From: Nick Desaulniers <ndesaulniers@google.com>
To: James Bottomley <James.Bottomley@hansenpartnership.com>,
Masahiro Yamada <masahiroy@kernel.org>,
Philip Li <philip.li@intel.com>
Cc: kernel test robot <lkp@intel.com>,
linux-integrity@vger.kernel.org, kbuild-all@lists.01.org,
clang-built-linux <clang-built-linux@googlegroups.com>,
Mimi Zohar <zohar@linux.ibm.com>,
Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
David Woodhouse <dwmw2@infradead.org>,
keyrings@vger.kernel.org, David Howells <dhowells@redhat.com>,
Arnd Bergmann <arnd@arndb.de>
Subject: Re: [PATCH v12 4/5] security: keys: trusted: use ASN.1 TPM2 key format for the blobs
Date: Tue, 22 Sep 2020 19:14:08 +0000 [thread overview]
Message-ID: <CAKwvOd=yqYh9i1n84djbX_+8-4JbAUbRQL6FYnhugOocu+vCKg@mail.gmail.com> (raw)
In-Reply-To: <2d395d924b70fba7f1867eb83946497ce1f6eb47.camel@HansenPartnership.com>
On Mon, Sep 21, 2020 at 2:31 PM James Bottomley
<James.Bottomley@hansenpartnership.com> wrote:
>
> On Mon, 2020-09-21 at 08:07 +0800, kernel test robot wrote:
> > Hi James,
> >
> > I love your patch! Yet something to improve:
> >
> > [auto build test ERROR on integrity/next-integrity]
> > [also build test ERROR on linus/master v5.9-rc5 next-20200918]
> > [cannot apply to security/next-testing dhowells-fs/fscache-next]
> > [If your patch is applied to the wrong git tree, kindly drop us a
> > note. And when submitting patch, we suggest to use '--base' as
> > documented in https://git-scm.com/docs/git-format-patch]
> >
> > url:
> > https://github.com/0day-ci/linux/commits/James-Bottomley/TPM-2-0-trusted-key-rework/20200921-003922
> > base:
> > https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git
> > next-integrity
> > config: x86_64-randconfig-a003-20200921 (attached as .config)
> > compiler: clang version 12.0.0 (https://github.com/llvm/llvm-project
> > f4e554180962aa6bc93678898b6933ea712bde50)
> > reproduce (this is a W=1 build):
> > wget
> > https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross
> > -O ~/bin/make.cross
> > chmod +x ~/bin/make.cross
> > # install x86_64 cross compiling tool for clang build
> > # apt-get install binutils-x86-64-linux-gnu
> > # save the attached .config to linux build tree
> > COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross
> > ARCH=x86_64
> >
> > If you fix the issue, kindly add following tag as appropriate
> > Reported-by: kernel test robot <lkp@intel.com>
> >
> > All errors (new ones prefixed by >>):
> >
> > > > make[4]: *** No rule to make target 'security/keys/trusted-
> > > > keys/tpm2key.asn1.o', needed by 'security/keys/trusted-
> > > > keys/built-in.a'.
> > make[4]: *** [scripts/Makefile.build:283: security/keys/trusted-
> > keys/trusted_tpm2.o] Error 1
> > make[4]: Target '__build' not remade because of errors.
>
>
> So can I still add that tracking this down involved installing an
> entirely unnecessary ARM build environment, which was a huge effort I
> didn't need to do if you'd just provided the build log which fingered
> the ASN.1 compiler problem if you know what to look for.
Having a link to the build log artifact is a valid criticism.
>
> The reason for the problem is because ASN1 isn't selected in the
> Kconfig which causes the ASN.1 compiler not to be built. The way our
> current build rules are structured causes the make rule for this simply
> to be skipped, which means you have to know to look for the absence of
> ASN.1 in the build log. I propose adding this to the build rules,
> which produces the much more explicit:
>
> /home/jejb/git/linux-build/scripts/Makefile.build:387: *** CONFIG_ASN1 must be defined for the asn1_compiler. Stop.
> make[3]: *** [/home/jejb/git/linux-build/scripts/Makefile.build:505: security/keys/trusted-keys] Error 2
>
> James
>
> ---
>
> diff --git a/scripts/Makefile.build b/scripts/Makefile.build
> index a467b9323442..bca7003beac8 100644
> --- a/scripts/Makefile.build
> +++ b/scripts/Makefile.build
> @@ -382,6 +382,11 @@ quiet_cmd_asn1_compiler = ASN.1 $(basename $@).[ch]
> cmd_asn1_compiler = $(objtree)/scripts/asn1_compiler $< \
> $(basename $@).c $(basename $@).h
>
> +ifndef CONFIG_ASN1
> +$(objtree)/scripts/asn1_compiler:
> + $(error CONFIG_ASN1 must be defined for the asn1_compiler)
> +endif
> +
> $(obj)/%.asn1.c $(obj)/%.asn1.h: $(src)/%.asn1 $(objtree)/scripts/asn1_compiler
> $(call cmd,asn1_compiler)
Is there a better way via Kconfig to gate whatever consumes
CONFIG_ASN1 on CONFIG_ASN1 being set, rather than erroring for
randconfig builds? I don't see how the diff would solve the case of CI
systems doing randconfig builds.
--
Thanks,
~Nick Desaulniers
WARNING: multiple messages have this Message-ID (diff)
From: Nick Desaulniers <ndesaulniers@google.com>
To: James Bottomley <James.Bottomley@hansenpartnership.com>,
Masahiro Yamada <masahiroy@kernel.org>,
Philip Li <philip.li@intel.com>
Cc: kernel test robot <lkp@intel.com>,
linux-integrity@vger.kernel.org, kbuild-all@lists.01.org,
clang-built-linux <clang-built-linux@googlegroups.com>,
Mimi Zohar <zohar@linux.ibm.com>,
Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
David Woodhouse <dwmw2@infradead.org>,
keyrings@vger.kernel.org, David Howells <dhowells@redhat.com>,
Arnd Bergmann <arnd@arndb.de>
Subject: Re: [PATCH v12 4/5] security: keys: trusted: use ASN.1 TPM2 key format for the blobs
Date: Tue, 22 Sep 2020 12:14:08 -0700 [thread overview]
Message-ID: <CAKwvOd=yqYh9i1n84djbX_+8-4JbAUbRQL6FYnhugOocu+vCKg@mail.gmail.com> (raw)
In-Reply-To: <2d395d924b70fba7f1867eb83946497ce1f6eb47.camel@HansenPartnership.com>
On Mon, Sep 21, 2020 at 2:31 PM James Bottomley
<James.Bottomley@hansenpartnership.com> wrote:
>
> On Mon, 2020-09-21 at 08:07 +0800, kernel test robot wrote:
> > Hi James,
> >
> > I love your patch! Yet something to improve:
> >
> > [auto build test ERROR on integrity/next-integrity]
> > [also build test ERROR on linus/master v5.9-rc5 next-20200918]
> > [cannot apply to security/next-testing dhowells-fs/fscache-next]
> > [If your patch is applied to the wrong git tree, kindly drop us a
> > note. And when submitting patch, we suggest to use '--base' as
> > documented in https://git-scm.com/docs/git-format-patch]
> >
> > url:
> > https://github.com/0day-ci/linux/commits/James-Bottomley/TPM-2-0-trusted-key-rework/20200921-003922
> > base:
> > https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git
> > next-integrity
> > config: x86_64-randconfig-a003-20200921 (attached as .config)
> > compiler: clang version 12.0.0 (https://github.com/llvm/llvm-project
> > f4e554180962aa6bc93678898b6933ea712bde50)
> > reproduce (this is a W=1 build):
> > wget
> > https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross
> > -O ~/bin/make.cross
> > chmod +x ~/bin/make.cross
> > # install x86_64 cross compiling tool for clang build
> > # apt-get install binutils-x86-64-linux-gnu
> > # save the attached .config to linux build tree
> > COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross
> > ARCH=x86_64
> >
> > If you fix the issue, kindly add following tag as appropriate
> > Reported-by: kernel test robot <lkp@intel.com>
> >
> > All errors (new ones prefixed by >>):
> >
> > > > make[4]: *** No rule to make target 'security/keys/trusted-
> > > > keys/tpm2key.asn1.o', needed by 'security/keys/trusted-
> > > > keys/built-in.a'.
> > make[4]: *** [scripts/Makefile.build:283: security/keys/trusted-
> > keys/trusted_tpm2.o] Error 1
> > make[4]: Target '__build' not remade because of errors.
>
>
> So can I still add that tracking this down involved installing an
> entirely unnecessary ARM build environment, which was a huge effort I
> didn't need to do if you'd just provided the build log which fingered
> the ASN.1 compiler problem if you know what to look for.
Having a link to the build log artifact is a valid criticism.
>
> The reason for the problem is because ASN1 isn't selected in the
> Kconfig which causes the ASN.1 compiler not to be built. The way our
> current build rules are structured causes the make rule for this simply
> to be skipped, which means you have to know to look for the absence of
> ASN.1 in the build log. I propose adding this to the build rules,
> which produces the much more explicit:
>
> /home/jejb/git/linux-build/scripts/Makefile.build:387: *** CONFIG_ASN1 must be defined for the asn1_compiler. Stop.
> make[3]: *** [/home/jejb/git/linux-build/scripts/Makefile.build:505: security/keys/trusted-keys] Error 2
>
> James
>
> ---
>
> diff --git a/scripts/Makefile.build b/scripts/Makefile.build
> index a467b9323442..bca7003beac8 100644
> --- a/scripts/Makefile.build
> +++ b/scripts/Makefile.build
> @@ -382,6 +382,11 @@ quiet_cmd_asn1_compiler = ASN.1 $(basename $@).[ch]
> cmd_asn1_compiler = $(objtree)/scripts/asn1_compiler $< \
> $(basename $@).c $(basename $@).h
>
> +ifndef CONFIG_ASN1
> +$(objtree)/scripts/asn1_compiler:
> + $(error CONFIG_ASN1 must be defined for the asn1_compiler)
> +endif
> +
> $(obj)/%.asn1.c $(obj)/%.asn1.h: $(src)/%.asn1 $(objtree)/scripts/asn1_compiler
> $(call cmd,asn1_compiler)
Is there a better way via Kconfig to gate whatever consumes
CONFIG_ASN1 on CONFIG_ASN1 being set, rather than erroring for
randconfig builds? I don't see how the diff would solve the case of CI
systems doing randconfig builds.
--
Thanks,
~Nick Desaulniers
WARNING: multiple messages have this Message-ID (diff)
From: Nick Desaulniers <ndesaulniers@google.com>
To: kbuild-all@lists.01.org
Subject: Re: [PATCH v12 4/5] security: keys: trusted: use ASN.1 TPM2 key format for the blobs
Date: Tue, 22 Sep 2020 12:14:08 -0700 [thread overview]
Message-ID: <CAKwvOd=yqYh9i1n84djbX_+8-4JbAUbRQL6FYnhugOocu+vCKg@mail.gmail.com> (raw)
In-Reply-To: <2d395d924b70fba7f1867eb83946497ce1f6eb47.camel@HansenPartnership.com>
[-- Attachment #1: Type: text/plain, Size: 3962 bytes --]
On Mon, Sep 21, 2020 at 2:31 PM James Bottomley
<James.Bottomley@hansenpartnership.com> wrote:
>
> On Mon, 2020-09-21 at 08:07 +0800, kernel test robot wrote:
> > Hi James,
> >
> > I love your patch! Yet something to improve:
> >
> > [auto build test ERROR on integrity/next-integrity]
> > [also build test ERROR on linus/master v5.9-rc5 next-20200918]
> > [cannot apply to security/next-testing dhowells-fs/fscache-next]
> > [If your patch is applied to the wrong git tree, kindly drop us a
> > note. And when submitting patch, we suggest to use '--base' as
> > documented in https://git-scm.com/docs/git-format-patch]
> >
> > url:
> > https://github.com/0day-ci/linux/commits/James-Bottomley/TPM-2-0-trusted-key-rework/20200921-003922
> > base:
> > https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git
> > next-integrity
> > config: x86_64-randconfig-a003-20200921 (attached as .config)
> > compiler: clang version 12.0.0 (https://github.com/llvm/llvm-project
> > f4e554180962aa6bc93678898b6933ea712bde50)
> > reproduce (this is a W=1 build):
> > wget
> > https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross
> > -O ~/bin/make.cross
> > chmod +x ~/bin/make.cross
> > # install x86_64 cross compiling tool for clang build
> > # apt-get install binutils-x86-64-linux-gnu
> > # save the attached .config to linux build tree
> > COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross
> > ARCH=x86_64
> >
> > If you fix the issue, kindly add following tag as appropriate
> > Reported-by: kernel test robot <lkp@intel.com>
> >
> > All errors (new ones prefixed by >>):
> >
> > > > make[4]: *** No rule to make target 'security/keys/trusted-
> > > > keys/tpm2key.asn1.o', needed by 'security/keys/trusted-
> > > > keys/built-in.a'.
> > make[4]: *** [scripts/Makefile.build:283: security/keys/trusted-
> > keys/trusted_tpm2.o] Error 1
> > make[4]: Target '__build' not remade because of errors.
>
>
> So can I still add that tracking this down involved installing an
> entirely unnecessary ARM build environment, which was a huge effort I
> didn't need to do if you'd just provided the build log which fingered
> the ASN.1 compiler problem if you know what to look for.
Having a link to the build log artifact is a valid criticism.
>
> The reason for the problem is because ASN1 isn't selected in the
> Kconfig which causes the ASN.1 compiler not to be built. The way our
> current build rules are structured causes the make rule for this simply
> to be skipped, which means you have to know to look for the absence of
> ASN.1 in the build log. I propose adding this to the build rules,
> which produces the much more explicit:
>
> /home/jejb/git/linux-build/scripts/Makefile.build:387: *** CONFIG_ASN1 must be defined for the asn1_compiler. Stop.
> make[3]: *** [/home/jejb/git/linux-build/scripts/Makefile.build:505: security/keys/trusted-keys] Error 2
>
> James
>
> ---
>
> diff --git a/scripts/Makefile.build b/scripts/Makefile.build
> index a467b9323442..bca7003beac8 100644
> --- a/scripts/Makefile.build
> +++ b/scripts/Makefile.build
> @@ -382,6 +382,11 @@ quiet_cmd_asn1_compiler = ASN.1 $(basename $@).[ch]
> cmd_asn1_compiler = $(objtree)/scripts/asn1_compiler $< \
> $(basename $@).c $(basename $@).h
>
> +ifndef CONFIG_ASN1
> +$(objtree)/scripts/asn1_compiler:
> + $(error CONFIG_ASN1 must be defined for the asn1_compiler)
> +endif
> +
> $(obj)/%.asn1.c $(obj)/%.asn1.h: $(src)/%.asn1 $(objtree)/scripts/asn1_compiler
> $(call cmd,asn1_compiler)
Is there a better way via Kconfig to gate whatever consumes
CONFIG_ASN1 on CONFIG_ASN1 being set, rather than erroring for
randconfig builds? I don't see how the diff would solve the case of CI
systems doing randconfig builds.
--
Thanks,
~Nick Desaulniers
next prev parent reply other threads:[~2020-09-22 19:14 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-20 16:33 [PATCH v12 0/5] TPM 2.0 trusted key rework James Bottomley
2020-09-20 16:33 ` James Bottomley
2020-09-20 16:33 ` [PATCH v12 1/5] lib: add ASN.1 encoder James Bottomley
2020-09-20 16:33 ` James Bottomley
2020-09-20 16:33 ` [PATCH v12 2/5] oid_registry: Add TCG defined OIDS for TPM keys James Bottomley
2020-09-20 16:33 ` James Bottomley
2020-09-20 16:33 ` [PATCH v12 3/5] security: keys: trusted: fix TPM2 authorizations James Bottomley
2020-09-20 16:33 ` James Bottomley
2020-09-20 16:33 ` [PATCH v12 4/5] security: keys: trusted: use ASN.1 TPM2 key format for the blobs James Bottomley
2020-09-20 16:33 ` James Bottomley
2020-09-20 21:53 ` kernel test robot
2020-09-21 0:07 ` kernel test robot
2020-09-21 0:07 ` kernel test robot
2020-09-21 0:07 ` kernel test robot
2020-09-21 21:31 ` James Bottomley
2020-09-21 21:31 ` James Bottomley
2020-09-22 19:14 ` Nick Desaulniers [this message]
2020-09-22 19:14 ` Nick Desaulniers
2020-09-22 19:14 ` Nick Desaulniers
2020-09-22 19:31 ` James Bottomley
2020-09-22 19:31 ` James Bottomley
2020-09-22 22:46 ` Philip Li
2020-09-21 6:55 ` kernel test robot
2020-09-20 16:33 ` [PATCH v12 5/5] security: keys: trusted: Make sealed key properly interoperable James Bottomley
2020-09-20 16:33 ` James Bottomley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAKwvOd=yqYh9i1n84djbX_+8-4JbAUbRQL6FYnhugOocu+vCKg@mail.gmail.com' \
--to=ndesaulniers@google.com \
--cc=James.Bottomley@hansenpartnership.com \
--cc=arnd@arndb.de \
--cc=clang-built-linux@googlegroups.com \
--cc=dhowells@redhat.com \
--cc=dwmw2@infradead.org \
--cc=jarkko.sakkinen@linux.intel.com \
--cc=kbuild-all@lists.01.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=lkp@intel.com \
--cc=masahiroy@kernel.org \
--cc=philip.li@intel.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.