user/sven/linux.git/scripts/extract-cert.c, branch v4.20 Linux Kernel https://git.stealer.net/cgit.cgi/user/sven/linux.git/atom?h=v4.20 2015-09-25T15:31:45Z KEYS: Remove unnecessary header #inclusions from extract-cert.c 2015-09-25T15:31:45Z David Howells dhowells@redhat.com 2015-09-25T15:31:45Z urn:sha1:292c6091353475d94e2cfb49c29906e88ee967ba Remove headers #included unnecessarily from extract-cert.c lest they cause compilation of the tool to fail against an older OpenSSL library. Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: David Woodhouse <David.Woodhouse@intel.com> modsign: Fix GPL/OpenSSL licence incompatibility 2015-09-15T20:54:21Z David Woodhouse dwmw2@infradead.org 2015-09-15T15:03:36Z urn:sha1:09a77a885233e2a20dac2635a79c83ccf50a26a1 The GPL does not permit us to link against the OpenSSL library. Use LGPL for sign-file and extract-file instead. [ The whole "openssl isn't compatible with gpl" is really just fear-mongering, but there's no reason not to make modsign LGPL, so nobody cares. - Linus ] Reported-by: Julian Andres Klode <jak@jak-linux.org> Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Signed-off-by: David Howells <dhowells@redhat.com> Reviewed-by: Julian Andres Klode <jak@jak-linux.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> MODSIGN: fix a compilation warning in extract-cert 2015-09-11T22:21:34Z David Howells dhowells@redhat.com 2015-09-11T20:07:36Z urn:sha1:7c0d35a339db612aae5496424030307128f088a9 Fix the following warning when compiling extract-cert: scripts/extract-cert.c: In function `write_cert': scripts/extract-cert.c:89:2: warning: format not a string literal and no format arguments [-Wformat-security] ERR(!i2d_X509_bio(wb, x509), cert_dst); ^ whereby the ERR() macro is taking cert_dst as the format string. "%s" should be used as the format string as the path could contain special characters. Signed-off-by: David Howells <dhowells@redhat.com> Reported-by: Jim Davis <jim.epost@gmail.com> Acked-by : David Woodhouse <david.woodhouse@intel.com> Cc: James Morris <jmorris@namei.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> extract-cert: Cope with multiple X.509 certificates in a single file 2015-08-12T16:01:01Z David Woodhouse David.Woodhouse@intel.com 2015-07-20T20:16:33Z urn:sha1:84706caae9e06363db4f956cde4f9715ce5c0ef3 This is not required for the module signing key, although it doesn't do any harm — it just means that any additional certs in the PEM file are also trusted by the kernel. But it does allow us to use the extract-cert tool for processing the extra certs from CONFIG_SYSTEM_TRUSTED_KEYS, instead of that horrid awk|base64 hack. Also cope with being invoked with no input file, creating an empty output file as a result. Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Signed-off-by: David Howells <dhowells@redhat.com> modsign: Extract signing cert from CONFIG_MODULE_SIG_KEY if needed 2015-08-07T15:26:14Z David Woodhouse David.Woodhouse@intel.com 2015-07-20T20:16:30Z urn:sha1:1329e8cc69b93a0b1bc6d197b30dcff628c18dbf Where an external PEM file or PKCS#11 URI is given, we can get the cert from it for ourselves instead of making the user drop signing_key.x509 in place for us. Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Signed-off-by: David Howells <dhowells@redhat.com>