aboutsummaryrefslogtreecommitdiffstats
path: root/scripts
Commit message (Collapse)AuthorAge
* sign-file: fix the perl warning message when extracting ASN.1Chun-Yi Lee2012-11-21
| | | | | | | | | | | | | | | | | | | There have the following warning message when running modules install for sign ko files: # make modules_install ... INSTALL drivers/input/touchscreen/pcap_ts.ko Found = in conditional, should be == at scripts/sign-file line 164. Found = in conditional, should be == at scripts/sign-file line 161. Found = in conditional, should be == at scripts/sign-file line 159. This patch change replace '=' by '==' in elsif conditions for avoid the above warning messages. Signed-off-by: Chun-Yi Lee <jlee@suse.com> Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* Merge branch 'rc-fixes' of ↵Linus Torvalds2012-11-12
|\ | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild Pull menuconfig portability fix from Michal Marek: "Here is a fix for v3.7 that makes menuconfig compile again on systems whose C library is lacking CIRCLEQ_* macros. I thought I sent it earlier, but apparently I did not." * 'rc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild: menuconfig: Replace CIRCLEQ by list_head-style lists.
| * menuconfig: Replace CIRCLEQ by list_head-style lists.Benjamin Poirier2012-10-25
| | | | | | | | | | | | | | | | | | | | | | | | sys/queue.h and CIRCLEQ in particular have proven to cause portability problems (reported on Debian Sarge, Cygwin and FreeBSD) Reported-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Tested-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Tested-by: Yaakov Selkowitz <yselkowitz@users.sourceforge.net> Signed-off-by: Benjamin Poirier <bpoirier@suse.de> Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Michal Marek <mmarek@suse.cz>
* | Merge branch 'akpm' (Fixes from Andrew)Linus Torvalds2012-11-09
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Merge misc fixes from Andrew Morton: "Five fixes" * emailed patches from Andrew Morton <akpm@linux-foundation.org>: (5 patches) h8300: add missing L1_CACHE_SHIFT mm: bugfix: set current->reclaim_state to NULL while returning from kswapd() fanotify: fix missing break revert "epoll: support for disabling items, and a self-test app" checkpatch: improve network block comment style checking
| * | checkpatch: improve network block comment style checkingJoe Perches2012-11-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some comment styles in net and drivers/net are flagged inappropriately. Avoid proclaiming inline comments like: int a = b; /* some comment */ and block comments like: /********************* * some comment ********************/ are defective. Tested with $ cat drivers/net/t.c /* foo */ /* * foo */ /* foo */ /* foo * bar */ /**************************** * some long block comment ***************************/ struct foo { int bar; /* another test */ }; $ Signed-off-by: Joe Perches <joe@perches.com> Reported-by: Larry Finger <Larry.Finger@lwfinger.net> Cc: David Miller <davem@davemloft.net> Cc: Stephen Hemminger <shemminger@vyatta.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | | modules: don't break modules_install on external modules with no key.Rusty Russell2012-11-05
|/ / | | | | | | | | | | | | | | | | The script still spits out an error ("Can't read private key") but we don't break modules_install. Reported-by: Bruno Wolff III <bruno@wolff.to> Original-patch-by: Josh Boyer <jwboyer@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
* | MODSIGN: Move the magic string to the end of a module and eliminate the searchDavid Howells2012-10-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Emit the magic string that indicates a module has a signature after the signature data instead of before it. This allows module_sig_check() to be made simpler and faster by the elimination of the search for the magic string. Instead we just need to do a single memcmp(). This works because at the end of the signature data there is the fixed-length signature information block. This block then falls immediately prior to the magic number. From the contents of the information block, it is trivial to calculate the size of the signature data and thus the size of the actual module data. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | MODSIGN: perlify sign-file and merge in x509keyidDavid Howells2012-10-19
| | | | | | | | | | | | | | | | | | | | Turn sign-file into perl and merge in x509keyid. The latter doesn't need to be a separate script as it doesn't actually need to work out the SHA1 sum of the X.509 certificate itself, since it can get that from the X.509 certificate. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | kbuild: Fix module signature generationLinus Torvalds2012-10-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Rusty had clearly not actually tested his module signing changes that I (trustingly) applied as commit e2a666d52b48 ("kbuild: sign the modules at install time"). That commit had multiple bugs: - using "${#VARIABLE}" to get the number of characters in a shell variable may look clever, but it's locale-dependent: it returns the number of *characters*, not bytes. And we do need bytes. So don't use "${#..}" expansion, do the stupid "wc -c" thing instead (where "c" stands for "bytes", not "characters", despite the letter. - Rusty had confused "siglen" and "signerlen", and his conversion didn't set "signerlen" at all, and incorrectly set "siglen" to the size of the signer, not the size of the signature. End result: the modified sign-file script did create something that superficially *looked* like a signature, but didn't actually work at all, and would fail the signature check. Oops. Tssk, tssk, Rusty. But Rusty was definitely right that this whole thing should be rewritten in perl by somebody who has the perl-fu to do so. That is not me, though - I'm just doing an emergency fix for the shell script. Cc: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | kbuild: sign the modules at install timeRusty Russell2012-10-19
| | | | | | | | | | | | | | | | | | | | | | | | Linus deleted the old code and put signing on the install command, I fixed it to extract the keyid and signer-name within sign-file and cleaned up that script now it always signs in-place. Some enthusiast should convert sign-key to perl and pull x509keyid into it. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | Merge tag 'dt-fixes-for-3.7' of git://sources.calxeda.com/kernel/linuxLinus Torvalds2012-10-18
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Pull DeviceTree fixes from Rob Herring: "A handful of fixes: - a fix for dtc from upstream - sparse fixes in DeviceTree code - stub of_get_child_by_name for !OF builds" * tag 'dt-fixes-for-3.7' of git://sources.calxeda.com/kernel/linux: dtc: fix for_each_*() to skip first object if deleted of/platform: sparse fix of/irq: sparse fixes of/address: sparse fixes of: add stub of_get_child_by_name for non-OF builds
| * | dtc: fix for_each_*() to skip first object if deletedStephen Warren2012-10-17
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | The previous definition of for_each_*() would always include the very first object within the list, irrespective of whether it was marked deleted, since the deleted flag was not checked on the first object, but only on any "next" object. Fix for_each_*() to check the deleted flag in the loop body every iteration to correct this. (upstream dtc commit 1762ab42ef77db7ab2776d0d6cba3515150f518a) Signed-off-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Rob Herring <rob.herring@calxeda.com>
* | uapi: Allow automatic generation of uapi/asm/ header filesCatalin Marinas2012-10-17
| | | | | | | | | | | | | | | | | | | | | | | | Several arch/*/include/uapi/asm/* header simply include the corresponding <asm-generic/*> file. This patch allows such files to be specified in uapi/asm/Kbuild via "generic-y += ..." to be automatically generated (similar to asm/Kbuild). Signed-off-by: Catalin Marinas <catalin.marinas@arm.com> Signed-off-by: David Howells <dhowells@redhat.com> Cc: Michal Marek <mmarek@suse.cz> Cc: Arnd Bergmann <arnd@arndb.de>
* | kbuild: Fix accidental revert in commit fe04ddfMichal Marek2012-10-15
|/ | | | | | | | | | | | | | | Commit fe04ddf7c291 ("kbuild: Do not package /boot and /lib in make tar-pkg") accidentally reverted two previous kbuild commits. I don't know what I was thinking. This brings back changes made by commits 24cc7fb69a5b ("x86/kbuild: archscripts depends on scripts_basic") and c1c1a59e37da ("firmware: fix directory creation rule matching with make 3.80") Reported-by: Jan Beulich <JBeulich@suse.com> Cc: <stable@vger.kernel.org> Signed-off-by: Michal Marek <mmarek@suse.cz> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* Merge branch 'modules-next' of ↵Linus Torvalds2012-10-14
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux Pull module signing support from Rusty Russell: "module signing is the highlight, but it's an all-over David Howells frenzy..." Hmm "Magrathea: Glacier signing key". Somebody has been reading too much HHGTTG. * 'modules-next' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux: (37 commits) X.509: Fix indefinite length element skip error handling X.509: Convert some printk calls to pr_devel asymmetric keys: fix printk format warning MODSIGN: Fix 32-bit overflow in X.509 certificate validity date checking MODSIGN: Make mrproper should remove generated files. MODSIGN: Use utf8 strings in signer's name in autogenerated X.509 certs MODSIGN: Use the same digest for the autogen key sig as for the module sig MODSIGN: Sign modules during the build process MODSIGN: Provide a script for generating a key ID from an X.509 cert MODSIGN: Implement module signature checking MODSIGN: Provide module signing public keys to the kernel MODSIGN: Automatically generate module signing keys if missing MODSIGN: Provide Kconfig options MODSIGN: Provide gitignore and make clean rules for extra files MODSIGN: Add FIPS policy module: signature checking hook X.509: Add a crypto key parser for binary (DER) X.509 certificates MPILIB: Provide a function to read raw data into an MPI X.509: Add an ASN.1 decoder X.509: Add simple ASN.1 grammar compiler ...
| * MODSIGN: Sign modules during the build processDavid Howells2012-10-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If CONFIG_MODULE_SIG is set, then this patch will cause all modules files to to have signatures added. The following steps will occur: (1) The module will be linked to foo.ko.unsigned instead of foo.ko (2) The module will be stripped using both "strip -x -g" and "eu-strip" to ensure minimal size for inclusion in an initramfs. (3) The signature will be generated on the stripped module. (4) The signature will be appended to the module, along with some information about the signature and a magic string that indicates the presence of the signature. Step (3) requires private and public keys to be available. By default these are expected to be found in files: signing_key.priv signing_key.x509 in the base directory of the build. The first is the private key in PEM form and the second is the X.509 certificate in DER form as can be generated from openssl: openssl req \ -new -x509 -outform PEM -out signing_key.x509 \ -keyout signing_key.priv -nodes \ -subj "/CN=H2G2/O=Magrathea/CN=Slartibartfast" If the secret key is not found then signing will be skipped and the unsigned module from (1) will just be copied to foo.ko. If signing occurs, lines like the following will be seen: LD [M] fs/foo/foo.ko.unsigned STRIP [M] fs/foo/foo.ko.stripped SIGN [M] fs/foo/foo.ko will appear in the build log. If the signature step will be skipped and the following will be seen: LD [M] fs/foo/foo.ko.unsigned STRIP [M] fs/foo/foo.ko.stripped NO SIGN [M] fs/foo/foo.ko NOTE! After the signature step, the signed module _must_not_ be passed through strip. The unstripped, unsigned module is still available at the name on the LD [M] line. This restriction may affect packaging tools (such as rpmbuild) and initramfs composition tools. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
| * MODSIGN: Provide a script for generating a key ID from an X.509 certDavid Howells2012-10-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Provide a script to parse an X.509 certificate and certain pieces of information from it in order to generate a key identifier to be included within a module signature. The script takes the Subject Name and extracts (if present) the organizationName (O), the commonName (CN) and the emailAddress and fabricates the signer's name from them: (1) If both O and CN exist, then the name will be "O: CN", unless: (a) CN is prefixed by O, in which case only CN is used. (b) CN and O share at least the first 7 characters, in which case only CN is used. (2) Otherwise, CN is used if present. (3) Otherwise, O is used if present. (4) Otherwise the emailAddress is used, if present. (5) Otherwise a blank name is used. The script emits a binary encoded identifier in the following form: - 2 BE bytes indicating the length of the signer's name. - 2 BE bytes indicating the length of the subject key identifier. - The characters of the signer's name. - The bytes of the subject key identifier. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
| * X.509: Add simple ASN.1 grammar compilerDavid Howells2012-10-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a simple ASN.1 grammar compiler. This produces a bytecode output that can be fed to a decoder to inform the decoder how to interpret the ASN.1 stream it is trying to parse. Action functions can be specified in the grammar by interpolating: ({ foo }) after a type, for example: SubjectPublicKeyInfo ::= SEQUENCE { algorithm AlgorithmIdentifier, subjectPublicKey BIT STRING ({ do_key_data }) } The decoder is expected to call these after matching this type and parsing the contents if it is a constructed type. The grammar compiler does not currently support the SET type (though it does support SET OF) as I can't see a good way of tracking which members have been encountered yet without using up extra stack space. Currently, the grammar compiler will fail if more than 256 bytes of bytecode would be produced or more than 256 actions have been specified as it uses 8-bit jump values and action indices to keep space usage down. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
* | Merge branch 'misc' of ↵Linus Torvalds2012-10-11
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild Pull kbuild misc changes from Michal Marek: "In the non-critical part of kbuild, I have - Some make coccicheck improvements and two new tests - Support for a cleaner html output in scripts/kernel-doc, named html5 (no, it does not play videos, yet) BTW, Randy wants to route further kernel-doc patches through the kbuild tree." * 'misc' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild: Update SmPL/Coccinelle section of MAINTAINERS coccicheck: Add the rep+ctxt mode scripts/coccinelle/tests/odd_ptr_err.cocci: semantic patch for IS_ERR/PTR_ERR inconsistency scripts/tags.sh: Add magic for pci access functions scripts/coccinelle: ptr_ret: Add ternary operator version scripts/kernel-doc: drop maintainer scripts/kernel-doc: added support for html5
| * | coccicheck: Add the rep+ctxt modeNicolas Palix2012-10-11
| | | | | | | | | | | | | | | | | | | | | | | | This adds a 'rep+ctxt' mode which prints the warning message followed by the context. Signed-off-by: Nicolas Palix <nicolas.palix@imag.fr> Signed-off-by: Michal Marek <mmarek@suse.cz>
| * | scripts/coccinelle/tests/odd_ptr_err.cocci: semantic patch for ↵Julia Lawall2012-10-11
| | | | | | | | | | | | | | | | | | | | | IS_ERR/PTR_ERR inconsistency Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr> Signed-off-by: Michal Marek <mmarek@suse.cz>
| * | scripts/tags.sh: Add magic for pci access functionsKirill Tkhai2012-08-31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | scripts/tags.sh: Add magic for pci access functions Make [ce]tags find the pci_bus_read_config_* and pci_bus_write_config_* definitions Signed-off-by: Kirill Tkhai <tkhai@yandex.ru> Signed-off-by: Michal Marek <mmarek@suse.cz>
| * | scripts/coccinelle: ptr_ret: Add ternary operator versionLars-Peter Clausen2012-08-31
| | | | | | | | | | |