Commit ec67b14c authored by Linus Torvalds's avatar Linus Torvalds

Merge tag 'localmodconfig-v4.7' of...

Merge tag 'localmodconfig-v4.7' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-kconfig

Pull localmodconfig updates from Steven Rostedt.
 "Benjamin Poirier added some minor fixes and clean ups to
  localmodconfig.

  One is a fix for making sure that module signing still works when
  coming from a different environment.  If original keys are not found
  it will warn and reset the keys to their default value"

* tag 'localmodconfig-v4.7' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-kconfig:
  localmodconfig: Fix whitespace repeat count after "tristate"
  localmodconfig: Reset certificate paths
  localmodconfig: Add missing $ to reference a variable
  localmodconfig: Fix parsing of "help" text
  localmodconfig: Recognize more keywords that end a menu entry
  localmodconfig: Fix parsing of Kconfig "source" statements
parents 7beaa24b 5bcba792
...@@ -188,7 +188,7 @@ sub read_kconfig { ...@@ -188,7 +188,7 @@ sub read_kconfig {
$cont = 0; $cont = 0;
# collect any Kconfig sources # collect any Kconfig sources
if (/^source\s*"(.*)"/) { if (/^source\s+"?([^"]+)/) {
my $kconfig = $1; my $kconfig = $1;
# prevent reading twice. # prevent reading twice.
if (!defined($read_kconfigs{$kconfig})) { if (!defined($read_kconfigs{$kconfig})) {
...@@ -237,7 +237,7 @@ sub read_kconfig { ...@@ -237,7 +237,7 @@ sub read_kconfig {
} }
# configs without prompts must be selected # configs without prompts must be selected
} elsif ($state ne "NONE" && /^\s*tristate\s\S/) { } elsif ($state ne "NONE" && /^\s*(tristate\s+\S|prompt\b)/) {
# note if the config has a prompt # note if the config has a prompt
$prompts{$config} = 1; $prompts{$config} = 1;
...@@ -256,8 +256,8 @@ sub read_kconfig { ...@@ -256,8 +256,8 @@ sub read_kconfig {
$iflevel-- if ($iflevel); $iflevel-- if ($iflevel);
# stop on "help" # stop on "help" and keywords that end a menu entry
} elsif (/^\s*help\s*$/) { } elsif (/^\s*(---)?help(---)?\s*$/ || /^(comment|choice|menu)\b/) {
$state = "NONE"; $state = "NONE";
} }
} }
...@@ -454,7 +454,7 @@ sub parse_config_depends ...@@ -454,7 +454,7 @@ sub parse_config_depends
$p =~ s/^[^$valid]*[$valid]+//; $p =~ s/^[^$valid]*[$valid]+//;
# We only need to process if the depend config is a module # We only need to process if the depend config is a module
if (!defined($orig_configs{$conf}) || !$orig_configs{conf} eq "m") { if (!defined($orig_configs{$conf}) || $orig_configs{$conf} eq "y") {
next; next;
} }
...@@ -610,6 +610,40 @@ foreach my $line (@config_file) { ...@@ -610,6 +610,40 @@ foreach my $line (@config_file) {
next; next;
} }
if (/CONFIG_MODULE_SIG_KEY="(.+)"/) {
my $orig_cert = $1;
my $default_cert = "certs/signing_key.pem";
# Check that the logic in this script still matches the one in Kconfig
if (!defined($depends{"MODULE_SIG_KEY"}) ||
$depends{"MODULE_SIG_KEY"} !~ /"\Q$default_cert\E"/) {
print STDERR "WARNING: MODULE_SIG_KEY assertion failure, ",
"update needed to ", __FILE__, " line ", __LINE__, "\n";
print;
} elsif ($orig_cert ne $default_cert && ! -f $orig_cert) {
print STDERR "Module signature verification enabled but ",
"module signing key \"$orig_cert\" not found. Resetting ",
"signing key to default value.\n";
print "CONFIG_MODULE_SIG_KEY=\"$default_cert\"\n";
} else {
print;
}
next;
}
if (/CONFIG_SYSTEM_TRUSTED_KEYS="(.+)"/) {
my $orig_keys = $1;
if (! -f $orig_keys) {
print STDERR "System keyring enabled but keys \"$orig_keys\" ",
"not found. Resetting keys to default value.\n";
print "CONFIG_SYSTEM_TRUSTED_KEYS=\"\"\n";
} else {
print;
}
next;
}
if (/^(CONFIG.*)=(m|y)/) { if (/^(CONFIG.*)=(m|y)/) {
if (defined($configs{$1})) { if (defined($configs{$1})) {
if ($localyesconfig) { if ($localyesconfig) {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment