From patchwork Tue Jan 31 08:43:22 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?Jan_L=C3=BCbbe?= X-Patchwork-Id: 50721 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp2636984wrn; Tue, 31 Jan 2023 00:52:53 -0800 (PST) X-Google-Smtp-Source: AMrXdXvf9GlsMqXKi0yGRqf+WhtnUCJuvzJd8RacFa+EHg5CA1AXTLGnSlEwYhFdqosV2D5WMH6q X-Received: by 2002:a17:90b:3b83:b0:229:f4e3:9586 with SMTP id pc3-20020a17090b3b8300b00229f4e39586mr44482874pjb.1.1675155173251; Tue, 31 Jan 2023 00:52:53 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1675155173; cv=none; d=google.com; s=arc-20160816; b=G+6BQ5S8YyJ9w/KR6mqHqkGlv4vAb9xFKsPduJDJfpZI1slnYf8umPZEnfCy1DVOH3 ZbEhTPD6t9I/XMGHY7b34UV9zBDvZrTNsrNHv+KNTVvvuKXpvxh0gzTQ/SdQIEG/+Sky da9EU/VvP4ywbVWIZKIARn6mcE2o1GT3xT0OEcm9Q4shV0z22rji+GRrWwBdf1uoeiLt /kW2qCI271rRgI5zgk3urEz6C+at4XU1WkjVnRA+sXvkLdJ+OAQi0bt79V+duTbSl/p8 BDcS51nuUZfTanFMjsz2iwaqyVMYHoMbu4k7R869yu4zjAKwrEhTBI3t4rwlrX2kvrox eT/A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=5zjiCa7qNnu1XRK9Y/DDRjECczvu9THb7Hy7PdD5VcE=; b=ctfO00LTWD1wTbRzpOddYQynFn/FfEVLxWWAuxtJHmShvb/i3HLUoW/2tDebp3+0yv 9QrPIUDcsYU8D7h/okfVQF7MQCHkSwnrvICsSfxPmNoOhqO0vc36YLbIrGfL5HVSkQuV 7/GYh4zZAOYC7LHSFHFLCWqlAj+wqrJpwI5TaEHmEzj3Sx30d90U+/mUGU+5Qgn04rVv vHYpBoi6gbMTGiXFDrH3T9vTIDLjXVrkTRLQQxRgOhdfMJF6jh93MIiEtS07T4VQtWqh EUYO0MtlMLsd0SkAVOUr5Qb5yZ4qezoc72wIcN/Dwi5iAf8D+1B6eexjx3SMPAm/ptlJ VmMQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id i5-20020a17090a718500b00229f5cf70f9si15826616pjk.107.2023.01.31.00.52.41; Tue, 31 Jan 2023 00:52:53 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231236AbjAaIs7 (ORCPT + 99 others); Tue, 31 Jan 2023 03:48:59 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35306 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230496AbjAaIsX (ORCPT ); Tue, 31 Jan 2023 03:48:23 -0500 Received: from metis.ext.pengutronix.de (metis.ext.pengutronix.de [IPv6:2001:67c:670:201:290:27ff:fe1d:cc33]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 92E004E534 for ; Tue, 31 Jan 2023 00:44:14 -0800 (PST) Received: from drehscheibe.grey.stw.pengutronix.de ([2a0a:edc0:0:c01:1d::a2]) by metis.ext.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1pMmEm-0002o0-1B; Tue, 31 Jan 2023 09:43:32 +0100 Received: from [2a0a:edc0:0:1101:1d::39] (helo=dude03.red.stw.pengutronix.de) by drehscheibe.grey.stw.pengutronix.de with esmtp (Exim 4.94.2) (envelope-from ) id 1pMmEl-001eKt-Iq; Tue, 31 Jan 2023 09:43:30 +0100 Received: from jlu by dude03.red.stw.pengutronix.de with local (Exim 4.94.2) (envelope-from ) id 1pMmEj-005vrY-VE; Tue, 31 Jan 2023 09:43:29 +0100 From: Jan Luebbe To: Masahiro Yamada Cc: Jan Luebbe , David Howells , David Woodhouse , keyrings@vger.kernel.org, linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, kernel@pengutronix.de Subject: [PATCH v2 1/2] certs: Fix build error when PKCS#11 URI contains semicolon Date: Tue, 31 Jan 2023 09:43:22 +0100 Message-Id: <20230131084323.1414010-2-jlu@pengutronix.de> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20230131084323.1414010-1-jlu@pengutronix.de> References: <20230131084323.1414010-1-jlu@pengutronix.de> MIME-Version: 1.0 X-SA-Exim-Connect-IP: 2a0a:edc0:0:c01:1d::a2 X-SA-Exim-Mail-From: jlu@pengutronix.de X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false X-PTX-Original-Recipient: linux-kernel@vger.kernel.org X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1756527510833316465?= X-GMAIL-MSGID: =?utf-8?q?1756527510833316465?= When CONFIG_MODULE_SIG_KEY is PKCS#11 URI (pkcs11:*) and contains a semicolon, signing_key.x509 fails to build: certs/extract-cert pkcs11:token=foo;object=bar;pin-value=1111 certs/signing_key.x509 Usage: extract-cert Add quotes to the extract-cert argument to avoid splitting by the shell. This approach was suggested by Masahiro Yamada . Fixes: 129ab0d2d9f3 ("kbuild: do not quote string values in include/config/auto.conf") Signed-off-by: Jan Luebbe --- certs/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/certs/Makefile b/certs/Makefile index 9486ed924731..799ad7b9e68a 100644 --- a/certs/Makefile +++ b/certs/Makefile @@ -23,8 +23,8 @@ $(obj)/blacklist_hash_list: $(CONFIG_SYSTEM_BLACKLIST_HASH_LIST) FORCE targets += blacklist_hash_list quiet_cmd_extract_certs = CERT $@ - cmd_extract_certs = $(obj)/extract-cert $(extract-cert-in) $@ -extract-cert-in = $(or $(filter-out $(obj)/extract-cert, $(real-prereqs)),"") + cmd_extract_certs = $(obj)/extract-cert "$(extract-cert-in)" $@ +extract-cert-in = $(filter-out $(obj)/extract-cert, $(real-prereqs)) $(obj)/system_certificates.o: $(obj)/x509_certificate_list From patchwork Tue Jan 31 08:43:23 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?Jan_L=C3=BCbbe?= X-Patchwork-Id: 50718 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp2636892wrn; Tue, 31 Jan 2023 00:52:35 -0800 (PST) X-Google-Smtp-Source: AMrXdXtxtamVfAl+kyR9Q0rKOG0eKlsHBgwu+uxaFI3UZ16N5L3FovIrJHtswza4fcJ8Qd+zYzkb X-Received: by 2002:a05:6a21:2d89:b0:b9:7a47:bca5 with SMTP id ty9-20020a056a212d8900b000b97a47bca5mr40921175pzb.43.1675155155679; Tue, 31 Jan 2023 00:52:35 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1675155155; cv=none; d=google.com; s=arc-20160816; b=goBpRnMSd+Q4fwBOgjS6IahuR5fnOvaY7lbDhis3Qi+rxKndSFVN7dRumaLFc5Ax39 B4mVlGszLJABlq9PC1VFqaad+uQiZNy+qHhtJR/r7FX9hwbESgwT2eJCtio69ME+a4qq xIbYxMOQL6+tUO8zsb/NGv0TDGGiq0qTe2YmVFUc48lce+8No4/YrGGTWLez7eHpuLDP UxT9umMKBKil5Fcj5SSAt4U4Sk+ccSjKq7EPuZNAJk4WCOZPkbGwUv9+tE2oiUMsBf6Z aZhQ48j47D8MDAzOvwSIhUQypAkYoVhGu0PdoSxS/qIOWphWB7kIyuFtIbsPGQc1Ip3l 83Xw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=yMO5yfR3nQuW5MVYptBHE6c4hVdEkNOV61mau/cnGMo=; b=XfI1lPjhY++604jqKOt6YIngcOMGodBgsKhfmI/M9L1Sy9x2AaTf66+OQH9nHSqzk9 3NaoaN+1dK98ioDj4yJj7Rx3caiPOAb2tqPLEUVgr/aUTysOs5W+KZxxQ6FHCd+anLBC jcSlJTVv7uX28KVrx94W4GrxeBfxvN8FstI2K+zyxgUdNWlDwb9CdOzdJJIlXKWCj7D3 tYO7ilB84w8fKyssLovh176F45rLvOA3cggJTU4UtGyHqrASWWOnbkf+z+czY+qGEPS8 jaU62YI2/+j5XAvX+MMLqgq4hCgeFHMm0k4TP+DRHmWw/Ib7MGF7/clwiSOMQ9eLtP43 60Bw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id h64-20020a638343000000b004de819c6258si5482188pge.102.2023.01.31.00.52.23; Tue, 31 Jan 2023 00:52:35 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231590AbjAaIsf (ORCPT + 99 others); Tue, 31 Jan 2023 03:48:35 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:32854 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230479AbjAaIsW (ORCPT ); Tue, 31 Jan 2023 03:48:22 -0500 Received: from metis.ext.pengutronix.de (metis.ext.pengutronix.de [IPv6:2001:67c:670:201:290:27ff:fe1d:cc33]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 920BA4DCF1 for ; Tue, 31 Jan 2023 00:44:14 -0800 (PST) Received: from drehscheibe.grey.stw.pengutronix.de ([2a0a:edc0:0:c01:1d::a2]) by metis.ext.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1pMmEm-0002nr-1H; Tue, 31 Jan 2023 09:43:32 +0100 Received: from [2a0a:edc0:0:1101:1d::39] (helo=dude03.red.stw.pengutronix.de) by drehscheibe.grey.stw.pengutronix.de with esmtp (Exim 4.94.2) (envelope-from ) id 1pMmEl-001eKp-HY; Tue, 31 Jan 2023 09:43:30 +0100 Received: from jlu by dude03.red.stw.pengutronix.de with local (Exim 4.94.2) (envelope-from ) id 1pMmEj-005vrb-WB; Tue, 31 Jan 2023 09:43:30 +0100 From: Jan Luebbe To: Masahiro Yamada Cc: Jan Luebbe , David Howells , David Woodhouse , keyrings@vger.kernel.org, linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, kernel@pengutronix.de Subject: [PATCH v2 2/2] kbuild: modinst: Fix build error when CONFIG_MODULE_SIG_KEY is a PKCS#11 URI Date: Tue, 31 Jan 2023 09:43:23 +0100 Message-Id: <20230131084323.1414010-3-jlu@pengutronix.de> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20230131084323.1414010-1-jlu@pengutronix.de> References: <20230131084323.1414010-1-jlu@pengutronix.de> MIME-Version: 1.0 X-SA-Exim-Connect-IP: 2a0a:edc0:0:c01:1d::a2 X-SA-Exim-Mail-From: jlu@pengutronix.de X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false X-PTX-Original-Recipient: linux-kernel@vger.kernel.org X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1756527492546295435?= X-GMAIL-MSGID: =?utf-8?q?1756527492546295435?= When CONFIG_MODULE_SIG_KEY is PKCS#11 URI (pkcs11:*), signing of modules fails: scripts/sign-file sha256 /.../linux/pkcs11:token=foo;object=bar;pin-value=1111 certs/signing_key.x509 /.../kernel/crypto/tcrypt.ko Usage: scripts/sign-file [-dp] [] scripts/sign-file -s [] First, we need to avoid adding the $(srctree)/ prefix to the URL. Second, since the kconfig string values no longer include quotes, we need to add them again when passing a PKCS#11 URI to sign-file. This avoids splitting by the shell if the URI contains semicolons. Fixes: 4db9c2e3d055 ("kbuild: stop using config_filename in scripts/Makefile.modsign") Fixes: 129ab0d2d9f3 ("kbuild: do not quote string values in include/config/auto.conf") Signed-off-by: Jan Luebbe --- scripts/Makefile.modinst | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/scripts/Makefile.modinst b/scripts/Makefile.modinst index 836391e5d209..4815a8e32227 100644 --- a/scripts/Makefile.modinst +++ b/scripts/Makefile.modinst @@ -66,9 +66,13 @@ endif # Don't stop modules_install even if we can't sign external modules. # ifeq ($(CONFIG_MODULE_SIG_ALL),y) +ifeq ($(filter pkcs11:%, $(CONFIG_MODULE_SIG_KEY)),) sig-key := $(if $(wildcard $(CONFIG_MODULE_SIG_KEY)),,$(srctree)/)$(CONFIG_MODULE_SIG_KEY) +else +sig-key := $(CONFIG_MODULE_SIG_KEY) +endif quiet_cmd_sign = SIGN $@ - cmd_sign = scripts/sign-file $(CONFIG_MODULE_SIG_HASH) $(sig-key) certs/signing_key.x509 $@ \ + cmd_sign = scripts/sign-file $(CONFIG_MODULE_SIG_HASH) "$(sig-key)" certs/signing_key.x509 $@ \ $(if $(KBUILD_EXTMOD),|| true) else quiet_cmd_sign :=