* [PATCH 0/4] MODSIGN: Allow to sign modules outside build
@ 2013-01-23 15:30 Michal Marek
2013-01-23 15:30 ` [PATCH 1/4] MODSIGN: Simplify Makefile with a Kconfig helper Michal Marek
` (7 more replies)
0 siblings, 8 replies; 11+ messages in thread
From: Michal Marek @ 2013-01-23 15:30 UTC (permalink / raw)
To: dhowells, rusty; +Cc: linux-kernel
Hi,
This series allows to sign modules outside of the build tree and / or
without direct access to the private key.
Thanks,
Michal
Michal Marek (4):
MODSIGN: Simplify Makefile with a Kconfig helper
MODSIGN: Specify the hash algorithm on sign-file command line
MODSIGN: Add -s <signature> option to sign-file
MODSIGN: Add option to not sign modules during modules_install
Makefile | 4 +-
init/Kconfig | 20 ++++++++
kernel/Makefile | 24 +---------
scripts/sign-file | 135 +++++++++++++++++++++++++----------------------------
4 files changed, 88 insertions(+), 95 deletions(-)
--
1.7.10.4
^ permalink raw reply [flat|nested] 11+ messages in thread
* [PATCH 1/4] MODSIGN: Simplify Makefile with a Kconfig helper
2013-01-23 15:30 [PATCH 0/4] MODSIGN: Allow to sign modules outside build Michal Marek
@ 2013-01-23 15:30 ` Michal Marek
2013-01-23 15:30 ` [PATCH 2/4] MODSIGN: Specify the hash algorithm on sign-file command line Michal Marek
` (6 subsequent siblings)
7 siblings, 0 replies; 11+ messages in thread
From: Michal Marek @ 2013-01-23 15:30 UTC (permalink / raw)
To: dhowells, rusty; +Cc: linux-kernel
Signed-off-by: Michal Marek <mmarek@suse.cz>
---
init/Kconfig | 9 +++++++++
kernel/Makefile | 24 ++----------------------
2 files changed, 11 insertions(+), 22 deletions(-)
diff --git a/init/Kconfig b/init/Kconfig
index 6fdd6e3..ba7d1c1 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1634,6 +1634,15 @@ config MODULE_SIG_SHA512
endchoice
+config MODULE_SIG_HASH
+ string
+ depends on MODULE_SIG
+ default "sha1" if MODULE_SIG_SHA1
+ default "sha224" if MODULE_SIG_SHA224
+ default "sha256" if MODULE_SIG_SHA256
+ default "sha384" if MODULE_SIG_SHA384
+ default "sha512" if MODULE_SIG_SHA512
+
endif # MODULES
config INIT_ALL_POSSIBLE
diff --git a/kernel/Makefile b/kernel/Makefile
index 86e3285..740bf4c 100644
--- a/kernel/Makefile
+++ b/kernel/Makefile
@@ -148,26 +148,6 @@ kernel/modsign_pubkey.o: signing_key.x509 extra_certificates
# fail and that the kernel may be used afterwards.
#
###############################################################################
-sign_key_with_hash :=
-ifeq ($(CONFIG_MODULE_SIG_SHA1),y)
-sign_key_with_hash := -sha1
-endif
-ifeq ($(CONFIG_MODULE_SIG_SHA224),y)
-sign_key_with_hash := -sha224
-endif
-ifeq ($(CONFIG_MODULE_SIG_SHA256),y)
-sign_key_with_hash := -sha256
-endif
-ifeq ($(CONFIG_MODULE_SIG_SHA384),y)
-sign_key_with_hash := -sha384
-endif
-ifeq ($(CONFIG_MODULE_SIG_SHA512),y)
-sign_key_with_hash := -sha512
-endif
-ifeq ($(sign_key_with_hash),)
-$(error Could not determine digest type to use from kernel config)
-endif
-
signing_key.priv signing_key.x509: x509.genkey
@echo "###"
@echo "### Now generating an X.509 key pair to be used for signing modules."
@@ -177,8 +157,8 @@ signing_key.priv signing_key.x509: x509.genkey
@echo "### needs to be run as root, and uses a hardware random"
@echo "### number generator if one is available."
@echo "###"
- openssl req -new -nodes -utf8 $(sign_key_with_hash) -days 36500 -batch \
- -x509 -config x509.genkey \
+ openssl req -new -nodes -utf8 -$(CONFIG_MODULE_SIG_HASH) -days 36500 \
+ -batch -x509 -config x509.genkey \
-outform DER -out signing_key.x509 \
-keyout signing_key.priv
@echo "###"
--
1.7.10.4
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [PATCH 2/4] MODSIGN: Specify the hash algorithm on sign-file command line
2013-01-23 15:30 [PATCH 0/4] MODSIGN: Allow to sign modules outside build Michal Marek
2013-01-23 15:30 ` [PATCH 1/4] MODSIGN: Simplify Makefile with a Kconfig helper Michal Marek
@ 2013-01-23 15:30 ` Michal Marek
2013-01-23 15:30 ` [PATCH 3/4] MODSIGN: Add -s <signature> option to sign-file Michal Marek
` (5 subsequent siblings)
7 siblings, 0 replies; 11+ messages in thread
From: Michal Marek @ 2013-01-23 15:30 UTC (permalink / raw)
To: dhowells, rusty; +Cc: linux-kernel
Make the script usable without a .config file.
Signed-off-by: Michal Marek <mmarek@suse.cz>
---
Makefile | 2 +-
scripts/sign-file | 53 ++++++++++++++++-------------------------------------
2 files changed, 17 insertions(+), 38 deletions(-)
diff --git a/Makefile b/Makefile
index 51a9bda..860dc21 100644
--- a/Makefile
+++ b/Makefile
@@ -723,7 +723,7 @@ ifeq ($(CONFIG_MODULE_SIG),y)
MODSECKEY = ./signing_key.priv
MODPUBKEY = ./signing_key.x509
export MODPUBKEY
-mod_sign_cmd = perl $(srctree)/scripts/sign-file $(MODSECKEY) $(MODPUBKEY)
+mod_sign_cmd = perl $(srctree)/scripts/sign-file -a $(CONFIG_MODULE_SIG_HASH) $(MODSECKEY) $(MODPUBKEY)
else
mod_sign_cmd = true
endif
diff --git a/scripts/sign-file b/scripts/sign-file
index 974a20b..eefdec4 100755
--- a/scripts/sign-file
+++ b/scripts/sign-file
@@ -10,15 +10,16 @@
use strict;
use FileHandle;
use IPC::Open2;
+use Getopt::Std;
-my $verbose = 0;
-if ($#ARGV >= 0 && $ARGV[0] eq "-v") {
- $verbose = 1;
- shift;
-}
+our ($opt_v, $opt_a);
+
+my $res = getopts('va:');
+my $verbose = $opt_v;
+my $dgst = $opt_a;
-die "Format: ./scripts/sign-file [-v] <key> <x509> <module> [<dest>]\n"
- if ($#ARGV != 2 && $#ARGV != 3);
+die "Format: ./scripts/sign-file [-v] -a <hash algo> <key> <x509> <module> [<dest>]\n"
+ if (!$res || !$dgst || $#ARGV != 2 && $#ARGV != 3);
my $private_key = $ARGV[0];
my $x509 = $ARGV[1];
@@ -30,23 +31,6 @@ die "Can't read X.509 certificate\n" unless (-r $x509);
die "Can't read module\n" unless (-r $module);
#
-# Read the kernel configuration
-#
-my %config = (
- CONFIG_MODULE_SIG_SHA512 => 1
- );
-
-if (-r ".config") {
- open(FD, "<.config") || die ".config";
- while (<FD>) {
- if ($_ =~ /^(CONFIG_.*)=[ym]/) {
- $config{$1} = 1;
- }
- }
- close(FD);
-}
-
-#
# Function to read the contents of a file into a variable.
#
sub read_file($)
@@ -321,51 +305,46 @@ my $id_type = 1; # Identifier type: X.509
#
# Digest the data
#
-my ($dgst, $prologue) = ();
-if (exists $config{"CONFIG_MODULE_SIG_SHA1"}) {
+my $prologue;
+if ($dgst eq "sha1") {
$prologue = pack("C*",
0x30, 0x21, 0x30, 0x09, 0x06, 0x05,
0x2B, 0x0E, 0x03, 0x02, 0x1A,
0x05, 0x00, 0x04, 0x14);
- $dgst = "-sha1";
$hash = 2;
-} elsif (exists $config{"CONFIG_MODULE_SIG_SHA224"}) {
+} elsif ($dgst eq "sha224") {
$prologue = pack("C*",
0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09,
0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04,
0x05, 0x00, 0x04, 0x1C);
- $dgst = "-sha224";
$hash = 7;
-} elsif (exists $config{"CONFIG_MODULE_SIG_SHA256"}) {
+} elsif ($dgst eq "sha256") {
$prologue = pack("C*",
0x30, 0x31, 0x30, 0x0d, 0x06, 0x09,
0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01,
0x05, 0x00, 0x04, 0x20);
- $dgst = "-sha256";
$hash = 4;
-} elsif (exists $config{"CONFIG_MODULE_SIG_SHA384"}) {
+} elsif ($dgst eq "sha384") {
$prologue = pack("C*",
0x30, 0x41, 0x30, 0x0d, 0x06, 0x09,
0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02,
0x05, 0x00, 0x04, 0x30);
- $dgst = "-sha384";
$hash = 5;
-} elsif (exists $config{"CONFIG_MODULE_SIG_SHA512"}) {
+} elsif ($dgst eq "sha512") {
$prologue = pack("C*",
0x30, 0x51, 0x30, 0x0d, 0x06, 0x09,
0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03,
0x05, 0x00, 0x04, 0x40);
- $dgst = "-sha512";
$hash = 6;
} else {
- die "Can't determine hash algorithm";
+ die "Unknown hash algorithm: $dgst\n";
}
#
# Generate the digest and read from openssl's stdout
#
my $digest;
-$digest = readpipe("openssl dgst $dgst -binary $module") || die "openssl dgst";
+$digest = readpipe("openssl dgst -$dgst -binary $module") || die "openssl dgst";
#
# Generate the binary signature, which will be just the integer that comprises
--
1.7.10.4
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [PATCH 3/4] MODSIGN: Add -s <signature> option to sign-file
2013-01-23 15:30 [PATCH 0/4] MODSIGN: Allow to sign modules outside build Michal Marek
2013-01-23 15:30 ` [PATCH 1/4] MODSIGN: Simplify Makefile with a Kconfig helper Michal Marek
2013-01-23 15:30 ` [PATCH 2/4] MODSIGN: Specify the hash algorithm on sign-file command line Michal Marek
@ 2013-01-23 15:30 ` Michal Marek
2013-01-23 15:30 ` [PATCH 4/4] MODSIGN: Add option to not sign modules during modules_install Michal Marek
` (4 subsequent siblings)
7 siblings, 0 replies; 11+ messages in thread
From: Michal Marek @ 2013-01-23 15:30 UTC (permalink / raw)
To: dhowells, rusty; +Cc: linux-kernel
This option allows to append an externally computed singature to the
module. This is needed in setups, where the private key is not directly
available, but a service exists that returns signatures for given files.
Signed-off-by: Michal Marek <mmarek@suse.cz>
---
scripts/sign-file | 92 ++++++++++++++++++++++++++++++-----------------------
1 file changed, 53 insertions(+), 39 deletions(-)
diff --git a/scripts/sign-file b/scripts/sign-file
index eefdec4..51e3b7b 100755
--- a/scripts/sign-file
+++ b/scripts/sign-file
@@ -2,31 +2,42 @@
#
# Sign a module file using the given key.
#
-# Format:
-#
-# ./scripts/sign-file [-v] <key> <x509> <module> [<dest>]
-#
-#
+
+my $USAGE =
+"Usage: scripts/sign-file [-v] -a <hash algo> <key> <x509> <module> [<dest>]\n" .
+" scripts/sign-file [-v] -a <hash algo> -s <raw sig> <x509> ...\n";
+
use strict;
use FileHandle;
use IPC::Open2;
use Getopt::Std;
-our ($opt_v, $opt_a);
+our ($opt_v, $opt_a, $opt_s);
-my $res = getopts('va:');
+getopts('va:s:') or die $USAGE;
my $verbose = $opt_v;
my $dgst = $opt_a;
+my $signature_file = $opt_s;
-die "Format: ./scripts/sign-file [-v] -a <hash algo> <key> <x509> <module> [<dest>]\n"
- if (!$res || !$dgst || $#ARGV != 2 && $#ARGV != 3);
+die $USAGE if !$dgst || $#ARGV > 3;
+die $USAGE if !$signature_file && $#ARGV < 2 || $signature_file && $#ARGV < 1;
-my $private_key = $ARGV[0];
-my $x509 = $ARGV[1];
-my $module = $ARGV[2];
-my $dest = ($#ARGV == 3) ? $ARGV[3] : $ARGV[2] . "~";
+my $private_key;
+if (!$signature_file) {
+ $private_key = shift @ARGV;
+}
+my $x509 = shift @ARGV;
+my $module = shift @ARGV;
+my ($dest, $keep_orig);
+if (@ARGV) {
+ $dest = $ARGV[0];
+ $keep_orig = 1;
+} else {
+ $dest = $module . "~";
+}
-die "Can't read private key\n" unless (-r $private_key);
+die "Can't read private key\n" if !$signature_file && !-r $private_key;
+die "Can't read signature file\n" if $signature_file && !-r $signature_file;
die "Can't read X.509 certificate\n" unless (-r $x509);
die "Can't read module\n" unless (-r $module);
@@ -340,33 +351,36 @@ if ($dgst eq "sha1") {
die "Unknown hash algorithm: $dgst\n";
}
-#
-# Generate the digest and read from openssl's stdout
-#
-my $digest;
-$digest = readpipe("openssl dgst -$dgst -binary $module") || die "openssl dgst";
-
-#
-# Generate the binary signature, which will be just the integer that comprises
-# the signature with no metadata attached.
-#
-my $pid;
-$pid = open2(*read_from, *write_to,
- "openssl rsautl -sign -inkey $private_key -keyform PEM") ||
- die "openssl rsautl";
-binmode write_to;
-print write_to $prologue . $digest || die "pipe to openssl rsautl";
-close(write_to) || die "pipe to openssl rsautl";
-
-binmode read_from;
my $signature;
-read(read_from, $signature, 4096) || die "pipe from openssl rsautl";
-close(read_from) || die "pipe from openssl rsautl";
+if ($signature_file) {
+ $signature = read_file($signature_file);
+} else {
+ #
+ # Generate the digest and read from openssl's stdout
+ #
+ my $digest;
+ $digest = readpipe("openssl dgst -$dgst -binary $module") || die "openssl dgst";
+
+ #
+ # Generate the binary signature, which will be just the integer that
+ # comprises the signature with no metadata attached.
+ #
+ my $pid;
+ $pid = open2(*read_from, *write_to,
+ "openssl rsautl -sign -inkey $private_key -keyform PEM") ||
+ die "openssl rsautl";
+ binmode write_to;
+ print write_to $prologue . $digest || die "pipe to openssl rsautl";
+ close(write_to) || die "pipe to openssl rsautl";
+
+ binmode read_from;
+ read(read_from, $signature, 4096) || die "pipe from openssl rsautl";
+ close(read_from) || die "pipe from openssl rsautl";
+ waitpid($pid, 0) || die;
+ die "openssl rsautl died: $?" if ($? >> 8);
+}
$signature = pack("n", length($signature)) . $signature,
-waitpid($pid, 0) || die;
-die "openssl rsautl died: $?" if ($? >> 8);
-
#
# Build the signed binary
#
@@ -403,6 +417,6 @@ print FD
;
close FD || die $dest;
-if ($#ARGV != 3) {
+if (!$keep_orig) {
rename($dest, $module) || die $module;
}
--
1.7.10.4
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [PATCH 4/4] MODSIGN: Add option to not sign modules during modules_install
2013-01-23 15:30 [PATCH 0/4] MODSIGN: Allow to sign modules outside build Michal Marek
` (2 preceding siblings ...)
2013-01-23 15:30 ` [PATCH 3/4] MODSIGN: Add -s <signature> option to sign-file Michal Marek
@ 2013-01-23 15:30 ` Michal Marek
2013-01-24 15:11 ` [PATCH 1/4] MODSIGN: Simplify Makefile with a Kconfig helper David Howells
` (3 subsequent siblings)
7 siblings, 0 replies; 11+ messages in thread
From: Michal Marek @ 2013-01-23 15:30 UTC (permalink / raw)
To: dhowells, rusty; +Cc: linux-kernel
To allow the builder to sign only a subset of modules, or to sign the
modules using a key that is not available on the build machine, add
CONFIG_MODULE_SIG_ALL. If this option is unset, no modules will be
signed during build. The default is 'y', to preserve the current
behavior.
Signed-off-by: Michal Marek <mmarek@suse.cz>
---
Makefile | 2 +-
init/Kconfig | 11 +++++++++++
2 files changed, 12 insertions(+), 1 deletion(-)
diff --git a/Makefile b/Makefile
index 860dc21..e3a00de 100644
--- a/Makefile
+++ b/Makefile
@@ -719,7 +719,7 @@ endif # INSTALL_MOD_STRIP
export mod_strip_cmd
-ifeq ($(CONFIG_MODULE_SIG),y)
+ifdef CONFIG_MODULE_SIG_ALL
MODSECKEY = ./signing_key.priv
MODPUBKEY = ./signing_key.x509
export MODPUBKEY
diff --git a/init/Kconfig b/init/Kconfig
index ba7d1c1..d2db2e7 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1602,6 +1602,17 @@ config MODULE_SIG_FORCE
Reject unsigned modules or signed modules for which we don't have a
key. Without this, such modules will simply taint the kernel.
+config MODULE_SIG_ALL
+ bool "Automatically sign all modules"
+ default y
+ depends on MODULE_SIG
+ help
+ Sign all modules during make modules_install. Without this option,
+ modules must be signed manually, using the scripts/sign-file tool.
+
+comment "Do not forget to sign required modules with scripts/sign-file"
+ depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL
+
choice
prompt "Which hash algorithm should modules be signed with?"
depends on MODULE_SIG
--
1.7.10.4
^ permalink raw reply related [flat|nested] 11+ messages in thread
* Re: [PATCH 1/4] MODSIGN: Simplify Makefile with a Kconfig helper
2013-01-23 15:30 [PATCH 0/4] MODSIGN: Allow to sign modules outside build Michal Marek
` (3 preceding siblings ...)
2013-01-23 15:30 ` [PATCH 4/4] MODSIGN: Add option to not sign modules during modules_install Michal Marek
@ 2013-01-24 15:11 ` David Howells
2013-01-24 15:16 ` [PATCH 2/4] MODSIGN: Specify the hash algorithm on sign-file command line David Howells
` (2 subsequent siblings)
7 siblings, 0 replies; 11+ messages in thread
From: David Howells @ 2013-01-24 15:11 UTC (permalink / raw)
To: Michal Marek; +Cc: dhowells, rusty, linux-kernel
Michal Marek <mmarek@suse.cz> wrote:
> Signed-off-by: Michal Marek <mmarek@suse.cz>
Add a check into the script to make sure that CONFIG_MODULE_SIG_HASH is
actually set to something, and then you can add "Acked-by: David Howells
<dhowells@redhat.com>".
David
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH 2/4] MODSIGN: Specify the hash algorithm on sign-file command line
2013-01-23 15:30 [PATCH 0/4] MODSIGN: Allow to sign modules outside build Michal Marek
` (4 preceding siblings ...)
2013-01-24 15:11 ` [PATCH 1/4] MODSIGN: Simplify Makefile with a Kconfig helper David Howells
@ 2013-01-24 15:16 ` David Howells
2013-01-24 15:17 ` David Howells
2013-01-24 15:20 ` [PATCH 3/4] MODSIGN: Add -s <signature> option to sign-file David Howells
7 siblings, 0 replies; 11+ messages in thread
From: David Howells @ 2013-01-24 15:16 UTC (permalink / raw)
To: Michal Marek; +Cc: dhowells, rusty, linux-kernel
Michal Marek <mmarek@suse.cz> wrote:
> -mod_sign_cmd = perl $(srctree)/scripts/sign-file $(MODSECKEY) $(MODPUBKEY)
> +mod_sign_cmd = perl $(srctree)/scripts/sign-file -a $(CONFIG_MODULE_SIG_HASH) $(MODSECKEY) $(MODPUBKEY)
It's mandatory, so it shouldn't really have a "-a" flag.
David
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH 2/4] MODSIGN: Specify the hash algorithm on sign-file command line
2013-01-23 15:30 [PATCH 0/4] MODSIGN: Allow to sign modules outside build Michal Marek
` (5 preceding siblings ...)
2013-01-24 15:16 ` [PATCH 2/4] MODSIGN: Specify the hash algorithm on sign-file command line David Howells
@ 2013-01-24 15:17 ` David Howells
2013-01-24 19:59 ` Michal Marek
2013-01-25 0:07 ` David Howells
2013-01-24 15:20 ` [PATCH 3/4] MODSIGN: Add -s <signature> option to sign-file David Howells
7 siblings, 2 replies; 11+ messages in thread
From: David Howells @ 2013-01-24 15:17 UTC (permalink / raw)
To: Michal Marek; +Cc: dhowells, rusty, linux-kernel
Michal Marek <mmarek@suse.cz> wrote:
> +our ($opt_v, $opt_a);
Should this be 'our' or 'my'?
David
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH 3/4] MODSIGN: Add -s <signature> option to sign-file
2013-01-23 15:30 [PATCH 0/4] MODSIGN: Allow to sign modules outside build Michal Marek
` (6 preceding siblings ...)
2013-01-24 15:17 ` David Howells
@ 2013-01-24 15:20 ` David Howells
7 siblings, 0 replies; 11+ messages in thread
From: David Howells @ 2013-01-24 15:20 UTC (permalink / raw)
To: Michal Marek; +Cc: dhowells, rusty, linux-kernel
+die "Can't read private key\n" if !$signature_file && !-r $private_key;
+die "Can't read signature file\n" if $signature_file && !-r $signature_file;
Please bracket the if condition.
David
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH 2/4] MODSIGN: Specify the hash algorithm on sign-file command line
2013-01-24 15:17 ` David Howells
@ 2013-01-24 19:59 ` Michal Marek
2013-01-25 0:07 ` David Howells
1 sibling, 0 replies; 11+ messages in thread
From: Michal Marek @ 2013-01-24 19:59 UTC (permalink / raw)
To: David Howells; +Cc: rusty, linux-kernel
Dne 24.1.2013 16:17, David Howells napsal(a):
> Michal Marek <mmarek@suse.cz> wrote:
>
>> +our ($opt_v, $opt_a);
>
> Should this be 'our' or 'my'?
These are global variables set by getopts(), so they need to be declared
'our'. But I can change it to use the two-argument version of getopts,
that does not use global variables.
Michal
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH 2/4] MODSIGN: Specify the hash algorithm on sign-file command line
2013-01-24 15:17 ` David Howells
2013-01-24 19:59 ` Michal Marek
@ 2013-01-25 0:07 ` David Howells
1 sibling, 0 replies; 11+ messages in thread
From: David Howells @ 2013-01-25 0:07 UTC (permalink / raw)
To: Michal Marek; +Cc: dhowells, rusty, linux-kernel
Michal Marek <mmarek@suse.cz> wrote:
> >> +our ($opt_v, $opt_a);
> >
> > Should this be 'our' or 'my'?
>
> These are global variables set by getopts(), so they need to be declared
> 'our'. But I can change it to use the two-argument version of getopts,
> that does not use global variables.
No, that's fine. Perl seems like black magic at the best of times.
David
^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2013-01-25 0:07 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-01-23 15:30 [PATCH 0/4] MODSIGN: Allow to sign modules outside build Michal Marek
2013-01-23 15:30 ` [PATCH 1/4] MODSIGN: Simplify Makefile with a Kconfig helper Michal Marek
2013-01-23 15:30 ` [PATCH 2/4] MODSIGN: Specify the hash algorithm on sign-file command line Michal Marek
2013-01-23 15:30 ` [PATCH 3/4] MODSIGN: Add -s <signature> option to sign-file Michal Marek
2013-01-23 15:30 ` [PATCH 4/4] MODSIGN: Add option to not sign modules during modules_install Michal Marek
2013-01-24 15:11 ` [PATCH 1/4] MODSIGN: Simplify Makefile with a Kconfig helper David Howells
2013-01-24 15:16 ` [PATCH 2/4] MODSIGN: Specify the hash algorithm on sign-file command line David Howells
2013-01-24 15:17 ` David Howells
2013-01-24 19:59 ` Michal Marek
2013-01-25 0:07 ` David Howells
2013-01-24 15:20 ` [PATCH 3/4] MODSIGN: Add -s <signature> option to sign-file David Howells
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).