Benjamin Poirier added some minor fixes and clean ups to localmodconfig.
One is a fix for making sure that module signing still works when coming from a different environment. If original keys are not found it will warn and reset the keys to their default value. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAABAgAGBQJXPf7XAAoJEKKk/i67LK/8HXYH+QH5Pp85FV3aA8rN4O/lnJyy bz3bffB13GpO1tMFgqdoPjq41rRVJLIrCVrwypRP3KxnWyN520xkATi14um8eQr2 JfWimXDjX3qH++bqFAckvb++1pp0jMRVwNXsakQEvQGJTNVkdCsLgpSUObo9WSPy JjphoX0+E/gh0qXrhNmGZDXFQT+YCKiVDAuyLjw+3GP3OXJUqQrQsqBTAcTgKgb2 fAKjvYOPptZ+GogZgqAUpx8+yxLBWHSj2PdGAvsCL5ZBYU9LEuq+VYS7XI50oTyT 5U+4DGdcee02EBgKP/CkhjeadmQTOSdRmN2c6ev41LebPjPPnTA7QJVp6yZZ7ko= =ef99 -----END PGP SIGNATURE----- Merge tag 'localmodconfig-v4.7' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-kconfig Pull localmodconfig updates from Steven Rostedt. "Benjamin Poirier added some minor fixes and clean ups to localmodconfig. One is a fix for making sure that module signing still works when coming from a different environment. If original keys are not found it will warn and reset the keys to their default value" * tag 'localmodconfig-v4.7' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-kconfig: localmodconfig: Fix whitespace repeat count after "tristate" localmodconfig: Reset certificate paths localmodconfig: Add missing $ to reference a variable localmodconfig: Fix parsing of "help" text localmodconfig: Recognize more keywords that end a menu entry localmodconfig: Fix parsing of Kconfig "source" statements
This commit is contained in:
commit
ec67b14c1b
1 changed files with 39 additions and 5 deletions
|
@ -188,7 +188,7 @@ sub read_kconfig {
|
|||
$cont = 0;
|
||||
|
||||
# collect any Kconfig sources
|
||||
if (/^source\s*"(.*)"/) {
|
||||
if (/^source\s+"?([^"]+)/) {
|
||||
my $kconfig = $1;
|
||||
# prevent reading twice.
|
||||
if (!defined($read_kconfigs{$kconfig})) {
|
||||
|
@ -237,7 +237,7 @@ sub read_kconfig {
|
|||
}
|
||||
|
||||
# configs without prompts must be selected
|
||||
} elsif ($state ne "NONE" && /^\s*tristate\s\S/) {
|
||||
} elsif ($state ne "NONE" && /^\s*(tristate\s+\S|prompt\b)/) {
|
||||
# note if the config has a prompt
|
||||
$prompts{$config} = 1;
|
||||
|
||||
|
@ -256,8 +256,8 @@ sub read_kconfig {
|
|||
|
||||
$iflevel-- if ($iflevel);
|
||||
|
||||
# stop on "help"
|
||||
} elsif (/^\s*help\s*$/) {
|
||||
# stop on "help" and keywords that end a menu entry
|
||||
} elsif (/^\s*(---)?help(---)?\s*$/ || /^(comment|choice|menu)\b/) {
|
||||
$state = "NONE";
|
||||
}
|
||||
}
|
||||
|
@ -454,7 +454,7 @@ sub parse_config_depends
|
|||
$p =~ s/^[^$valid]*[$valid]+//;
|
||||
|
||||
# We only need to process if the depend config is a module
|
||||
if (!defined($orig_configs{$conf}) || !$orig_configs{conf} eq "m") {
|
||||
if (!defined($orig_configs{$conf}) || $orig_configs{$conf} eq "y") {
|
||||
next;
|
||||
}
|
||||
|
||||
|
@ -610,6 +610,40 @@ foreach my $line (@config_file) {
|
|||
next;
|
||||
}
|
||||
|
||||
if (/CONFIG_MODULE_SIG_KEY="(.+)"/) {
|
||||
my $orig_cert = $1;
|
||||
my $default_cert = "certs/signing_key.pem";
|
||||
|
||||
# Check that the logic in this script still matches the one in Kconfig
|
||||
if (!defined($depends{"MODULE_SIG_KEY"}) ||
|
||||
$depends{"MODULE_SIG_KEY"} !~ /"\Q$default_cert\E"/) {
|
||||
print STDERR "WARNING: MODULE_SIG_KEY assertion failure, ",
|
||||
"update needed to ", __FILE__, " line ", __LINE__, "\n";
|
||||
print;
|
||||
} elsif ($orig_cert ne $default_cert && ! -f $orig_cert) {
|
||||
print STDERR "Module signature verification enabled but ",
|
||||
"module signing key \"$orig_cert\" not found. Resetting ",
|
||||
"signing key to default value.\n";
|
||||
print "CONFIG_MODULE_SIG_KEY=\"$default_cert\"\n";
|
||||
} else {
|
||||
print;
|
||||
}
|
||||
next;
|
||||
}
|
||||
|
||||
if (/CONFIG_SYSTEM_TRUSTED_KEYS="(.+)"/) {
|
||||
my $orig_keys = $1;
|
||||
|
||||
if (! -f $orig_keys) {
|
||||
print STDERR "System keyring enabled but keys \"$orig_keys\" ",
|
||||
"not found. Resetting keys to default value.\n";
|
||||
print "CONFIG_SYSTEM_TRUSTED_KEYS=\"\"\n";
|
||||
} else {
|
||||
print;
|
||||
}
|
||||
next;
|
||||
}
|
||||
|
||||
if (/^(CONFIG.*)=(m|y)/) {
|
||||
if (defined($configs{$1})) {
|
||||
if ($localyesconfig) {
|
||||
|
|
Loading…
Reference in a new issue