From 61754c18752ffb78145671e94f053fb202fff041 Mon Sep 17 00:00:00 2001 From: Michal Marek Date: Wed, 1 Jul 2015 17:19:30 +0200 Subject: kbuild: Allow arch Makefiles to override {cpp,ld,c}flags Since commit a1c48bb1 (Makefile: Fix unrecognized cross-compiler command line options), the arch Makefile is included earlier by the main Makefile, preventing the arc architecture to set its -O3 compiler option. Since there might be more use cases for an arch Makefile to fine-tune the options, add support for ARCH_CPPFLAGS, ARCH_AFLAGS and ARCH_CFLAGS variables that are appended to the respective kbuild variables. The user still has the final say via the KCPPFLAGS, KAFLAGS and KCFLAGS variables. Reported-by: Vineet Gupta Cc: stable@vger.kernel.org # 3.16+ Signed-off-by: Michal Marek --- Makefile | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'Makefile') diff --git a/Makefile b/Makefile index 13270c0a9336..8c31fbc90589 100644 --- a/Makefile +++ b/Makefile @@ -780,10 +780,11 @@ endif include scripts/Makefile.kasan include scripts/Makefile.extrawarn -# Add user supplied CPPFLAGS, AFLAGS and CFLAGS as the last assignments -KBUILD_CPPFLAGS += $(KCPPFLAGS) -KBUILD_AFLAGS += $(KAFLAGS) -KBUILD_CFLAGS += $(KCFLAGS) +# Add any arch overrides and user supplied CPPFLAGS, AFLAGS and CFLAGS as the +# last assignments +KBUILD_CPPFLAGS += $(ARCH_CPPFLAGS) $(KCPPFLAGS) +KBUILD_AFLAGS += $(ARCH_AFLAGS) $(KAFLAGS) +KBUILD_CFLAGS += $(ARCH_CFLAGS) $(KCFLAGS) # Use --build-id when available. LDFLAGS_BUILD_ID = $(patsubst -Wl$(comma)%,%,\ -- cgit v1.2.3 From bc0195aad0daa2ad5b0d76cce22b167bc3435590 Mon Sep 17 00:00:00 2001 From: Linus Torvalds Date: Sun, 12 Jul 2015 15:10:30 -0700 Subject: Linux 4.2-rc2 --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Makefile') diff --git a/Makefile b/Makefile index 13270c0a9336..257ef5892ab7 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,7 @@ VERSION = 4 PATCHLEVEL = 2 SUBLEVEL = 0 -EXTRAVERSION = -rc1 +EXTRAVERSION = -rc2 NAME = Hurr durr I'ma sheep # *DOCUMENTATION* -- cgit v1.2.3 From 52721d9d3334c1cb1f76219a161084094ec634dc Mon Sep 17 00:00:00 2001 From: Linus Torvalds Date: Sun, 19 Jul 2015 14:45:02 -0700 Subject: Linux 4.2-rc3 --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Makefile') diff --git a/Makefile b/Makefile index 2f49d89eccfa..a9ad4908e870 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,7 @@ VERSION = 4 PATCHLEVEL = 2 SUBLEVEL = 0 -EXTRAVERSION = -rc2 +EXTRAVERSION = -rc3 NAME = Hurr durr I'ma sheep # *DOCUMENTATION* -- cgit v1.2.3 From 6dd3f13e4239a8c2b1e60687d7321bc0df614f33 Mon Sep 17 00:00:00 2001 From: Michal Marek Date: Thu, 16 Jul 2015 18:23:53 +0200 Subject: kbuild: Do not pick up ARCH_{CPP,A,C}FLAGS from the environment Initialize the ARCH_* overrides before including the arch Makefile, to avoid picking up the values from the environment. The variables can still be overriden on the make command line, but this won't happen by accident. Signed-off-by: Michal Marek --- Makefile | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'Makefile') diff --git a/Makefile b/Makefile index 13270c0a9336..dc868bcdaf45 100644 --- a/Makefile +++ b/Makefile @@ -597,6 +597,11 @@ endif # $(dot-config) # Defaults to vmlinux, but the arch makefile usually adds further targets all: vmlinux +# The arch Makefile can set ARCH_{CPP,A,C}FLAGS to override the default +# values of the respective KBUILD_* variables +ARCH_CPPFLAGS := +ARCH_AFLAGS := +ARCH_CFLAGS := include arch/$(SRCARCH)/Makefile KBUILD_CFLAGS += $(call cc-option,-fno-delete-null-pointer-checks,) -- cgit v1.2.3 From 3d1450d54a4fc277fc4598acf2335f74b66b08fc Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Tue, 7 Jul 2015 20:26:07 +0200 Subject: Makefile: Force gzip and xz on module install Running `make modules_install` ordinarily will overwrite existing modules. This is the desired behavior, and is how pretty much every other `make install` target works. However, if CONFIG_MODULE_COMPRESS is enabled, modules are passed through gzip and xz which then do the file writing. Both gzip and xz will error out if the file already exists, unless -f is passed. This patch adds -f so that the behavior is uniform. Signed-off-by: Jason A. Donenfeld Signed-off-by: Michal Marek --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'Makefile') diff --git a/Makefile b/Makefile index dc868bcdaf45..c5234fe6adb3 100644 --- a/Makefile +++ b/Makefile @@ -852,10 +852,10 @@ export mod_strip_cmd mod_compress_cmd = true ifdef CONFIG_MODULE_COMPRESS ifdef CONFIG_MODULE_COMPRESS_GZIP - mod_compress_cmd = gzip -n + mod_compress_cmd = gzip -n -f endif # CONFIG_MODULE_COMPRESS_GZIP ifdef CONFIG_MODULE_COMPRESS_XZ - mod_compress_cmd = xz + mod_compress_cmd = xz -f endif # CONFIG_MODULE_COMPRESS_XZ endif # CONFIG_MODULE_COMPRESS export mod_compress_cmd -- cgit v1.2.3 From cbfe8fa6cd672011c755c3cd85c9ffd4e2d10a6f Mon Sep 17 00:00:00 2001 From: Linus Torvalds Date: Sun, 26 Jul 2015 12:26:21 -0700 Subject: Linux 4.2-rc4 --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Makefile') diff --git a/Makefile b/Makefile index a9ad4908e870..afabc44a349b 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,7 @@ VERSION = 4 PATCHLEVEL = 2 SUBLEVEL = 0 -EXTRAVERSION = -rc3 +EXTRAVERSION = -rc4 NAME = Hurr durr I'ma sheep # *DOCUMENTATION* -- cgit v1.2.3 From 74d33293e467df61de1b1d8b2fbe29e550dec33b Mon Sep 17 00:00:00 2001 From: Linus Torvalds Date: Sun, 2 Aug 2015 18:34:55 -0700 Subject: Linux 4.2-rc5 --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Makefile') diff --git a/Makefile b/Makefile index afabc44a349b..e79448d90f19 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,7 @@ VERSION = 4 PATCHLEVEL = 2 SUBLEVEL = 0 -EXTRAVERSION = -rc4 +EXTRAVERSION = -rc5 NAME = Hurr durr I'ma sheep # *DOCUMENTATION* -- cgit v1.2.3 From 3f1e1bea34740069f70c6bc92d0f712345d5c28e Mon Sep 17 00:00:00 2001 From: David Howells Date: Mon, 20 Jul 2015 21:16:27 +0100 Subject: MODSIGN: Use PKCS#7 messages as module signatures Move to using PKCS#7 messages as module signatures because: (1) We have to be able to support the use of X.509 certificates that don't have a subjKeyId set. We're currently relying on this to look up the X.509 certificate in the trusted keyring list. (2) PKCS#7 message signed information blocks have a field that supplies the data required to match with the X.509 certificate that signed it. (3) The PKCS#7 certificate carries fields that specify the digest algorithm used to generate the signature in a standardised way and the X.509 certificates specify the public key algorithm in a standardised way - so we don't need our own methods of specifying these. (4) We now have PKCS#7 message support in the kernel for signed kexec purposes and we can make use of this. To make this work, the old sign-file script has been replaced with a program that needs compiling in a previous patch. The rules to build it are added here. Signed-off-by: David Howells Tested-by: Vivek Goyal --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Makefile') diff --git a/Makefile b/Makefile index a9ad4908e870..dc87ec280fbc 100644 --- a/Makefile +++ b/Makefile @@ -873,7 +873,7 @@ ifdef CONFIG_MODULE_SIG_ALL MODSECKEY = ./signing_key.priv MODPUBKEY = ./signing_key.x509 export MODPUBKEY -mod_sign_cmd = perl $(srctree)/scripts/sign-file $(CONFIG_MODULE_SIG_HASH) $(MODSECKEY) $(MODPUBKEY) +mod_sign_cmd = scripts/sign-file $(CONFIG_MODULE_SIG_HASH) $(MODSECKEY) $(MODPUBKEY) else mod_sign_cmd = true endif -- cgit v1.2.3 From 19e91b69d77bab16405cc284b451378e89a4110c Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Mon, 20 Jul 2015 21:16:29 +0100 Subject: modsign: Allow external signing key to be specified Signed-off-by: David Woodhouse Signed-off-by: David Howells --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Makefile') diff --git a/Makefile b/Makefile index dc87ec280fbc..531dd16c9751 100644 --- a/Makefile +++ b/Makefile @@ -870,7 +870,7 @@ INITRD_COMPRESS-$(CONFIG_RD_LZ4) := lz4 # export INITRD_COMPRESS := $(INITRD_COMPRESS-y) ifdef CONFIG_MODULE_SIG_ALL -MODSECKEY = ./signing_key.priv +MODSECKEY = $(CONFIG_MODULE_SIG_KEY) MODPUBKEY = ./signing_key.x509 export MODPUBKEY mod_sign_cmd = scripts/sign-file $(CONFIG_MODULE_SIG_HASH) $(MODSECKEY) $(MODPUBKEY) -- cgit v1.2.3 From fb1179499134bc718dc7557c7a6a95dc72f224cb Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Mon, 20 Jul 2015 21:16:30 +0100 Subject: modsign: Use single PEM file for autogenerated key The current rule for generating signing_key.priv and signing_key.x509 is a classic example of a bad rule which has a tendency to break parallel make. When invoked to create *either* target, it generates the other target as a side-effect that make didn't predict. So let's switch to using a single file signing_key.pem which contains both key and certificate. That matches what we do in the case of an external key specified by CONFIG_MODULE_SIG_KEY anyway, so it's also slightly cleaner. Signed-off-by: David Woodhouse Signed-off-by: David Howells --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'Makefile') diff --git a/Makefile b/Makefile index 531dd16c9751..6ab99d8cc23c 100644 --- a/Makefile +++ b/Makefile @@ -1173,8 +1173,8 @@ MRPROPER_DIRS += include/config usr/include include/generated \ arch/*/include/generated .tmp_objdiff MRPROPER_FILES += .config .config.old .version .old_version \ Module.symvers tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS \ - signing_key.priv signing_key.x509 x509.genkey \ - extra_certificates signing_key.x509.keyid \ + signing_key.pem signing_key.priv signing_key.x509 \ + x509.genkey extra_certificates signing_key.x509.keyid \ signing_key.x509.signer vmlinux-gdb.py # clean - Delete most, but leave enough to build external modules -- cgit v1.2.3 From f7644cbfcdf03528f0f450f3940c4985b2291f49 Mon Sep 17 00:00:00 2001 From: Linus Torvalds Date: Sun, 9 Aug 2015 15:54:30 -0400 Subject: Linux 4.2-rc6 --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Makefile') diff --git a/Makefile b/Makefile index 15d3201052ae..35b4c196c171 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,7 @@ VERSION = 4 PATCHLEVEL = 2 SUBLEVEL = 0 -EXTRAVERSION = -rc5 +EXTRAVERSION = -rc6 NAME = Hurr durr I'ma sheep # *DOCUMENTATION* -- cgit v1.2.3 From cfc411e7fff3e15cd6354ff69773907e2c9d1c0c Mon Sep 17 00:00:00 2001 From: David Howells Date: Fri, 14 Aug 2015 15:20:41 +0100 Subject: Move certificate handling to its own directory Move certificate handling out of the kernel/ directory and into a certs/ directory to get all the weird stuff in one place and move the generated signing keys into this directory. Signed-off-by: David Howells Reviewed-by: David Woodhouse --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'Makefile') diff --git a/Makefile b/Makefile index 6ab99d8cc23c..2341942feb85 100644 --- a/Makefile +++ b/Makefile @@ -871,7 +871,7 @@ INITRD_COMPRESS-$(CONFIG_RD_LZ4) := lz4 ifdef CONFIG_MODULE_SIG_ALL MODSECKEY = $(CONFIG_MODULE_SIG_KEY) -MODPUBKEY = ./signing_key.x509 +MODPUBKEY = certs/signing_key.x509 export MODPUBKEY mod_sign_cmd = scripts/sign-file $(CONFIG_MODULE_SIG_HASH) $(MODSECKEY) $(MODPUBKEY) else @@ -881,7 +881,7 @@ export mod_sign_cmd ifeq ($(KBUILD_EXTMOD),) -core-y += kernel/ mm/ fs/ ipc/ security/ crypto/ block/ +core-y += kernel/ certs/ mm/ fs/ ipc/ security/ crypto/ block/ vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \ $(core-y) $(core-m) $(drivers-y) $(drivers-m) \ -- cgit v1.2.3 From 3ee550f12c1529a023f71c9b5becb3351911047b Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Fri, 14 Aug 2015 16:17:16 +0100 Subject: modsign: Handle signing key in source tree Since commit 1329e8cc69 ("modsign: Extract signing cert from CONFIG_MODULE_SIG_KEY if needed"), the build system has carefully coped with the signing key being specified as a relative path in either the source or or the build trees. However, the actual signing of modules has not worked if the filename is relative to the source tree. Fix that by moving the config_filename helper into scripts/Kbuild.include so that it can be used from elsewhere, and then using it in the top-level Makefile to find the signing key file. Kill the intermediate $(MODPUBKEY) and $(MODSECKEY) variables too, while we're at it. There's no need for them. Signed-off-by: David Woodhouse Signed-off-by: David Howells --- Makefile | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'Makefile') diff --git a/Makefile b/Makefile index 2341942feb85..7c90dda898f6 100644 --- a/Makefile +++ b/Makefile @@ -870,10 +870,9 @@ INITRD_COMPRESS-$(CONFIG_RD_LZ4) := lz4 # export INITRD_COMPRESS := $(INITRD_COMPRESS-y) ifdef CONFIG_MODULE_SIG_ALL -MODSECKEY = $(CONFIG_MODULE_SIG_KEY) -MODPUBKEY = certs/signing_key.x509 -export MODPUBKEY -mod_sign_cmd = scripts/sign-file $(CONFIG_MODULE_SIG_HASH) $(MODSECKEY) $(MODPUBKEY) +$(eval $(call config_filename,MODULE_SIG_KEY)) + +mod_sign_cmd = scripts/sign-file $(CONFIG_MODULE_SIG_HASH) $(MODULE_SIG_KEY_SRCPREFIX)$(CONFIG_MODULE_SIG_KEY) certs/signing_key.x509 else mod_sign_cmd = true endif -- cgit v1.2.3 From 2c6625cd545bdd66acff14f3394865d43920a5c7 Mon Sep 17 00:00:00 2001 From: Linus Torvalds Date: Sun, 16 Aug 2015 16:34:13 -0700 Subject: Linux 4.2-rc7 --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Makefile') diff --git a/Makefile b/Makefile index 35b4c196c171..6e88c371b32f 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,7 @@ VERSION = 4 PATCHLEVEL = 2 SUBLEVEL = 0 -EXTRAVERSION = -rc6 +EXTRAVERSION = -rc7 NAME = Hurr durr I'ma sheep # *DOCUMENTATION* -- cgit v1.2.3 From c13dcf9f2d6f5f06ef1bf79ec456df614c5e058b Mon Sep 17 00:00:00 2001 From: Linus Torvalds Date: Sun, 23 Aug 2015 20:52:59 -0700 Subject: Linux 4.2-rc8 --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Makefile') diff --git a/Makefile b/Makefile index 6e88c371b32f..246053f04fb5 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,7 @@ VERSION = 4 PATCHLEVEL = 2 SUBLEVEL = 0 -EXTRAVERSION = -rc7 +EXTRAVERSION = -rc8 NAME = Hurr durr I'ma sheep # *DOCUMENTATION* -- cgit v1.2.3 From 64291f7db5bd8150a74ad2036f1037e6a0428df2 Mon Sep 17 00:00:00 2001 From: Linus Torvalds Date: Sun, 30 Aug 2015 11:34:09 -0700 Subject: Linux 4.2 --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Makefile') diff --git a/Makefile b/Makefile index 246053f04fb5..c3615937df38 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,7 @@ VERSION = 4 PATCHLEVEL = 2 SUBLEVEL = 0 -EXTRAVERSION = -rc8 +EXTRAVERSION = NAME = Hurr durr I'ma sheep # *DOCUMENTATION* -- cgit v1.2.3 From 6ff33f3902c3b1c5d0db6b1e2c70b6d76fba357f Mon Sep 17 00:00:00 2001 From: Linus Torvalds Date: Sat, 12 Sep 2015 16:35:56 -0700 Subject: Linux 4.3-rc1 --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'Makefile') diff --git a/Makefile b/Makefile index f2d27061e5f7..1a132ea43ca5 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,7 @@ VERSION = 4 -PATCHLEVEL = 2 +PATCHLEVEL = 3 SUBLEVEL = 0 -EXTRAVERSION = +EXTRAVERSION = -rc1 NAME = Hurr durr I'ma sheep # *DOCUMENTATION* -- cgit v1.2.3