Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752566AbaAOVv7 (ORCPT ); Wed, 15 Jan 2014 16:51:59 -0500 Received: from ozlabs.org ([203.10.76.45]:35024 "EHLO ozlabs.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751361AbaAOVv5 (ORCPT ); Wed, 15 Jan 2014 16:51:57 -0500 From: Rusty Russell To: "Lee\, Chun-Yi" , dhowells@redhat.com Cc: linux-kernel@vger.kernel.org, Chun-Yi Lee , Josh Boyer , Randy Dunlap , Herbert Xu , "David S. Miller" , Michal Marek Cc: "David Howells" Subject: Re: [PATCH] MODSIGN: Fix including certificate twice when the signing_key.x509 In-Reply-To: <1389249983-31265-1-git-send-email-jlee@suse.com> References: <1389249983-31265-1-git-send-email-jlee@suse.com> User-Agent: Notmuch/0.15.2 (http://notmuchmail.org) Emacs/23.4.1 (x86_64-pc-linux-gnu) Date: Wed, 15 Jan 2014 15:09:54 +1030 Message-ID: <87eh49x3hh.fsf@rustcorp.com.au> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Punting to David Howells... Cheers, Rusty. "Lee, Chun-Yi" writes: > From: Chun-Yi Lee > > This issue was found in devel-pekey branch on linux-modsign.git tree. > The > x509_certificate_list includes certificate twice when the > signing_key.x509 > already exists. > We can reproduce this issue by making kernel twice, the build log of > second time looks like this: > > ... > CHK kernel/config_data.h > CERTS kernel/x509_certificate_list > - Including cert /ramdisk/working/joey/linux-modsign/signing_key.x509 > - Including cert signing_key.x509 > ... > > Actually the build path was the same with the srctree path when building > kernel. It causes the size of bzImage increased by packaging > certificates > twice. > > v2: > Using '$(shell /bin/pwd)' instead of '$(shell pwd)' for more reliable > between different shells Hmm, that's not a great test for equality. How about: ifneq ($(realpath .), $(realpath $(srctree))) That should cover all the cases. Cheers, Rusty. > > Cc: Rusty Russell > Cc: Josh Boyer > Cc: Randy Dunlap > Cc: Herbert Xu > Cc: "David S. Miller" > Cc: Michal Marek > Signed-off-by: Chun-Yi Lee > Signed-off-by: David Howells > --- > kernel/Makefile | 5 ++++- > 1 files changed, 4 insertions(+), 1 deletions(-) > > diff --git a/kernel/Makefile b/kernel/Makefile > index bc010ee..582fa7a 100644 > --- a/kernel/Makefile > +++ b/kernel/Makefile > @@ -136,7 +136,10 @@ $(obj)/timeconst.h: $(obj)/hz.bc $(src)/timeconst.bc FORCE > # > ############################################################################### > ifeq ($(CONFIG_SYSTEM_TRUSTED_KEYRING),y) > -X509_CERTIFICATES-y := $(wildcard *.x509) $(wildcard $(srctree)/*.x509) > +X509_CERTIFICATES-y := $(wildcard *.x509) > +ifneq ($(shell /bin/pwd), $(srctree)) > +X509_CERTIFICATES-y += $(wildcard $(srctree)/*.x509) > +endif > X509_CERTIFICATES-$(CONFIG_MODULE_SIG) += $(objtree)/signing_key.x509 > X509_CERTIFICATES-raw := $(sort $(foreach CERT,$(X509_CERTIFICATES-y), \ > $(or $(realpath $(CERT)),$(CERT)))) > -- > 1.6.4.2 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/