From: Masahiro Yamada <masahiroy@kernel.org>
To: "Mickaël Salaün" <mic@digikod.net>
Cc: Linux Kbuild mailing list <linux-kbuild@vger.kernel.org>,
David Howells <dhowells@redhat.com>,
Jarkko Sakkinen <jarkko@kernel.org>,
David Woodhouse <dwmw2@infradead.org>,
keyrings@vger.kernel.org,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Eric Snowberg <eric.snowberg@oracle.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
Tyler Hicks <tyhicks@linux.microsoft.com>
Subject: Re: [PATCH 3/4] certs: move scripts/check-blacklist-hashes.awk to certs/
Date: Tue, 14 Jun 2022 00:28:34 +0900 [thread overview]
Message-ID: <CAK7LNASR6Hwj-Q+z6GCGTOz0gXv5XXTV8phqe7duGm+uuo3eDQ@mail.gmail.com> (raw)
In-Reply-To: <e7850717-dad6-daef-c96c-2a74248e98f6@digikod.net>
On Mon, Jun 13, 2022 at 9:36 PM Mickaël Salaün <mic@digikod.net> wrote:
>
>
>
> On 11/06/2022 19:22, Masahiro Yamada wrote:
> > This script is only used in certs/Makefile, so certs/ is a better
> > home for it.
> >
> > Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
> > ---
> >
> > MAINTAINERS | 1 -
> > certs/Makefile | 2 +-
> > {scripts => certs}/check-blacklist-hashes.awk | 0
> > 3 files changed, 1 insertion(+), 2 deletions(-)
> > rename {scripts => certs}/check-blacklist-hashes.awk (100%)
> >
> > diff --git a/MAINTAINERS b/MAINTAINERS
> > index 1fc9ead83d2a..7c2a7c304824 100644
> > --- a/MAINTAINERS
> > +++ b/MAINTAINERS
> > @@ -4627,7 +4627,6 @@ L: keyrings@vger.kernel.org
> > S: Maintained
> > F: Documentation/admin-guide/module-signing.rst
> > F: certs/
> > -F: scripts/check-blacklist-hashes.awk > F: scripts/sign-file.c
> > F: tools/certs/
> >
> > diff --git a/certs/Makefile b/certs/Makefile
> > index a8d628fd5f7b..df7aaeafd19c 100644
> > --- a/certs/Makefile
> > +++ b/certs/Makefile
> > @@ -13,7 +13,7 @@ CFLAGS_blacklist_hashes.o := -I $(obj)
> >
> > quiet_cmd_check_and_copy_blacklist_hash_list = GEN $@
> > cmd_check_and_copy_blacklist_hash_list = \
> > - $(AWK) -f $(srctree)/scripts/check-blacklist-hashes.awk $(CONFIG_SYSTEM_BLACKLIST_HASH_LIST) >&2; \
> > + $(AWK) -f $(srctree)/$(src)/check-blacklist-hashes.awk $(CONFIG_SYSTEM_BLACKLIST_HASH_LIST) >&2; \
> > cat $(CONFIG_SYSTEM_BLACKLIST_HASH_LIST) > $@
> >
> > $(obj)/blacklist_hash_list: $(CONFIG_SYSTEM_BLACKLIST_HASH_LIST) FORCE
> > diff --git a/scripts/check-blacklist-hashes.awk b/certs/check-blacklist-hashes.awk
> > similarity index 100%
> > rename from scripts/check-blacklist-hashes.awk
> > rename to certs/check-blacklist-hashes.awk
>
> It looks more appropriate and consistent to me to keep it in scripts/,
> close to other cert scripts. Is there some precedent to move such script?
I always did that. For example,
f6f57a46435d7253a52a1a07a58183678ad266a0
78a20a012ecea857e438b1f9e8091acb290bd0f5
28ba53c07638f31b153e3a32672a6124d0ff2a97
4484aa800ac588a1fe2175cd53076c21067f44b4
340a02535ee785c64c62a9c45706597a0139e972
Tools can stay in scripts/ if and only if:
- it is used globally during kernel builds
- it is still needed after the kernel builds.
"make clean" removes most of the build artifacts
but keeps ones under scripts/.
scripts/insert-sys-cert is apparently unneeded for building the kernel.
If the intended use is to manipulate vmlinux later,
that is the legitimate reason to stay in scripts/.
(but even better place might be tools/)
certs/signing_key.pem is needed even after kernel builds.
So, it should have been kept under scripts/ instead of certs/.
--
Best Regards
Masahiro Yamada
next prev parent reply other threads:[~2022-06-13 18:40 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-11 17:22 [PATCH 1/4] certs/blacklist_hashes.c: fix const confusion in certs blacklist Masahiro Yamada
2022-06-11 17:22 ` [PATCH 2/4] certs: fix and refactor CONFIG_SYSTEM_BLACKLIST_HASH_LIST build Masahiro Yamada
2022-06-13 12:34 ` Mickaël Salaün
2022-06-13 14:55 ` Masahiro Yamada
2022-06-13 18:06 ` Mickaël Salaün
2022-06-13 18:56 ` Masahiro Yamada
2022-06-13 19:14 ` Mickaël Salaün
2022-06-15 18:48 ` Jarkko Sakkinen
2022-06-18 22:12 ` Masahiro Yamada
2022-06-26 6:16 ` Jarkko Sakkinen
2022-06-27 1:26 ` Masahiro Yamada
2022-06-15 18:46 ` Jarkko Sakkinen
2022-06-11 17:22 ` [PATCH 3/4] certs: move scripts/check-blacklist-hashes.awk to certs/ Masahiro Yamada
2022-06-13 12:36 ` Mickaël Salaün
2022-06-13 15:28 ` Masahiro Yamada [this message]
2022-06-13 18:51 ` Mickaël Salaün
2022-06-15 18:46 ` Jarkko Sakkinen
2022-06-11 17:22 ` [PATCH 4/4] certs: unify blacklist_hashes.c and blacklist_nohashes.c Masahiro Yamada
2022-06-13 12:37 ` Mickaël Salaün
2022-06-15 18:47 ` Jarkko Sakkinen
2022-06-13 12:20 ` [PATCH 1/4] certs/blacklist_hashes.c: fix const confusion in certs blacklist Mickaël Salaün
2022-06-15 18:46 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAK7LNASR6Hwj-Q+z6GCGTOz0gXv5XXTV8phqe7duGm+uuo3eDQ@mail.gmail.com \
--to=masahiroy@kernel.org \
--cc=dhowells@redhat.com \
--cc=dwmw2@infradead.org \
--cc=eric.snowberg@oracle.com \
--cc=herbert@gondor.apana.org.au \
--cc=jarkko@kernel.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-kbuild@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mic@digikod.net \
--cc=tyhicks@linux.microsoft.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.