From: Eric Snowberg <eric.snowberg@oracle.com>
To: David Howells <dhowells@redhat.com>
Cc: Randy Dunlap <rdunlap@infradead.org>,
David Woodhouse <dwmw2@infradead.org>,
keyrings@vger.kernel.org, linux-kernel@vger.kernel.org,
Eric Snowberg <eric.snowberg@oracle.com>
Subject: Re: [PATCH] certs: Fix wrong kconfig option used for x509_revocation_list
Date: Wed, 3 Mar 2021 19:45:38 -0700 [thread overview]
Message-ID: <10ECA885-8F0B-4BB1-8CD9-B3D1993E20E0@oracle.com> (raw)
In-Reply-To: <2033457.1614763481@warthog.procyon.org.uk>
> On Mar 3, 2021, at 2:24 AM, David Howells <dhowells@redhat.com> wrote:
>
> Eric Snowberg <eric.snowberg@oracle.com> wrote:
>
>> +ifeq ($(CONFIG_SYSTEM_REVOCATION_LIST),y)
>> +obj-$(CONFIG_SYSTEM_BLACKLIST_KEYRING) += revocation_certificates.o
>> +endif
>
> Should the ifeq be referring to CONFIG_SYSTEM_REVOCATION_KEYS rather than
> CONFIG_SYSTEM_REVOCATION_LIST? In fact, since S_R_K depends indirectly on
> S_B_K, you should be able to just do:
>
> +obj-$(CONFIG_SYSTEM_REVOCATION_KEYS) += revocation_certificates.o
Since S_R_K is a string, I could not get that to work. I could get this
to work:
obj-$(CONFIG_SYSTEM_REVOCATION_LIST) += revocation_certificates.o
If there is another way of doing this with S_R_K instead, let me know.
>> +#ifdef CONFIG_SYSTEM_REVOCATION_LIST
>
> Here also?
When S_R_L is defined, S_R_K will also always be defined too. Either as an
empty string or a path to a file. With my change, it works the same as the
current code in CONFIG_SYSTEM_TRUSTED_KEYS and CONFIG_SYSTEM_TRUSTED_KEYRING,
which also uses the extract_certs script. It can properly handle a NULL
string. If I changed it to S_R_K here, it seems confusing to me, since one
might assume it is only defined when someone adds a string to S_R_K. But,
I can change it if you’d like.
>> + hostprogs-always-$(CONFIG_SYSTEM_BLACKLIST_KEYRING) += extract-cert
>
> And here too?
next prev parent reply other threads:[~2021-03-04 2:48 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-03 3:44 [PATCH] certs: Fix wrong kconfig option used for x509_revocation_list Eric Snowberg
2021-03-03 9:24 ` David Howells
2021-03-04 2:45 ` Eric Snowberg [this message]
2021-03-04 15:25 ` David Howells
2021-03-04 4:38 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=10ECA885-8F0B-4BB1-8CD9-B3D1993E20E0@oracle.com \
--to=eric.snowberg@oracle.com \
--cc=dhowells@redhat.com \
--cc=dwmw2@infradead.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=rdunlap@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.