Benjamin Poirier added some minor fixes and clean ups to localmodconfig.

One is a fix for making sure that module signing still works when
 coming from a different environment. If original keys are not found it
 will warn and reset the keys to their default value.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJXPf7XAAoJEKKk/i67LK/8HXYH+QH5Pp85FV3aA8rN4O/lnJyy
 bz3bffB13GpO1tMFgqdoPjq41rRVJLIrCVrwypRP3KxnWyN520xkATi14um8eQr2
 JfWimXDjX3qH++bqFAckvb++1pp0jMRVwNXsakQEvQGJTNVkdCsLgpSUObo9WSPy
 JjphoX0+E/gh0qXrhNmGZDXFQT+YCKiVDAuyLjw+3GP3OXJUqQrQsqBTAcTgKgb2
 fAKjvYOPptZ+GogZgqAUpx8+yxLBWHSj2PdGAvsCL5ZBYU9LEuq+VYS7XI50oTyT
 5U+4DGdcee02EBgKP/CkhjeadmQTOSdRmN2c6ev41LebPjPPnTA7QJVp6yZZ7ko=
 =ef99
 -----END PGP SIGNATURE-----

Merge tag 'localmodconfig-v4.7' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-kconfig

Pull localmodconfig updates from Steven Rostedt.
 "Benjamin Poirier added some minor fixes and clean ups to
  localmodconfig.

  One is a fix for making sure that module signing still works when
  coming from a different environment.  If original keys are not found
  it will warn and reset the keys to their default value"

* tag 'localmodconfig-v4.7' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-kconfig:
  localmodconfig: Fix whitespace repeat count after "tristate"
  localmodconfig: Reset certificate paths
  localmodconfig: Add missing $ to reference a variable
  localmodconfig: Fix parsing of "help" text
  localmodconfig: Recognize more keywords that end a menu entry
  localmodconfig: Fix parsing of Kconfig "source" statements
This commit is contained in:
Linus Torvalds 2016-05-19 11:36:26 -07:00
commit ec67b14c1b

View file

@ -188,7 +188,7 @@ sub read_kconfig {
$cont = 0; $cont = 0;
# collect any Kconfig sources # collect any Kconfig sources
if (/^source\s*"(.*)"/) { if (/^source\s+"?([^"]+)/) {
my $kconfig = $1; my $kconfig = $1;
# prevent reading twice. # prevent reading twice.
if (!defined($read_kconfigs{$kconfig})) { if (!defined($read_kconfigs{$kconfig})) {
@ -237,7 +237,7 @@ sub read_kconfig {
} }
# configs without prompts must be selected # configs without prompts must be selected
} elsif ($state ne "NONE" && /^\s*tristate\s\S/) { } elsif ($state ne "NONE" && /^\s*(tristate\s+\S|prompt\b)/) {
# note if the config has a prompt # note if the config has a prompt
$prompts{$config} = 1; $prompts{$config} = 1;
@ -256,8 +256,8 @@ sub read_kconfig {
$iflevel-- if ($iflevel); $iflevel-- if ($iflevel);
# stop on "help" # stop on "help" and keywords that end a menu entry
} elsif (/^\s*help\s*$/) { } elsif (/^\s*(---)?help(---)?\s*$/ || /^(comment|choice|menu)\b/) {
$state = "NONE"; $state = "NONE";
} }
} }
@ -454,7 +454,7 @@ sub parse_config_depends
$p =~ s/^[^$valid]*[$valid]+//; $p =~ s/^[^$valid]*[$valid]+//;
# We only need to process if the depend config is a module # We only need to process if the depend config is a module
if (!defined($orig_configs{$conf}) || !$orig_configs{conf} eq "m") { if (!defined($orig_configs{$conf}) || $orig_configs{$conf} eq "y") {
next; next;
} }
@ -610,6 +610,40 @@ foreach my $line (@config_file) {
next; next;
} }
if (/CONFIG_MODULE_SIG_KEY="(.+)"/) {
my $orig_cert = $1;
my $default_cert = "certs/signing_key.pem";
# Check that the logic in this script still matches the one in Kconfig
if (!defined($depends{"MODULE_SIG_KEY"}) ||
$depends{"MODULE_SIG_KEY"} !~ /"\Q$default_cert\E"/) {
print STDERR "WARNING: MODULE_SIG_KEY assertion failure, ",
"update needed to ", __FILE__, " line ", __LINE__, "\n";
print;
} elsif ($orig_cert ne $default_cert && ! -f $orig_cert) {
print STDERR "Module signature verification enabled but ",
"module signing key \"$orig_cert\" not found. Resetting ",
"signing key to default value.\n";
print "CONFIG_MODULE_SIG_KEY=\"$default_cert\"\n";
} else {
print;
}
next;
}
if (/CONFIG_SYSTEM_TRUSTED_KEYS="(.+)"/) {
my $orig_keys = $1;
if (! -f $orig_keys) {
print STDERR "System keyring enabled but keys \"$orig_keys\" ",
"not found. Resetting keys to default value.\n";
print "CONFIG_SYSTEM_TRUSTED_KEYS=\"\"\n";
} else {
print;
}
next;
}
if (/^(CONFIG.*)=(m|y)/) { if (/^(CONFIG.*)=(m|y)/) {
if (defined($configs{$1})) { if (defined($configs{$1})) {
if ($localyesconfig) { if ($localyesconfig) {