Benjamin Poirier added some minor fixes and clean ups to localmodconfig.
One is a fix for making sure that module signing still works when coming from a different environment. If original keys are not found it will warn and reset the keys to their default value. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAABAgAGBQJXPf7XAAoJEKKk/i67LK/8HXYH+QH5Pp85FV3aA8rN4O/lnJyy bz3bffB13GpO1tMFgqdoPjq41rRVJLIrCVrwypRP3KxnWyN520xkATi14um8eQr2 JfWimXDjX3qH++bqFAckvb++1pp0jMRVwNXsakQEvQGJTNVkdCsLgpSUObo9WSPy JjphoX0+E/gh0qXrhNmGZDXFQT+YCKiVDAuyLjw+3GP3OXJUqQrQsqBTAcTgKgb2 fAKjvYOPptZ+GogZgqAUpx8+yxLBWHSj2PdGAvsCL5ZBYU9LEuq+VYS7XI50oTyT 5U+4DGdcee02EBgKP/CkhjeadmQTOSdRmN2c6ev41LebPjPPnTA7QJVp6yZZ7ko= =ef99 -----END PGP SIGNATURE----- Merge tag 'localmodconfig-v4.7' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-kconfig Pull localmodconfig updates from Steven Rostedt. "Benjamin Poirier added some minor fixes and clean ups to localmodconfig. One is a fix for making sure that module signing still works when coming from a different environment. If original keys are not found it will warn and reset the keys to their default value" * tag 'localmodconfig-v4.7' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-kconfig: localmodconfig: Fix whitespace repeat count after "tristate" localmodconfig: Reset certificate paths localmodconfig: Add missing $ to reference a variable localmodconfig: Fix parsing of "help" text localmodconfig: Recognize more keywords that end a menu entry localmodconfig: Fix parsing of Kconfig "source" statements
This commit is contained in:
commit
ec67b14c1b
1 changed files with 39 additions and 5 deletions
|
@ -188,7 +188,7 @@ sub read_kconfig {
|
||||||
$cont = 0;
|
$cont = 0;
|
||||||
|
|
||||||
# collect any Kconfig sources
|
# collect any Kconfig sources
|
||||||
if (/^source\s*"(.*)"/) {
|
if (/^source\s+"?([^"]+)/) {
|
||||||
my $kconfig = $1;
|
my $kconfig = $1;
|
||||||
# prevent reading twice.
|
# prevent reading twice.
|
||||||
if (!defined($read_kconfigs{$kconfig})) {
|
if (!defined($read_kconfigs{$kconfig})) {
|
||||||
|
@ -237,7 +237,7 @@ sub read_kconfig {
|
||||||
}
|
}
|
||||||
|
|
||||||
# configs without prompts must be selected
|
# configs without prompts must be selected
|
||||||
} elsif ($state ne "NONE" && /^\s*tristate\s\S/) {
|
} elsif ($state ne "NONE" && /^\s*(tristate\s+\S|prompt\b)/) {
|
||||||
# note if the config has a prompt
|
# note if the config has a prompt
|
||||||
$prompts{$config} = 1;
|
$prompts{$config} = 1;
|
||||||
|
|
||||||
|
@ -256,8 +256,8 @@ sub read_kconfig {
|
||||||
|
|
||||||
$iflevel-- if ($iflevel);
|
$iflevel-- if ($iflevel);
|
||||||
|
|
||||||
# stop on "help"
|
# stop on "help" and keywords that end a menu entry
|
||||||
} elsif (/^\s*help\s*$/) {
|
} elsif (/^\s*(---)?help(---)?\s*$/ || /^(comment|choice|menu)\b/) {
|
||||||
$state = "NONE";
|
$state = "NONE";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -454,7 +454,7 @@ sub parse_config_depends
|
||||||
$p =~ s/^[^$valid]*[$valid]+//;
|
$p =~ s/^[^$valid]*[$valid]+//;
|
||||||
|
|
||||||
# We only need to process if the depend config is a module
|
# We only need to process if the depend config is a module
|
||||||
if (!defined($orig_configs{$conf}) || !$orig_configs{conf} eq "m") {
|
if (!defined($orig_configs{$conf}) || $orig_configs{$conf} eq "y") {
|
||||||
next;
|
next;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -610,6 +610,40 @@ foreach my $line (@config_file) {
|
||||||
next;
|
next;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (/CONFIG_MODULE_SIG_KEY="(.+)"/) {
|
||||||
|
my $orig_cert = $1;
|
||||||
|
my $default_cert = "certs/signing_key.pem";
|
||||||
|
|
||||||
|
# Check that the logic in this script still matches the one in Kconfig
|
||||||
|
if (!defined($depends{"MODULE_SIG_KEY"}) ||
|
||||||
|
$depends{"MODULE_SIG_KEY"} !~ /"\Q$default_cert\E"/) {
|
||||||
|
print STDERR "WARNING: MODULE_SIG_KEY assertion failure, ",
|
||||||
|
"update needed to ", __FILE__, " line ", __LINE__, "\n";
|
||||||
|
print;
|
||||||
|
} elsif ($orig_cert ne $default_cert && ! -f $orig_cert) {
|
||||||
|
print STDERR "Module signature verification enabled but ",
|
||||||
|
"module signing key \"$orig_cert\" not found. Resetting ",
|
||||||
|
"signing key to default value.\n";
|
||||||
|
print "CONFIG_MODULE_SIG_KEY=\"$default_cert\"\n";
|
||||||
|
} else {
|
||||||
|
print;
|
||||||
|
}
|
||||||
|
next;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (/CONFIG_SYSTEM_TRUSTED_KEYS="(.+)"/) {
|
||||||
|
my $orig_keys = $1;
|
||||||
|
|
||||||
|
if (! -f $orig_keys) {
|
||||||
|
print STDERR "System keyring enabled but keys \"$orig_keys\" ",
|
||||||
|
"not found. Resetting keys to default value.\n";
|
||||||
|
print "CONFIG_SYSTEM_TRUSTED_KEYS=\"\"\n";
|
||||||
|
} else {
|
||||||
|
print;
|
||||||
|
}
|
||||||
|
next;
|
||||||
|
}
|
||||||
|
|
||||||
if (/^(CONFIG.*)=(m|y)/) {
|
if (/^(CONFIG.*)=(m|y)/) {
|
||||||
if (defined($configs{$1})) {
|
if (defined($configs{$1})) {
|
||||||
if ($localyesconfig) {
|
if ($localyesconfig) {
|
||||||
|
|
Loading…
Reference in a new issue