Received: by 2002:a6b:fb09:0:0:0:0:0 with SMTP id h9csp810833iog; Mon, 13 Jun 2022 13:32:26 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxfIzwTxIj/qiua5a7UbJ41fzqthASWPc7phe5xlyWtcmjHbkJsKV/m81UakwEp/0IiVELX X-Received: by 2002:a05:6402:278d:b0:42e:d3d5:922e with SMTP id b13-20020a056402278d00b0042ed3d5922emr1785720ede.154.1655152346740; Mon, 13 Jun 2022 13:32:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1655152346; cv=none; d=google.com; s=arc-20160816; b=Xomfu1rq+XPu1heaVLDNGhhMfJDtoaecP6yyqGWEP+XGUaOwB0OiWTBKXSnwWhxqw5 1ZTg+UObtOQg/JbG1EoplmriOcP76Z18cKCC18ilxntEssLudX5mqMuW3iAQzbpvX3hX pAj9H3TYc91GQfmgZ13Bl6Z+nfOVYS4Va4KwfDdKiX6XLLZTjzjcnTm9h8+sgLQGZj5f w39W3SIAhO9LrbCYREJqBXiwPpAch+DzHr7p0wX3IhlyycmawwSGVM7UNqaflwLZitEf Lj3ZgfDrRsYD+WCnvtCStySUHQOnm53HnhBp5zkc2SKRY/OS2fMZJ+6DLsePXmjHjR2y Oc4w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:subject :from:references:cc:to:content-language:user-agent:mime-version:date :message-id:dkim-signature; bh=hxKr9EI+xTEfclj1k/OsvOqFQ3KkAIbKwywQU/eVJ9E=; b=mQCFDi+HpCOrzEyV0Efm/7DwVt2mHMLlJ2DS3YoyG/kao6nygdxXq7us3Q7B77Aodz 9I4BpeUQBXV4y8fM3n7F3xUKGGDfvPqlZoK47HrbQVHjjejHgS4P/rg0aNi9kWsLnMWr /bx1HHiedJbQciBukCgWVB28gGXcsbjxC0h1g4ejNdQd0UHLQvAzD1Mvwer0JyH70+nc yB7TNObwtP51lnL1LmSkQwlXPC4x3V40O8S249UozsJYF1WbtMyXhbKItkO0ao2BfyD4 SHEpjYedZR2K61q2PkIvmNf1xnO98g12k0njnWMQ5CCWQ2h2KY9T4hNy2lj+6yJmDjpQ 2vxQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@digikod.net header.s=20191114 header.b=rpPYeY2u; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id gn12-20020a1709070d0c00b00711f55a31casi9575329ejc.775.2022.06.13.13.31.59; Mon, 13 Jun 2022 13:32:26 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@digikod.net header.s=20191114 header.b=rpPYeY2u; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233870AbiFMUQD (ORCPT + 99 others); Mon, 13 Jun 2022 16:16:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50430 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235858AbiFMUPk (ORCPT ); Mon, 13 Jun 2022 16:15:40 -0400 Received: from smtp-42ad.mail.infomaniak.ch (smtp-42ad.mail.infomaniak.ch [84.16.66.173]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B03AE612A5 for ; Mon, 13 Jun 2022 11:51:34 -0700 (PDT) Received: from smtp-3-0000.mail.infomaniak.ch (unknown [10.4.36.107]) by smtp-2-3000.mail.infomaniak.ch (Postfix) with ESMTPS id 4LMLJP11JyzMqHNQ; Mon, 13 Jun 2022 20:51:33 +0200 (CEST) Received: from ns3096276.ip-94-23-54.eu (unknown [23.97.221.149]) by smtp-3-0000.mail.infomaniak.ch (Postfix) with ESMTPA id 4LMLJN2Ghszlpb36; Mon, 13 Jun 2022 20:51:32 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=digikod.net; s=20191114; t=1655146293; bh=wBMZpf+0xP3n2uuaiisiDHxgL9FxcJ7+UVn4cHmWGUI=; h=Date:To:Cc:References:From:Subject:In-Reply-To:From; b=rpPYeY2uEwL2b/Kq8B7y41Xy48cThtF+LAYSo6v6TUrchKzFc4m+62Z2XxRbXEBKI MAJ7NGRYrTqgeDRv7DHUgFSEWsXzoQrspz6agFZrgDqZRsqAeGOHuFKhsYHfslamfq aY7ojd7wI0i94L6qClmOKsBYT+EAKCtzKVeo9JLM= Message-ID: <7560779e-a4a4-9092-7616-2a6bc4310cdd@digikod.net> Date: Mon, 13 Jun 2022 20:51:31 +0200 MIME-Version: 1.0 User-Agent: Content-Language: en-US To: Masahiro Yamada Cc: Linux Kbuild mailing list , David Howells , Jarkko Sakkinen , David Woodhouse , keyrings@vger.kernel.org, Linux Kernel Mailing List , Eric Snowberg , Herbert Xu , Tyler Hicks References: <20220611172233.1494073-1-masahiroy@kernel.org> <20220611172233.1494073-3-masahiroy@kernel.org> From: =?UTF-8?Q?Micka=c3=abl_Sala=c3=bcn?= Subject: Re: [PATCH 3/4] certs: move scripts/check-blacklist-hashes.awk to certs/ In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 13/06/2022 17:28, Masahiro Yamada wrote: > On Mon, Jun 13, 2022 at 9:36 PM Mickaël Salaün wrote: >> >> >> >> On 11/06/2022 19:22, Masahiro Yamada wrote: >>> This script is only used in certs/Makefile, so certs/ is a better >>> home for it. >>> >>> Signed-off-by: Masahiro Yamada >>> --- >>> >>> MAINTAINERS | 1 - >>> certs/Makefile | 2 +- >>> {scripts => certs}/check-blacklist-hashes.awk | 0 >>> 3 files changed, 1 insertion(+), 2 deletions(-) >>> rename {scripts => certs}/check-blacklist-hashes.awk (100%) >>> >>> diff --git a/MAINTAINERS b/MAINTAINERS >>> index 1fc9ead83d2a..7c2a7c304824 100644 >>> --- a/MAINTAINERS >>> +++ b/MAINTAINERS >>> @@ -4627,7 +4627,6 @@ L: keyrings@vger.kernel.org >>> S: Maintained >>> F: Documentation/admin-guide/module-signing.rst >>> F: certs/ >>> -F: scripts/check-blacklist-hashes.awk > F: scripts/sign-file.c >>> F: tools/certs/ >>> >>> diff --git a/certs/Makefile b/certs/Makefile >>> index a8d628fd5f7b..df7aaeafd19c 100644 >>> --- a/certs/Makefile >>> +++ b/certs/Makefile >>> @@ -13,7 +13,7 @@ CFLAGS_blacklist_hashes.o := -I $(obj) >>> >>> quiet_cmd_check_and_copy_blacklist_hash_list = GEN $@ >>> cmd_check_and_copy_blacklist_hash_list = \ >>> - $(AWK) -f $(srctree)/scripts/check-blacklist-hashes.awk $(CONFIG_SYSTEM_BLACKLIST_HASH_LIST) >&2; \ >>> + $(AWK) -f $(srctree)/$(src)/check-blacklist-hashes.awk $(CONFIG_SYSTEM_BLACKLIST_HASH_LIST) >&2; \ >>> cat $(CONFIG_SYSTEM_BLACKLIST_HASH_LIST) > $@ >>> >>> $(obj)/blacklist_hash_list: $(CONFIG_SYSTEM_BLACKLIST_HASH_LIST) FORCE >>> diff --git a/scripts/check-blacklist-hashes.awk b/certs/check-blacklist-hashes.awk >>> similarity index 100% >>> rename from scripts/check-blacklist-hashes.awk >>> rename to certs/check-blacklist-hashes.awk >> >> It looks more appropriate and consistent to me to keep it in scripts/, >> close to other cert scripts. Is there some precedent to move such script? > > > I always did that. For example, > > f6f57a46435d7253a52a1a07a58183678ad266a0 > 78a20a012ecea857e438b1f9e8091acb290bd0f5 > 28ba53c07638f31b153e3a32672a6124d0ff2a97 > 4484aa800ac588a1fe2175cd53076c21067f44b4 > 340a02535ee785c64c62a9c45706597a0139e972 > > > Tools can stay in scripts/ if and only if: > > - it is used globally during kernel builds > > - it is still needed after the kernel builds. > "make clean" removes most of the build artifacts > but keeps ones under scripts/. > OK, it would be nice to have these rules in the documentation (didn't find them). Reviewed-by: Mickaël Salaün > > > scripts/insert-sys-cert is apparently unneeded for building the kernel. > If the intended use is to manipulate vmlinux later, > that is the legitimate reason to stay in scripts/. > (but even better place might be tools/) > > > certs/signing_key.pem is needed even after kernel builds. > So, it should have been kept under scripts/ instead of certs/. > > > > > > -- > Best Regards > Masahiro Yamada