1. 08 Jan, 2022 12 commits
    • Masahiro Yamada's avatar
      certs: move scripts/extract-cert to certs/ · 340a0253
      Masahiro Yamada authored
      extract-cert is only used in certs/Makefile.
      
      Move it there and build extract-cert on demand.
      Signed-off-by: default avatarMasahiro Yamada <masahiroy@kernel.org>
      340a0253
    • Masahiro Yamada's avatar
      kbuild: do not quote string values in include/config/auto.conf · 129ab0d2
      Masahiro Yamada authored
      The previous commit fixed up all shell scripts to not include
      include/config/auto.conf.
      
      Now that include/config/auto.conf is only included by Makefiles,
      we can change it into a more Make-friendly form.
      
      Previously, Kconfig output string values enclosed with double-quotes
      (both in the .config and include/config/auto.conf):
      
          CONFIG_X="foo bar"
      
      Unlike shell, Make handles double-quotes (and single-quotes as well)
      verbatim. We must rip them off when used.
      
      There are some patterns:
      
        [1] $(patsubst "%",%,$(CONFIG_X))
        [2] $(CONFIG_X:"%"=%)
        [3] $(subst ",,$(CONFIG_X))
        [4] $(shell echo $(CONFIG_X))
      
      These are not only ugly, but also fragile.
      
      [1] and [2] do not work if the value contains spaces, like
         CONFIG_X=" foo bar "
      
      [3] does not work correctly if the value contains double-quotes like
         CONFIG_X="foo\"bar"
      
      [4] seems to work better, but has a cost of forking a process.
      
      Anyway, quoted strings were always PITA for our Makefiles.
      
      This commit changes Kconfig to stop quoting in include/config/auto.conf.
      
      These are the string type symbols referenced in Makefiles or scripts:
      
          ACPI_CUSTOM_DSDT_FILE
          ARC_BUILTIN_DTB_NAME
          ARC_TUNE_MCPU
          BUILTIN_DTB_SOURCE
          CC_IMPLICIT_FALLTHROUGH
          CC_VERSION_TEXT
          CFG80211_EXTRA_REGDB_KEYDIR
          EXTRA_FIRMWARE
          EXTRA_FIRMWARE_DIR
          EXTRA_TARGETS
          H8300_BUILTIN_DTB
          INITRAMFS_SOURCE
          LOCALVERSION
          MODULE_SIG_HASH
          MODULE_SIG_KEY
          NDS32_BUILTIN_DTB
          NIOS2_DTB_SOURCE
          OPENRISC_BUILTIN_DTB
          SOC_CANAAN_K210_DTB_SOURCE
          SYSTEM_BLACKLIST_HASH_LIST
          SYSTEM_REVOCATION_KEYS
          SYSTEM_TRUSTED_KEYS
          TARGET_CPU
          UNUSED_KSYMS_WHITELIST
          XILINX_MICROBLAZE0_FAMILY
          XILINX_MICROBLAZE0_HW_VER
          XTENSA_VARIANT_NAME
      
      I checked them one by one, and fixed up the code where necessary.
      Signed-off-by: default avatarMasahiro Yamada <masahiroy@kernel.org>
      129ab0d2
    • Masahiro Yamada's avatar
      kbuild: do not include include/config/auto.conf from shell scripts · 7d153696
      Masahiro Yamada authored
      Richard Weinberger pointed out the risk of sourcing the kernel config
      from shell scripts [1], and proposed some patches [2], [3]. It is a good
      point, but it took a long time because I was wondering how to fix this.
      
      This commit goes with simple grep approach because there are only a few
      scripts including the kernel configuration.
      
      scripts/link_vmlinux.sh has references to a bunch of CONFIG options,
      all of which are boolean. I added is_enabled() helper as
      scripts/package/{mkdebian,builddeb} do.
      
      scripts/gen_autoksyms.sh uses 'eval', stating "to expand the whitelist
      path". I removed it since it is the issue we are trying to fix.
      
      I was a bit worried about the cost of invoking the grep command over
      again. I extracted the grep parts from it, and measured the cost. It
      was approximately 0.03 sec, which I hope is acceptable.
      
      [test code]
      
        $ cat test-grep.sh
        #!/bin/sh
      
        is_enabled() {
                grep -q "^$1=y" include/config/auto.conf
        }
      
        is_enabled CONFIG_LTO_CLANG
        is_enabled CONFIG_LTO_CLANG
        is_enabled CONFIG_STACK_VALIDATION
        is_enabled CONFIG_UNWINDER_ORC
        is_enabled CONFIG_FTRACE_MCOUNT_USE_OBJTOOL
        is_enabled CONFIG_VMLINUX_VALIDATION
        is_enabled CONFIG_FRAME_POINTER
        is_enabled CONFIG_GCOV_KERNEL
        is_enabled CONFIG_LTO_CLANG
        is_enabled CONFIG_RETPOLINE
        is_enabled CONFIG_X86_SMAP
        is_enabled CONFIG_LTO_CLANG
        is_enabled CONFIG_VMLINUX_MAP
        is_enabled CONFIG_KALLSYMS_ALL
        is_enabled CONFIG_KALLSYMS_ABSOLUTE_PERCPU
        is_enabled CONFIG_KALLSYMS_BASE_RELATIVE
        is_enabled CONFIG_DEBUG_INFO_BTF
        is_enabled CONFIG_KALLSYMS
        is_enabled CONFIG_DEBUG_INFO_BTF
        is_enabled CONFIG_BPF
        is_enabled CONFIG_BUILDTIME_TABLE_SORT
        is_enabled CONFIG_KALLSYMS
      
        $ time ./test-grep.sh
        real    0m0.036s
        user    0m0.027s
        sys     m0.009s
      
      [1]: https://lore.kernel.org/all/1919455.eZKeABUfgV@blindfold/
      [2]: https://lore.kernel.org/all/20180219092245.26404-1-richard@nod.at/
      [3]: https://lore.kernel.org/all/20210920213957.1064-2-richard@nod.at/Signed-off-by: default avatarMasahiro Yamada <masahiroy@kernel.org>
      Reviewed-by: default avatarNicolas Schier <n.schier@avm.de>
      7d153696
    • Masahiro Yamada's avatar
      certs: simplify $(srctree)/ handling and remove config_filename macro · b8c96a6b
      Masahiro Yamada authored
      The complex macro, config_filename, was introduced to do:
      
       [1] drop double-quotes from the string value
       [2] add $(srctree)/ prefix in case the file is not found in $(objtree)
       [3] escape spaces and more
      
      [1] will be more generally handled by Kconfig later.
      
      As for [2], Kbuild uses VPATH to search for files in $(objtree),
      $(srctree) in this order. GNU Make can natively handle it.
      
      As for [3], converting $(space) to $(space_escape) back and forth looks
      questionable to me. It is well-known that GNU Make cannot handle file
      paths with spaces in the first place.
      
      Instead of using the complex macro, use $< so it will be expanded to
      the file path of the key.
      
      Remove config_filename, finally.
      Signed-off-by: default avatarMasahiro Yamada <masahiroy@kernel.org>
      b8c96a6b
    • Masahiro Yamada's avatar
      kbuild: stop using config_filename in scripts/Makefile.modsign · 4db9c2e3
      Masahiro Yamada authored
      Toward the goal of removing the config_filename macro, drop
      the double-quotes and add $(srctree)/ prefix in an ad hoc way.
      Signed-off-by: default avatarMasahiro Yamada <masahiroy@kernel.org>
      Reviewed-by: default avatarNicolas Schier <n.schier@avm.de>
      4db9c2e3
    • Masahiro Yamada's avatar
      certs: remove misleading comments about GCC PR · 5410f3e8
      Masahiro Yamada authored
      This dependency is necessary irrespective of the mentioned GCC PR
      because the embedded certificates are build artifacts and must be
      generated by extract_certs before *.S files are compiled.
      
      The comment sounds like we are hoping to remove these dependencies
      someday. No, we cannot remove them.
      Signed-off-by: default avatarMasahiro Yamada <masahiroy@kernel.org>
      5410f3e8
    • Masahiro Yamada's avatar
      certs: refactor file cleaning · 5cca3606
      Masahiro Yamada authored
      'make clean' removes files listed in 'targets'. It is redundant to
      specify both 'targets' and 'clean-files'.
      
      Move 'targets' assignments out of the ifeq-conditionals so
      scripts/Makefile.clean can see them.
      
      One effective change is that certs/certs/signing_key.x509 is now
      deleted by 'make clean' instead of 'make mrproper. This certificate
      is embedded in the kernel. It is not used in any way by external
      module builds.
      Signed-off-by: default avatarMasahiro Yamada <masahiroy@kernel.org>
      Reviewed-by: default avatarNicolas Schier <n.schier@avm.de>
      5cca3606
    • Masahiro Yamada's avatar
      certs: remove unneeded -I$(srctree) option for system_certificates.o · 3958f215
      Masahiro Yamada authored
      The .incbin directive in certs/system_certificates.S includes
      certs/signing_key.x509 and certs/x509_certificate_list, both of which
      are generated by extract_certs, i.e. exist in $(objtree).
      
      This option -I$(srctree) is unneeded.
      Signed-off-by: default avatarMasahiro Yamada <masahiroy@kernel.org>
      3958f215
    • Masahiro Yamada's avatar
      certs: unify duplicated cmd_extract_certs and improve the log · 1c4bd9f7
      Masahiro Yamada authored
      cmd_extract_certs is defined twice. Unify them.
      
      The current log shows the input file $(2), which might be empty.
      You cannot know what is being created from the log, "EXTRACT_CERTS".
      
      Change the log to show the output file with better alignment.
      
      [Before]
      
        EXTRACT_CERTS   certs/signing_key.pem
        CC      certs/system_keyring.o
        EXTRACT_CERTS
        AS      certs/system_certificates.o
        CC      certs/common.o
        CC      certs/blacklist.o
        EXTRACT_CERTS
        AS      certs/revocation_certificates.o
      
      [After]
      
        CERT    certs/signing_key.x509
        CC      certs/system_keyring.o
        CERT    certs/x509_certificate_list
        AS      certs/system_certificates.o
        CC      certs/common.o
        CC      certs/blacklist.o
        CERT    certs/x509_revocation_list
        AS      certs/revocation_certificates.o
      Signed-off-by: default avatarMasahiro Yamada <masahiroy@kernel.org>
      Reviewed-by: default avatarNicolas Schier <n.schier@avm.de>
      1c4bd9f7
    • Masahiro Yamada's avatar
      certs: use $< and $@ to simplify the key generation rule · c537e4d0
      Masahiro Yamada authored
      Do not repeat $(obj)/x509.genkey or $(obj)/signing_key.pem
      Signed-off-by: default avatarMasahiro Yamada <masahiroy@kernel.org>
      Reviewed-by: default avatarNicolas Schier <n.schier@avm.de>
      c537e4d0
    • Masahiro Yamada's avatar
      kbuild: remove headers_check stub · 4fbce819
      Masahiro Yamada authored
      Linux 5.15 is out. Remove this stub now.
      Signed-off-by: default avatarMasahiro Yamada <masahiroy@kernel.org>
      Reviewed-by: default avatarNick Desaulniers <ndesaulniers@google.com>
      4fbce819
    • Masahiro Yamada's avatar
      kbuild: move headers_check.pl to usr/include/ · 50a48340
      Masahiro Yamada authored
      This script is only used by usr/include/Makefile. Make it local to
      the directory.
      
      Update the comment in include/uapi/linux/soundcard.h because
      'make headers_check' is no longer functional.
      Signed-off-by: default avatarMasahiro Yamada <masahiroy@kernel.org>
      50a48340
  2. 11 Dec, 2021 7 commits
  3. 02 Dec, 2021 8 commits
  4. 28 Nov, 2021 8 commits
  5. 27 Nov, 2021 5 commits