diff options
Diffstat (limited to 'scripts')
| -rw-r--r-- | scripts/Makefile.kasan | 4 | ||||
| -rw-r--r-- | scripts/extract-cert.c | 14 | ||||
| -rw-r--r-- | scripts/mod/devicetable-offsets.c | 1 | ||||
| -rw-r--r-- | scripts/mod/file2alias.c | 12 | ||||
| -rwxr-xr-x | scripts/package/builddeb | 4 | ||||
| -rwxr-xr-x | scripts/sign-file.c | 107 | ||||
| -rwxr-xr-x | scripts/ver_linux | 223 |
7 files changed, 263 insertions, 102 deletions
diff --git a/scripts/Makefile.kasan b/scripts/Makefile.kasan index 3f874d24234f..37323b0df374 100644 --- a/scripts/Makefile.kasan +++ b/scripts/Makefile.kasan @@ -5,10 +5,12 @@ else call_threshold := 0 endif +KASAN_SHADOW_OFFSET ?= $(CONFIG_KASAN_SHADOW_OFFSET) + CFLAGS_KASAN_MINIMAL := -fsanitize=kernel-address CFLAGS_KASAN := $(call cc-option, -fsanitize=kernel-address \ - -fasan-shadow-offset=$(CONFIG_KASAN_SHADOW_OFFSET) \ + -fasan-shadow-offset=$(KASAN_SHADOW_OFFSET) \ --param asan-stack=1 --param asan-globals=1 \ --param asan-instrumentation-with-call-threshold=$(call_threshold)) diff --git a/scripts/extract-cert.c b/scripts/extract-cert.c index 10d23ca9f617..b071bf476fea 100644 --- a/scripts/extract-cert.c +++ b/scripts/extract-cert.c @@ -1,15 +1,15 @@ /* Extract X.509 certificate in DER form from PKCS#11 or PEM. * - * Copyright © 2014 Red Hat, Inc. All Rights Reserved. - * Copyright © 2015 Intel Corporation. + * Copyright © 2014-2015 Red Hat, Inc. All Rights Reserved. + * Copyright © 2015 Intel Corporation. * * Authors: David Howells <dhowells@redhat.com> * David Woodhouse <dwmw2@infradead.org> * * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public Licence - * as published by the Free Software Foundation; either version - * 2 of the Licence, or (at your option) any later version. + * modify it under the terms of the GNU Lesser General Public License + * as published by the Free Software Foundation; either version 2.1 + * of the licence, or (at your option) any later version. */ #define _GNU_SOURCE #include <stdio.h> @@ -17,13 +17,9 @@ #include <stdint.h> #include <stdbool.h> #include <string.h> -#include <getopt.h> #include <err.h> -#include <arpa/inet.h> #include <openssl/bio.h> -#include <openssl/evp.h> #include <openssl/pem.h> -#include <openssl/pkcs7.h> #include <openssl/err.h> #include <openssl/engine.h> diff --git a/scripts/mod/devicetable-offsets.c b/scripts/mod/devicetable-offsets.c index e70fcd12eeeb..5a6edacc85d9 100644 --- a/scripts/mod/devicetable-offsets.c +++ b/scripts/mod/devicetable-offsets.c @@ -185,6 +185,7 @@ int main(void) DEVID(mei_cl_device_id); DEVID_FIELD(mei_cl_device_id, name); DEVID_FIELD(mei_cl_device_id, uuid); + DEVID_FIELD(mei_cl_device_id, version); DEVID(rio_device_id); DEVID_FIELD(rio_device_id, did); diff --git a/scripts/mod/file2alias.c b/scripts/mod/file2alias.c index 5f2088209132..9bc2cfe0ee37 100644 --- a/scripts/mod/file2alias.c +++ b/scripts/mod/file2alias.c @@ -137,10 +137,12 @@ static inline void add_wildcard(char *str) static inline void add_uuid(char *str, uuid_le uuid) { int len = strlen(str); - int i; - for (i = 0; i < 16; i++) - sprintf(str + len + (i << 1), "%02x", uuid.b[i]); + sprintf(str + len, "%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x", + uuid.b[3], uuid.b[2], uuid.b[1], uuid.b[0], + uuid.b[5], uuid.b[4], uuid.b[7], uuid.b[6], + uuid.b[8], uuid.b[9], uuid.b[10], uuid.b[11], + uuid.b[12], uuid.b[13], uuid.b[14], uuid.b[15]); } /** @@ -1200,16 +1202,18 @@ static int do_cpu_entry(const char *filename, void *symval, char *alias) } ADD_TO_DEVTABLE("cpu", cpu_feature, do_cpu_entry); -/* Looks like: mei:S:uuid */ +/* Looks like: mei:S:uuid:N:* */ static int do_mei_entry(const char *filename, void *symval, char *alias) { DEF_FIELD_ADDR(symval, mei_cl_device_id, name); DEF_FIELD_ADDR(symval, mei_cl_device_id, uuid); + DEF_FIELD(symval, mei_cl_device_id, version); sprintf(alias, MEI_CL_MODULE_PREFIX); sprintf(alias + strlen(alias), "%s:", (*name)[0] ? *name : "*"); add_uuid(alias, *uuid); + ADD(alias, ":", version != MEI_CL_VERSION_ANY, version); strcat(alias, ":*"); diff --git a/scripts/package/builddeb b/scripts/package/builddeb index 0cd46e129920..b967e4f9fed2 100755 --- a/scripts/package/builddeb +++ b/scripts/package/builddeb @@ -115,7 +115,7 @@ esac BUILD_DEBUG="$(grep -s '^CONFIG_DEBUG_INFO=y' $KCONFIG_CONFIG || true)" # Setup the directory structure -rm -rf "$tmpdir" "$fwdir" "$kernel_headers_dir" "$libc_headers_dir" "$dbg_dir" +rm -rf "$tmpdir" "$fwdir" "$kernel_headers_dir" "$libc_headers_dir" "$dbg_dir" $objtree/debian/files mkdir -m 755 -p "$tmpdir/DEBIAN" mkdir -p "$tmpdir/lib" "$tmpdir/boot" mkdir -p "$fwdir/lib/firmware/$version/" @@ -408,7 +408,7 @@ binary-arch: \$(MAKE) KDEB_SOURCENAME=${sourcename} KDEB_PKGVERSION=${packageversion} bindeb-pkg clean: - rm -rf debian/*tmp + rm -rf debian/*tmp debian/files mv debian/ debian.backup # debian/ might be cleaned away \$(MAKE) clean mv debian.backup debian diff --git a/scripts/sign-file.c b/scripts/sign-file.c index 058bba3103e2..250a7a645033 100755 --- a/scripts/sign-file.c +++ b/scripts/sign-file.c @@ -1,12 +1,15 @@ /* Sign a module file using the given key. * - * Copyright (C) 2014 Red Hat, Inc. All Rights Reserved. - * Written by David Howells (dhowells@redhat.com) + * Copyright © 2014-2015 Red Hat, Inc. All Rights Reserved. + * Copyright © 2015 Intel Corporation. + * + * Authors: David Howells <dhowells@redhat.com> + * David Woodhouse <dwmw2@infradead.org> * * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public Licence - * as published by the Free Software Foundation; either version - * 2 of the Licence, or (at your option) any later version. + * modify it under the terms of the GNU Lesser General Public License + * as published by the Free Software Foundation; either version 2.1 + * of the licence, or (at your option) any later version. */ #define _GNU_SOURCE #include <stdio.h> @@ -17,13 +20,34 @@ #include <getopt.h> #include <err.h> #include <arpa/inet.h> +#include <openssl/opensslv.h> #include <openssl/bio.h> #include <openssl/evp.h> #include <openssl/pem.h> -#include <openssl/cms.h> #include <openssl/err.h> #include <openssl/engine.h> +/* + * Use CMS if we have openssl-1.0.0 or newer available - otherwise we have to + * assume that it's not available and its header file is missing and that we + * should use PKCS#7 instead. Switching to the older PKCS#7 format restricts + * the options we have on specifying the X.509 certificate we want. + * + * Further, older versions of OpenSSL don't support manually adding signers to + * the PKCS#7 message so have to accept that we get a certificate included in + * the signature message. Nor do such older versions of OpenSSL support + * signing with anything other than SHA1 - so we're stuck with that if such is + * the case. + */ +#if OPENSSL_VERSION_NUMBER < 0x10000000L +#define USE_PKCS7 +#endif +#ifndef USE_PKCS7 +#include <openssl/cms.h> +#else +#include <openssl/pkcs7.h> +#endif + struct module_signature { uint8_t algo; /* Public-key crypto algorithm [0] */ uint8_t hash; /* Digest algorithm [0] */ @@ -107,30 +131,42 @@ int main(int argc, char **argv) struct module_signature sig_info = { .id_type = PKEY_ID_PKCS7 }; char *hash_algo = NULL; char *private_key_name, *x509_name, *module_name, *dest_name; - bool save_cms = false, replace_orig; + bool save_sig = false, replace_orig; bool sign_only = false; unsigned char buf[4096]; - unsigned long module_size, cms_size; - unsigned int use_keyid = 0, use_signed_attrs = CMS_NOATTR; + unsigned long module_size, sig_size; + unsigned int use_signed_attrs; const EVP_MD *digest_algo; EVP_PKEY *private_key; +#ifndef USE_PKCS7 CMS_ContentInfo *cms; + unsigned int use_keyid = 0; +#else + PKCS7 *pkcs7; +#endif X509 *x509; BIO *b, *bd = NULL, *bm; int opt, n; - OpenSSL_add_all_algorithms(); ERR_load_crypto_strings(); ERR_clear_error(); key_pass = getenv("KBUILD_SIGN_PIN"); +#ifndef USE_PKCS7 + use_signed_attrs = CMS_NOATTR; +#else + use_signed_attrs = PKCS7_NOATTR; +#endif + do { opt = getopt(argc, argv, "dpk"); switch (opt) { - case 'p': save_cms = true; break; - case 'd': sign_only = true; save_cms = true; break; + case 'p': save_sig = true; break; + case 'd': sign_only = true; save_sig = true; break; +#ifndef USE_PKCS7 case 'k': use_keyid = CMS_USE_KEYID; break; +#endif case -1: break; default: format(); } @@ -154,6 +190,14 @@ int main(int argc, char **argv) replace_orig = true; } +#ifdef USE_PKCS7 + if (strcmp(hash_algo, "sha1") != 0) { + fprintf(stderr, "sign-file: %s only supports SHA1 signing\n", + OPENSSL_VERSION_TEXT); + exit(3); + } +#endif + /* Read the private key and the X.509 cert the PKCS#7 message * will point to. */ @@ -210,7 +254,8 @@ int main(int argc, char **argv) bm = BIO_new_file(module_name, "rb"); ERR(!bm, "%s", module_name); - /* Load the CMS message from the digest buffer. */ +#ifndef USE_PKCS7 + /* Load the signature message from the digest buffer. */ cms = CMS_sign(NULL, NULL, NULL, NULL, CMS_NOCERTS | CMS_PARTIAL | CMS_BINARY | CMS_DETACHED | CMS_STREAM); ERR(!cms, "CMS_sign"); @@ -218,17 +263,31 @@ int main(int argc, char **argv) ERR(!CMS_add1_signer(cms, x509, private_key, digest_algo, CMS_NOCERTS | CMS_BINARY | CMS_NOSMIMECAP | use_keyid | use_signed_attrs), - "CMS_sign_add_signer"); + "CMS_add1_signer"); ERR(CMS_final(cms, bm, NULL, CMS_NOCERTS | CMS_BINARY) < 0, "CMS_final"); - if (save_cms) { - char *cms_name; +#else + pkcs7 = PKCS7_sign(x509, private_key, NULL, bm, + PKCS7_NOCERTS | PKCS7_BINARY | + PKCS7_DETACHED | use_signed_attrs); + ERR(!pkcs7, "PKCS7_sign"); +#endif + + if (save_sig) { + char *sig_file_name; - ERR(asprintf(&cms_name, "%s.p7s", module_name) < 0, "asprintf"); - b = BIO_new_file(cms_name, "wb"); - ERR(!b, "%s", cms_name); - ERR(i2d_CMS_bio_stream(b, cms, NULL, 0) < 0, "%s", cms_name); + ERR(asprintf(&sig_file_name, "%s.p7s", module_name) < 0, + "asprintf"); + b = BIO_new_file(sig_file_name, "wb"); + ERR(!b, "%s", sig_file_name); +#ifndef USE_PKCS7 + ERR(i2d_CMS_bio_stream(b, cms, NULL, 0) < 0, + "%s", sig_file_name); +#else + ERR(i2d_PKCS7_bio(b, pkcs7) < 0, + "%s", sig_file_name); +#endif BIO_free(b); } @@ -244,9 +303,13 @@ int main(int argc, char **argv) ERR(n < 0, "%s", module_name); module_size = BIO_number_written(bd); +#ifndef USE_PKCS7 ERR(i2d_CMS_bio_stream(bd, cms, NULL, 0) < 0, "%s", dest_name); - cms_size = BIO_number_written(bd) - module_size; - sig_info.sig_len = htonl(cms_size); +#else + ERR(i2d_PKCS7_bio(bd, pkcs7) < 0, "%s", dest_name); +#endif + sig_size = BIO_number_written(bd) - module_size; + sig_info.sig_len = htonl(sig_size); ERR(BIO_write(bd, &sig_info, sizeof(sig_info)) < 0, "%s", dest_name); ERR(BIO_write(bd, magic_number, sizeof(magic_number) - 1) < 0, "%s", dest_name); diff --git a/scripts/ver_linux b/scripts/ver_linux index 7de36df4eaa5..024a11ac8b97 100755 --- a/scripts/ver_linux +++ b/scripts/ver_linux @@ -11,47 +11,95 @@ echo ' ' uname -a echo ' ' -gcc -dumpversion 2>&1| awk \ -'NR==1{print "Gnu C ", $1}' - -make --version 2>&1 | awk -F, '{print $1}' | awk \ - '/GNU Make/{print "Gnu make ",$NF}' - -echo "binutils $(ld -v | egrep -o '[0-9]+\.[0-9\.]+')" - -echo -n "util-linux " -fdformat --version | awk '{print $NF}' | sed -e s/^util-linux-// -e s/\)$// - -echo -n "mount " -mount --version | awk '{print $NF}' | sed -e s/^mount-// -e s/\)$// - -depmod -V 2>&1 | awk 'NR==1 {print "module-init-tools ",$NF}' - -tune2fs 2>&1 | grep "^tune2fs" | sed 's/,//' | awk \ -'NR==1 {print "e2fsprogs ", $2}' - -fsck.jfs -V 2>&1 | grep version | sed 's/,//' | awk \ -'NR==1 {print "jfsutils ", $3}' - -reiserfsck -V 2>&1 | grep ^reiserfsck | awk \ -'NR==1{print "reiserfsprogs ", $2}' +gcc -dumpversion 2>&1 | +awk '/[0-9]+([.]?[0-9]+)+/ && !/not found$/{ + match($0, /[0-9]+([.]?[0-9]+)+/) + printf("GNU C\t\t\t%s\n", + substr($0,RSTART,RLENGTH)) +}' + +make --version 2>&1 | +awk '/GNU Make/{ + match($0, /[0-9]+([.]?[0-9]+)+/) + printf("GNU Make\t\t%s\n", + substr($0,RSTART,RLENGTH)) +}' + +ld -v 2>&1 | +awk '/[0-9]+([.]?[0-9]+)+/ && !/not found$/{ + match($0, /[0-9]+([.]?[0-9]+)+/) + printf("Binutils\t\t%s\n", + substr($0,RSTART,RLENGTH)) +}' + +mount --version 2>&1 | +awk '/[0-9]+([.]?[0-9]+)+/ && !/not found$/{ + match($0, /[0-9]+([.]?[0-9]+)+/) + $0 = substr($0,RSTART,RLENGTH) + printf("Util-linux\t\t%s\nMount\t\t\t%s\n",$0,$0) +}' + +depmod -V 2>&1 | +awk '/[0-9]+([.]?[0-9]+)+/ && !/not found$/{ + match($0, /[0-9]+([.]?[0-9]+)+/) + printf("Module-init-tools\t%s\n", + substr($0,RSTART,RLENGTH)) +}' + +tune2fs 2>&1 | +awk '/^tune2fs/{ + match($0, /[0-9]+([.]?[0-9]+)+/) + printf("E2fsprogs\t\t%s\n", + substr($0,RSTART,RLENGTH)) +}' + +fsck.jfs -V 2>&1 | +awk '/version/{ + match($0, /[0-9]+([.]?[0-9]+)+/) + printf("Jfsutils\t\t%s\n", + substr($0,RSTART,RLENGTH)) +}' + +reiserfsck -V 2>&1 | +awk '/^reiserfsck/{ + match($0, /[0-9]+([.]?[0-9]+)+/) + printf("Reiserfsprogs\t\t%s\n", + substr($0,RSTART,RLENGTH)) +}' fsck.reiser4 -V 2>&1 | grep ^fsck.reiser4 | awk \ 'NR==1{print "reiser4progs ", $2}' -xfs_db -V 2>&1 | grep version | awk \ -'NR==1{print "xfsprogs ", $3}' +xfs_db -V 2>&1 | +awk '/version/{ + match($0, /[0-9]+([.]?[0-9]+)+/) + printf("Xfsprogs\t\t%s\n", + substr($0,RSTART,RLENGTH)) +}' -pccardctl -V 2>&1| grep pcmciautils | awk '{print "pcmciautils ", $2}' +pccardctl -V 2>&1 | +awk '/pcmciautils/{ + match($0, /[0-9]+([.]?[0-9]+)+/) + printf("Pcmciautils\t\t%s\n", + substr($0,RSTART,RLENGTH)) +}' cardmgr -V 2>&1| grep version | awk \ 'NR==1{print "pcmcia-cs ", $3}' -quota -V 2>&1 | grep version | awk \ -'NR==1{print "quota-tools ", $NF}' +quota -V 2>&1 | +awk '/version/{ + match($0, /[0-9]+([.]?[0-9]+)+/) + printf("Quota-tools\t\t%s\n", + substr($0,RSTART,RLENGTH)) +}' -pppd --version 2>&1| grep version | awk \ -'NR==1{print "PPP ", $3}' +pppd --version 2>&1 | +awk '/version/{ + match($0, /[0-9]+([.]?[0-9]+)+/) + printf("PPP\t\t\t%s\n", + substr($0,RSTART,RLENGTH)) +}' isdnctrl 2>&1 | grep version | awk \ 'NR==1{print "isdn4k-utils ", $NF}' @@ -59,40 +107,87 @@ isdnctrl 2>&1 | grep version | awk \ showmount --version 2>&1 | grep nfs-utils | awk \ 'NR==1{print "nfs-utils ", $NF}' -echo -n "Linux C Library " -sed -n -e '/^.*\/libc-\([^/]*\)\.so$/{s//\1/;p;q}' < /proc/self/maps - -ldd -v > /dev/null 2>&1 && ldd -v || ldd --version |head -n 1 | awk \ -'NR==1{print "Dynamic linker (ldd) ", $NF}' - -ls -l /usr/lib/libg++.so /usr/lib/libstdc++.so 2>/dev/null | awk -F. \ - '{print "Linux C++ Library " $4"."$5"."$6}' - -ps --version 2>&1 | grep version | awk \ -'NR==1{print "Procps ", $NF}' - -ifconfig --version 2>&1 | grep tools | awk \ -'NR==1{print "Net-tools ", $NF}' - -# Kbd needs 'loadkeys -h', -loadkeys -h 2>&1 | awk \ -'(NR==1 && ($3 !~ /option/)) {print "Kbd ", $3}' - -# while console-tools needs 'loadkeys -V'. -loadkeys -V 2>&1 | awk \ -'(NR==1 && ($2 ~ /console-tools/)) {print "Console-tools ", $3}' +test -r /proc/self/maps && +sed ' + /.*libc-\(.*\)\.so$/!d + s//Linux C Library\t\t\1/ + q +' /proc/self/maps + +ldd --version 2>&1 | +awk '/^ldd/{ + match($0, /[0-9]+([.]?[0-9]+)+/) + printf("Dynamic linker (ldd)\t%s\n", + substr($0,RSTART,RLENGTH)) +}' + +libcpp=`ldconfig -p 2>/dev/null | + awk '/(libg|stdc)[+]+\.so/ { + print $NF + exit + } +'` +test -r "$libcpp" && +ls -l $libcpp | +sed ' + s!.*so\.!! + s!^!Linux C++ Library\t! +' +ps --version 2>&1 | +awk '/version/{ + match($0, /[0-9]+([.]?[0-9]+)+/) + printf("Procps\t\t\t%s\n", + substr($0,RSTART,RLENGTH)) +}' + +ifconfig --version 2>&1 | +awk '/tools/{ + match($0, /[0-9]+([.]?[0-9]+)+/) + printf("Net-tools\t\t%s\n", + substr($0,RSTART,RLENGTH)) +}' + +loadkeys -V 2>&1 | +awk '/[0-9]+([.]?[0-9]+)+/ && !/not found$/{ + match($0, /[0-9]+([.]?[0-9]+)+/) + $0 = substr($0,RSTART,RLENGTH) + printf("Kbd\t\t\t%s\nConsole-tools\t\t%s\n",$0,$0) +}' oprofiled --version 2>&1 | awk \ '(NR==1 && ($2 == "oprofile")) {print "oprofile ", $3}' -expr --v 2>&1 | awk 'NR==1{print "Sh-utils ", $NF}' - -udevinfo -V 2>&1 | grep version | awk '{print "udev ", $3}' - -iwconfig --version 2>&1 | awk \ -'(NR==1 && ($3 == "version")) {print "wireless-tools ",$4}' - -if [ -e /proc/modules ]; then - X=`cat /proc/modules | sed -e "s/ .*$//"` - echo "Modules Loaded "$X -fi +expr --v 2>&1 | +awk '/^expr/{ + match($0, /[0-9]+([.]?[0-9]+)+/) + printf("Sh-utils\t\t%s\n", + substr($0,RSTART,RLENGTH)) +}' + +udevadm --version 2>&1 | +awk '/[0-9]+([.]?[0-9]+)+/ && !/not found$/{ + match($0, /[0-9]+([.]?[0-9]+)+/) + printf("Udev\t\t\t%s\n", + substr($0,RSTART,RLENGTH)) +}' + +iwconfig --version 2>&1 | +awk '/version/{ + match($0, /[0-9]+([.]?[0-9]+)+/) + printf("Wireless-tools\t\t%s\n", + substr($0,RSTART,RLENGTH)) +}' + +test -e /proc/modules && +sort /proc/modules | +sed ' + s/ .*// + H +${ + g + s/^\n/Modules Loaded\t\t/ + y/\n/ / + q +} + d +' |