is_enabled CONFIG_MODVERSIONS; then
> > gen_symversions
> > lds="${lds} -T .tmp_symversions.lds"
> > fi
> > @@ -104,21 +108,21 @@ objtool_link()
> > local objtoolcmd;
> > local objtoolopt;
> >
> > - if [ "${CONFIG_LTO_CLANG} ${CONFIG_STACK_VALIDATION}" = "y y" ]; then
> > + if is_enabled CONFIG_LTO_CLANG && is_enabled CONFIG_STACK_VALIDATION; then
> > # Don't perform vmlinux validation unless explicitly requested,
> > # but run objtool on vmlinux.o now that we have an object file.
> > - if [ -n "${CONFIG_UNWINDER_ORC}" ]; then
> > + if is_enabled CONFIG_UNWINDER_ORC; then
> > objtoolcmd="orc generate"
> > fi
> >
> > objtoolopt="${objtoolopt} --duplicate"
> >
> > - if [ -n "${CONFIG_FTRACE_MCOUNT_USE_OBJTOOL}" ]; then
> > + if is_enabled CONFIG_FTRACE_MCOUNT_USE_OBJTOOL; then
> > objtoolopt="${objtoolopt} --mcount"
> > fi
> > fi
> >
> > - if [ -n "${CONFIG_VMLINUX_VALIDATION}" ]; then
> > + if is_enabled CONFIG_VMLINUX_VALIDATION; then
> > objtoolopt="${objtoolopt} --noinstr"
> > fi
> >
> > @@ -127,16 +131,16 @@ objtool_link()
> > objtoolcmd="check"
> > fi
> > objtoolopt="${objtoolopt} --vmlinux"
> > - if [ -z "${CONFIG_FRAME_POINTER}" ]; then
> > + if ! is_enabled CONFIG_FRAME_POINTER; then
> > objtoolopt="${objtoolopt} --no-fp"
> > fi
> > - if [ -n "${CONFIG_GCOV_KERNEL}" ] || [ -n "${CONFIG_LTO_CLANG}" ]; then
> > + if is_enabled CONFIG_GCOV_KERNEL || is_enabled CONFIG_LTO_CLANG; then
> > objtoolopt="${objtoolopt} --no-unreachable"
> > fi
> > - if [ -n "${CONFIG_RETPOLINE}" ]; then
> > + if is_enabled CONFIG_RETPOLINE; then
> > objtoolopt="${objtoolopt} --retpoline"
> > fi
> > - if [ -n "${CONFIG_X86_SMAP}" ]; then
> > + if is_enabled CONFIG_X86_SMAP; then
> > objtoolopt="${objtoolopt} --uaccess"
> > fi
> > info OBJTOOL ${1}
> > @@ -161,7 +165,7 @@ vmlinux_link()
> > # skip output file argument
> > shift
> >
> > - if [ -n "${CONFIG_LTO_CLANG}" ]; then
> > + if is_enabled CONFIG_LTO_CLANG; then
> > # Use vmlinux.o instead of performing the slow LTO link again.
> > objs=vmlinux.o
> > libs=
> > @@ -189,7 +193,7 @@ vmlinux_link()
> > ldflags="${ldflags} ${wl}--strip-debug"
> > fi
> >
> > - if [ -n "${CONFIG_VMLINUX_MAP}" ]; then
> > + if is_enabled CONFIG_VMLINUX_MAP; then
> > ldflags="${ldflags} ${wl}-Map=${output}.map"
> > fi
> >
> > @@ -239,15 +243,15 @@ kallsyms()
> > {
> > local kallsymopt;
> >
> > - if [ -n "${CONFIG_KALLSYMS_ALL}" ]; then
> > + if is_enabled CONFIG_KALLSYMS_ALL; then
> > kallsymopt="${kallsymopt} --all-symbols"
> > fi
> >
> > - if [ -n "${CONFIG_KALLSYMS_ABSOLUTE_PERCPU}" ]; then
> > + if is_enabled CONFIG_KALLSYMS_ABSOLUTE_PERCPU; then
> > kallsymopt="${kallsymopt} --absolute-percpu"
> > fi
> >
> > - if [ -n "${CONFIG_KALLSYMS_BASE_RELATIVE}" ]; then
> > + if is_enabled CONFIG_KALLSYMS_BASE_RELATIVE; then
> > kallsymopt="${kallsymopt} --base-relative"
> > fi
> >
> > @@ -312,9 +316,6 @@ if [ "$1" = "clean" ]; then
> > exit 0
> > fi
> >
> > -# We need access to CONFIG_ symbols
> > -. include/config/auto.conf
> > -
> > # Update version
> > info GEN .version
> > if [ -r .version ]; then
> > @@ -343,7 +344,7 @@ tr '\0' '\n' < modules.builtin.modinfo | sed -n 's/^[[:alnum:]:_]*\.file=//p' |
> > tr ' ' '\n' | uniq | sed -e 's:^:kernel/:' -e 's/$/.ko/' > modules.builtin
> >
> > btf_vmlinux_bin_o=""
> > -if [ -n "${CONFIG_DEBUG_INFO_BTF}" ]; then
> > +if is_enabled CONFIG_DEBUG_INFO_BTF; then
> > btf_vmlinux_bin_o=.btf.vmlinux.bin.o
> > if ! gen_btf .tmp_vmlinux.btf $btf_vmlinux_bin_o ; then
> > echo >&2 "Failed to generate BTF for vmlinux"
> > @@ -355,7 +356,7 @@ fi
> > kallsymso=""
> > kallsymso_prev=""
> > kallsyms_vmlinux=""
> > -if [ -n "${CONFIG_KALLSYMS}" ]; then
> > +if is_enabled CONFIG_KALLSYMS; then
> >
> > # kallsyms support
> > # Generate section listing all symbols and add it into vmlinux
> > @@ -395,12 +396,12 @@ fi
> > vmlinux_link vmlinux "${kallsymso}" ${btf_vmlinux_bin_o}
> >
> > # fill in BTF IDs
> > -if [ -n "${CONFIG_DEBUG_INFO_BTF}" -a -n "${CONFIG_BPF}" ]; then
> > +if is_enabled CONFIG_DEBUG_INFO_BTF && is_enabled CONFIG_BPF; then
> > info BTFIDS vmlinux
> > ${RESOLVE_BTFIDS} vmlinux
> > fi
> >
> > -if [ -n "${CONFIG_BUILDTIME_TABLE_SORT}" ]; then
> > +if is_enabled CONFIG_BUILDTIME_TABLE_SORT; then
> > info SORTTAB vmlinux
> > if ! sorttable vmlinux; then
> > echo >&2 Failed to sort kernel tables
> > @@ -412,7 +413,7 @@ info SYSMAP System.map
> > mksysmap vmlinux System.map
> >
> > # step a (see comment above)
> > -if [ -n "${CONFIG_KALLSYMS}" ]; then
> > +if is_enabled CONFIG_KALLSYMS; then
> > mksysmap ${kallsyms_vmlinux} .tmp_System.map
> >
> > if ! cmp -s System.map .tmp_System.map; then
> > diff --git a/scripts/setlocalversion b/scripts/setlocalversion
> > index 6b54e46a0f12..d06137405190 100755
> > --- a/scripts/setlocalversion
> > +++ b/scripts/setlocalversion
> > @@ -111,9 +111,7 @@ if $scm_only; then
> > exit
> > fi
> >
> > -if test -e include/config/auto.conf; then
> > - . include/config/auto.conf
> > -else
> > +if ! test -e include/config/auto.conf; then
> > echo "Error: kernelrelease not valid - run 'make prepare' to update it" >&2
> > exit 1
> > fi
> > @@ -125,10 +123,11 @@ if test ! "$srctree" -ef .; then
> > fi
> >
> > # CONFIG_LOCALVERSION and LOCALVERSION (if set)
> > -res="${res}${CONFIG_LOCALVERSION}${LOCALVERSION}"
> > +config_localversion=$(sed -n 's/^CONFIG_LOCALVERSION="\(.*\)"$/\1/p' include/config/auto.conf)
> > +res="${res}${config_localversion}${LOCALVERSION}"
> >
> > # scm version string if not at a tagged commit
> > -if test "$CONFIG_LOCALVERSION_AUTO" = "y"; then
> > +if grep -q "^CONFIG_LOCALVERSION_AUTO=y$" include/config/auto.conf; then
> > # full scm version string
> > res="$res$(scm_version)"
> > elif [ "${LOCALVERSION+set}" != "set" ]; then
> > --
> > 2.32.0
> >
--
Best Regards
Masahiro Yamada