[PATCH] ima: Fix build failure of redefinition of integrity_init_keyring()

[PATCH] ima: Fix build failure of redefinition of integrity_init_keyring()

[Steven Rostedt]

If CONFIG_INTEGRITY_SIGNATURE is set, but
CONFIG_INTEGRITY_ASYMMETRIC_KEYS is not, then we get the following
build failure:

linux.git/security/integrity/digsig.c:70:5: error: redefinition of ‘integrity_init_keyring’
linux.git/security/integrity/integrity.h:149:12: note: previous definition of ‘integrity_init_keyring’ was here
linux.git/security/integrity/integrity.h:149:12: warning: ‘integrity_init_keyring’ defined but not used distcc[8580] ERROR:
compile /home/rostedt/work/git/linux-trace.git/security/integrity/digsig.c on localhost failed

The problem is that CONFIG_INTEGRITY_SIGNATURE will compile digsig.o,
which defines integrity_init_keyring(), but when
CONFIG_INTEGRITY_ASYMMETRIC_KEYS is not defined, the header will define
integrity_init_keyring() as a static inline.

Do not define integrity_init_keyring() when
CONFIG_INTEGRITY_ASYMMETRIC_KEYS is not configured.

I also added the missing "inline" for the stub function.

Signed-off-by: Steven Rostedt <rostedt@goodmis.org>

diff --git a/security/integrity/digsig.c b/security/integrity/digsig.c
index 77ca965..00bc3e1 100644
--- a/security/integrity/digsig.c
+++ b/security/integrity/digsig.c
@@ -67,6 +67,7 @@ int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen,
 	return -EOPNOTSUPP;
 }
 
+#ifdef CONFIG_INTEGRITY_ASYMMETRIC_KEYS
 int integrity_init_keyring(const unsigned int id)
 {
 	const struct cred *cred = current_cred();
@@ -84,3 +85,4 @@ int integrity_init_keyring(const unsigned int id)
 			keyring_name[id], PTR_ERR(keyring[id]));
 	return 0;
 }
+#endif
diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h
index b9e7c13..c3d48dc 100644
--- a/security/integrity/integrity.h
+++ b/security/integrity/integrity.h
@@ -146,7 +146,7 @@ static inline int asymmetric_verify(struct key *keyring, const char *sig,
 	return -EOPNOTSUPP;
 }
 
-static int integrity_init_keyring(const unsigned int id)
+static inline int integrity_init_keyring(const unsigned int id)
 {
 	return 0;
 }

Re: [PATCH] ima: Fix build failure of redefinition of integrity_init_keyring()

[Linus Torvalds]

On Tue, Nov 26, 2013 at 12:04 PM, Steven Rostedt <rostedt@goodmis.org> wrote:
> If CONFIG_INTEGRITY_SIGNATURE is set, but
> CONFIG_INTEGRITY_ASYMMETRIC_KEYS is not, then we get the following
> build failure:

Didn't this already get fixed by the reverts I did and Mimi acked?

Commits 4c1cc40a2d49 ("Revert "KEYS: verify a certificate is signed by
a 'trusted' key"") and 34ef7bd3823b ("Revert "ima: define '_ima' as a
builtin 'trusted' keyring"") to be exact.

              Linus

Re: [PATCH] ima: Fix build failure of redefinition of integrity_init_keyring()

[Steven Rostedt]

On Tue, 26 Nov 2013 12:12:12 -0800
Linus Torvalds <torvalds@linux-foundation.org> wrote:

> On Tue, Nov 26, 2013 at 12:04 PM, Steven Rostedt <rostedt@goodmis.org> wrote:
> > If CONFIG_INTEGRITY_SIGNATURE is set, but
> > CONFIG_INTEGRITY_ASYMMETRIC_KEYS is not, then we get the following
> > build failure:
> 
> Didn't this already get fixed by the reverts I did and Mimi acked?
> 
> Commits 4c1cc40a2d49 ("Revert "KEYS: verify a certificate is signed by
> a 'trusted' key"") and 34ef7bd3823b ("Revert "ima: define '_ima' as a
> builtin 'trusted' keyring"") to be exact.
> 

Ah, your right. I was working against 3.13-rc1, that revert came later.

OK, please ignore.

I'll add those reverts to my tests for my branches that are still based
on 3.13-rc1.

Thanks!

-- Steve