Re: [PATCH v2] MODSIGN: Only sign modules if built in-tree
From: Josh Boyer
Date: Mon Nov 05 2012 - 08:24:20 EST
On Mon, Nov 05, 2012 at 12:31:39PM +1030, Rusty Russell wrote:
> Josh Boyer <jwboyer@xxxxxxxxxx> writes:
> > diff --git a/Makefile b/Makefile
> > index 14c93b3..7e27d51 100644
> > --- a/Makefile
> > +++ b/Makefile
> > @@ -722,8 +722,14 @@ export mod_strip_cmd
> > ifeq ($(CONFIG_MODULE_SIG),y)
> > MODSECKEY = ./signing_key.priv
> > MODPUBKEY = ./signing_key.x509
> > +ifeq ($(KBUILD_EXTMOD),)
> > +SIGNFAIL = false
> > +else
> > +# External builds might not have a signing key, don't break module_install.
> > +SIGNFAIL = true
> > +endif # KBUILD_EXTMOD
> > export MODPUBKEY
> > -mod_sign_cmd = perl $(srctree)/scripts/sign-file $(MODSECKEY) $(MODPUBKEY)
> > +mod_sign_cmd = $(SIGNFAIL) || perl $(srctree)/scripts/sign-file $(MODSECKEY) $(MODPUBKEY)
> > else
> > mod_sign_cmd = true
> > endif
>
> Huh? 'true || perl' never runs perl due to short circuiting.
Right. Why would we even bother running the perl fragment for
out-of-tree modules, when the entire purpose of the patch was to not
sign out-of-tree modules?
> Let's do this instead. Tested here, please ack.
Sure, will test shortly.
josh
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/