summaryrefslogtreecommitdiff
path: root/certs
diff options
context:
space:
mode:
Diffstat (limited to 'certs')
-rw-r--r--certs/Makefile4
-rw-r--r--certs/blacklist.c21
-rw-r--r--certs/extract-cert.c9
3 files changed, 20 insertions, 14 deletions
diff --git a/certs/Makefile b/certs/Makefile
index 9486ed924731..799ad7b9e68a 100644
--- a/certs/Makefile
+++ b/certs/Makefile
@@ -23,8 +23,8 @@ $(obj)/blacklist_hash_list: $(CONFIG_SYSTEM_BLACKLIST_HASH_LIST) FORCE
targets += blacklist_hash_list
quiet_cmd_extract_certs = CERT $@
- cmd_extract_certs = $(obj)/extract-cert $(extract-cert-in) $@
-extract-cert-in = $(or $(filter-out $(obj)/extract-cert, $(real-prereqs)),"")
+ cmd_extract_certs = $(obj)/extract-cert "$(extract-cert-in)" $@
+extract-cert-in = $(filter-out $(obj)/extract-cert, $(real-prereqs))
$(obj)/system_certificates.o: $(obj)/x509_certificate_list
diff --git a/certs/blacklist.c b/certs/blacklist.c
index 41f10601cc72..675dd7a8f07a 100644
--- a/certs/blacklist.c
+++ b/certs/blacklist.c
@@ -183,16 +183,19 @@ static int mark_raw_hash_blacklisted(const char *hash)
{
key_ref_t key;
- key = key_create_or_update(make_key_ref(blacklist_keyring, true),
- "blacklist",
- hash,
- NULL,
- 0,
- BLACKLIST_KEY_PERM,
- KEY_ALLOC_NOT_IN_QUOTA |
- KEY_ALLOC_BUILT_IN);
+ key = key_create(make_key_ref(blacklist_keyring, true),
+ "blacklist",
+ hash,
+ NULL,
+ 0,
+ BLACKLIST_KEY_PERM,
+ KEY_ALLOC_NOT_IN_QUOTA |
+ KEY_ALLOC_BUILT_IN);
if (IS_ERR(key)) {
- pr_err("Problem blacklisting hash (%ld)\n", PTR_ERR(key));
+ if (PTR_ERR(key) == -EEXIST)
+ pr_warn("Duplicate blacklisted hash %s\n", hash);
+ else
+ pr_err("Problem blacklisting hash %s: %pe\n", hash, key);
return PTR_ERR(key);
}
return 0;
diff --git a/certs/extract-cert.c b/certs/extract-cert.c
index 8c1fb9a70d66..70e9ec89d87d 100644
--- a/certs/extract-cert.c
+++ b/certs/extract-cert.c
@@ -78,7 +78,7 @@ static void drain_openssl_errors(void)
static const char *key_pass;
static BIO *wb;
static char *cert_dst;
-static int kbuild_verbose;
+static bool verbose;
static void write_cert(X509 *x509)
{
@@ -90,19 +90,22 @@ static void write_cert(X509 *x509)
}
X509_NAME_oneline(X509_get_subject_name(x509), buf, sizeof(buf));
ERR(!i2d_X509_bio(wb, x509), "%s", cert_dst);
- if (kbuild_verbose)
+ if (verbose)
fprintf(stderr, "Extracted cert: %s\n", buf);
}
int main(int argc, char **argv)
{
char *cert_src;
+ char *verbose_env;
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
ERR_clear_error();
- kbuild_verbose = atoi(getenv("KBUILD_VERBOSE")?:"0");
+ verbose_env = getenv("KBUILD_VERBOSE");
+ if (verbose_env && strchr(verbose_env, '1'))
+ verbose = true;
key_pass = getenv("KBUILD_SIGN_PIN");
generated by cgit v1.2.3 (git 2.46.0) at 2025-08-20 06:42:28 +0000