diff options
Diffstat (limited to 'scripts')
-rw-r--r-- | scripts/.gitignore | 1 | ||||
-rw-r--r-- | scripts/Makefile | 7 | ||||
-rw-r--r-- | scripts/Makefile.kasan | 4 | ||||
-rw-r--r-- | scripts/check-lc_ctype.c | 11 | ||||
-rw-r--r-- | scripts/extract-cert.c | 4 | ||||
-rwxr-xr-x | scripts/extract-module-sig.pl | 136 | ||||
-rwxr-xr-x | scripts/extract-sys-certs.pl | 144 | ||||
-rwxr-xr-x | scripts/kernel-doc | 144 | ||||
-rw-r--r-- | scripts/mod/devicetable-offsets.c | 1 | ||||
-rw-r--r-- | scripts/mod/file2alias.c | 12 | ||||
-rwxr-xr-x | scripts/package/builddeb | 4 | ||||
-rwxr-xr-x | scripts/sign-file.c | 94 | ||||
-rwxr-xr-x | scripts/ver_linux | 223 |
13 files changed, 640 insertions, 145 deletions
diff --git a/scripts/.gitignore b/scripts/.gitignore index 12efbbefd4d7..1f78169d4254 100644 --- a/scripts/.gitignore +++ b/scripts/.gitignore @@ -8,6 +8,7 @@ unifdef ihex2fw recordmcount docproc +check-lc_ctype sortextable asn1_compiler extract-cert diff --git a/scripts/Makefile b/scripts/Makefile index 1b2661712d44..fd0d53d4a234 100644 --- a/scripts/Makefile +++ b/scripts/Makefile @@ -7,6 +7,7 @@ # conmakehash: Create chartable # conmakehash: Create arrays for initializing the kernel console tables # docproc: Used in Documentation/DocBook +# check-lc_ctype: Used in Documentation/DocBook HOST_EXTRACFLAGS += -I$(srctree)/tools/include @@ -27,14 +28,16 @@ HOSTLOADLIBES_extract-cert = -lcrypto always := $(hostprogs-y) $(hostprogs-m) # The following hostprogs-y programs are only build on demand -hostprogs-y += unifdef docproc +hostprogs-y += unifdef docproc check-lc_ctype # These targets are used internally to avoid "is up to date" messages -PHONY += build_unifdef build_docproc +PHONY += build_unifdef build_docproc build_check-lc_ctype build_unifdef: $(obj)/unifdef @: build_docproc: $(obj)/docproc @: +build_check-lc_ctype: $(obj)/check-lc_ctype + @: subdir-$(CONFIG_MODVERSIONS) += genksyms subdir-y += mod diff --git a/scripts/Makefile.kasan b/scripts/Makefile.kasan index 3f874d24234f..37323b0df374 100644 --- a/scripts/Makefile.kasan +++ b/scripts/Makefile.kasan @@ -5,10 +5,12 @@ else call_threshold := 0 endif +KASAN_SHADOW_OFFSET ?= $(CONFIG_KASAN_SHADOW_OFFSET) + CFLAGS_KASAN_MINIMAL := -fsanitize=kernel-address CFLAGS_KASAN := $(call cc-option, -fsanitize=kernel-address \ - -fasan-shadow-offset=$(CONFIG_KASAN_SHADOW_OFFSET) \ + -fasan-shadow-offset=$(KASAN_SHADOW_OFFSET) \ --param asan-stack=1 --param asan-globals=1 \ --param asan-instrumentation-with-call-threshold=$(call_threshold)) diff --git a/scripts/check-lc_ctype.c b/scripts/check-lc_ctype.c new file mode 100644 index 000000000000..9097ff5449fb --- /dev/null +++ b/scripts/check-lc_ctype.c @@ -0,0 +1,11 @@ +/* + * Check that a specified locale works as LC_CTYPE. Used by the + * DocBook build system to probe for C.UTF-8 support. + */ + +#include <locale.h> + +int main(void) +{ + return !setlocale(LC_CTYPE, ""); +} diff --git a/scripts/extract-cert.c b/scripts/extract-cert.c index 6ce5945a0b89..b071bf476fea 100644 --- a/scripts/extract-cert.c +++ b/scripts/extract-cert.c @@ -17,13 +17,9 @@ #include <stdint.h> #include <stdbool.h> #include <string.h> -#include <getopt.h> #include <err.h> -#include <arpa/inet.h> #include <openssl/bio.h> -#include <openssl/evp.h> #include <openssl/pem.h> -#include <openssl/pkcs7.h> #include <openssl/err.h> #include <openssl/engine.h> diff --git a/scripts/extract-module-sig.pl b/scripts/extract-module-sig.pl new file mode 100755 index 000000000000..faac6f2e377f --- /dev/null +++ b/scripts/extract-module-sig.pl @@ -0,0 +1,136 @@ +#!/usr/bin/perl -w +# +# extract-mod-sig <part> <module-file> +# +# Reads the module file and writes out some or all of the signature +# section to stdout. Part is the bit to be written and is one of: +# +# -0: The unsigned module, no signature data at all +# -a: All of the signature data, including magic number +# -d: Just the descriptor values as a sequence of numbers +# -n: Just the signer's name +# -k: Just the key ID +# -s: Just the crypto signature or PKCS#7 message +# +use strict; + +die "Format: $0 -[0adnks] module-file >out\n" + if ($#ARGV != 1); + +my $part = $ARGV[0]; +my $modfile = $ARGV[1]; + +my $magic_number = "~Module signature appended~\n"; + +# +# Read the module contents +# +open FD, "<$modfile" || die $modfile; +binmode(FD); +my @st = stat(FD); +die "$modfile" unless (@st); +my $buf = ""; +my $len = sysread(FD, $buf, $st[7]); +die "$modfile" unless (defined($len)); +die "Short read on $modfile\n" unless ($len == $st[7]); +close(FD) || die $modfile; + +print STDERR "Read ", $len, " bytes from module file\n"; + +die "The file is too short to have a sig magic number and descriptor\n" + if ($len < 12 + length($magic_number)); + +# +# Check for the magic number and extract the information block +# +my $p = $len - length($magic_number); +my $raw_magic = substr($buf, $p); + +die "Magic number not found at $len\n" + if ($raw_magic ne $magic_number); +print STDERR "Found magic number at $len\n"; + +$p -= 12; +my $raw_info = substr($buf, $p, 12); + +my @info = unpack("CCCCCxxxN", $raw_info); +my ($algo, $hash, $id_type, $name_len, $kid_len, $sig_len) = @info; + +if ($id_type == 0) { + print STDERR "Found PGP key identifier\n"; +} elsif ($id_type == 1) { + print STDERR "Found X.509 cert identifier\n"; +} elsif ($id_type == 2) { + print STDERR "Found PKCS#7/CMS encapsulation\n"; +} else { + print STDERR "Found unsupported identifier type $id_type\n"; +} + +# +# Extract the three pieces of info data +# +die "Insufficient name+kid+sig data in file\n" + unless ($p >= $name_len + $kid_len + $sig_len); + +$p -= $sig_len; +my $raw_sig = substr($buf, $p, $sig_len); +$p -= $kid_len; +my $raw_kid = substr($buf, $p, $kid_len); +$p -= $name_len; +my $raw_name = substr($buf, $p, $name_len); + +my $module_len = $p; + +if ($sig_len > 0) { + print STDERR "Found $sig_len bytes of signature ["; + my $n = $sig_len > 16 ? 16 : $sig_len; + foreach my $i (unpack("C" x $n, substr($raw_sig, 0, $n))) { + printf STDERR "%02x", $i; + } + print STDERR "]\n"; +} + +if ($kid_len > 0) { + print STDERR "Found $kid_len bytes of key identifier ["; + my $n = $kid_len > 16 ? 16 : $kid_len; + foreach my $i (unpack("C" x $n, substr($raw_kid, 0, $n))) { + printf STDERR "%02x", $i; + } + print STDERR "]\n"; +} + +if ($name_len > 0) { + print STDERR "Found $name_len bytes of signer's name [$raw_name]\n"; +} + +# +# Produce the requested output +# +if ($part eq "-0") { + # The unsigned module, no signature data at all + binmode(STDOUT); + print substr($buf, 0, $module_len); +} elsif ($part eq "-a") { + # All of the signature data, including magic number + binmode(STDOUT); + print substr($buf, $module_len); +} elsif ($part eq "-d") { + # Just the descriptor values as a sequence of numbers + print join(" ", @info), "\n"; +} elsif ($part eq "-n") { + # Just the signer's name + print STDERR "No signer's name for PKCS#7 message type sig\n" + if ($id_type == 2); + binmode(STDOUT); + print $raw_name; +} elsif ($part eq "-k") { + # Just the key identifier + print STDERR "No key ID for PKCS#7 message type sig\n" + if ($id_type == 2); + binmode(STDOUT); + print $raw_kid; +} elsif ($part eq "-s") { + # Just the crypto signature or PKCS#7 message + binmode(STDOUT); + print $raw_sig; +} diff --git a/scripts/extract-sys-certs.pl b/scripts/extract-sys-certs.pl new file mode 100755 index 000000000000..d476e7d1fd88 --- /dev/null +++ b/scripts/extract-sys-certs.pl @@ -0,0 +1,144 @@ +#!/usr/bin/perl -w +# +use strict; +use Math::BigInt; +use Fcntl "SEEK_SET"; + +die "Format: $0 [-s <systemmap-file>] <vmlinux-file> <keyring-file>\n" + if ($#ARGV != 1 && $#ARGV != 3 || + $#ARGV == 3 && $ARGV[0] ne "-s"); + +my $sysmap = ""; +if ($#ARGV == 3) { + shift; + $sysmap = $ARGV[0]; + shift; +} + +my $vmlinux = $ARGV[0]; +my $keyring = $ARGV[1]; + +# +# Parse the vmlinux section table +# +open FD, "objdump -h $vmlinux |" || die $vmlinux; +my @lines = <FD>; +close(FD) || die $vmlinux; + +my @sections = (); + +foreach my $line (@lines) { + chomp($line); + if ($line =~ /\s*([0-9]+)\s+(\S+)\s+([0-9a-f]+)\s+([0-9a-f]+)\s+([0-9a-f]+)\s+([0-9a-f]+)\s+2[*][*]([0-9]+)/ + ) { + my $seg = $1; + my $name = $2; + my $len = Math::BigInt->new("0x" . $3); + my $vma = Math::BigInt->new("0x" . $4); + my $lma = Math::BigInt->new("0x" . $5); + my $foff = Math::BigInt->new("0x" . $6); + my $align = 2 ** $7; + + push @sections, { name => $name, + vma => $vma, + len => $len, + foff => $foff }; + } +} + +print "Have $#sections sections\n"; + +# +# Try and parse the vmlinux symbol table. If the vmlinux file has been created +# from a vmlinuz file with extract-vmlinux then the symbol table will be empty. +# +open FD, "nm $vmlinux 2>/dev/null |" || die $vmlinux; +@lines = <FD>; +close(FD) || die $vmlinux; + +my %symbols = (); +my $nr_symbols = 0; + +sub parse_symbols(@) { + foreach my $line (@_) { + chomp($line); + if ($line =~ /([0-9a-f]+)\s([a-zA-Z])\s(\S+)/ + ) { + my $addr = "0x" . $1; + my $type = $2; + my $name = $3; + + $symbols{$name} = $addr; + $nr_symbols++; + } + } +} +parse_symbols(@lines); + +if ($nr_symbols == 0 && $sysmap ne "") { + print "No symbols in vmlinux, trying $sysmap\n"; + + open FD, "<$sysmap" || die $sysmap; + @lines = <FD>; + close(FD) || die $sysmap; + parse_symbols(@lines); +} + +die "No symbols available\n" + if ($nr_symbols == 0); + +print "Have $nr_symbols symbols\n"; + +die "Can't find system certificate list" + unless (exists($symbols{"__cert_list_start"}) && + exists($symbols{"__cert_list_end"})); + +my $start = Math::BigInt->new($symbols{"__cert_list_start"}); +my $end = Math::BigInt->new($symbols{"__cert_list_end"}); +my $size = $end - $start; + +printf "Have %u bytes of certs at VMA 0x%x\n", $size, $start; + +my $s = undef; +foreach my $sec (@sections) { + my $s_name = $sec->{name}; + my $s_vma = $sec->{vma}; + my $s_len = $sec->{len}; + my $s_foff = $sec->{foff}; + my $s_vend = $s_vma + $s_len; + + next unless ($start >= $s_vma); + next if ($start >= $s_vend); + + die "Cert object partially overflows section $s_name\n" + if ($end > $s_vend); + + die "Cert object in multiple sections: ", $s_name, " and ", $s->{name}, "\n" + if ($s); + $s = $sec; +} + +die "Cert object not inside a section\n" + unless ($s); + +print "Certificate list in section ", $s->{name}, "\n"; + +my $foff = $start - $s->{vma} + $s->{foff}; + +printf "Certificate list at file offset 0x%x\n", $foff; + +open FD, "<$vmlinux" || die $vmlinux; +binmode(FD); +die $vmlinux if (!defined(sysseek(FD, $foff, SEEK_SET))); +my $buf = ""; +my $len = sysread(FD, $buf, $size); +die "$vmlinux" if (!defined($len)); +die "Short read on $vmlinux\n" if ($len != $size); +close(FD) || die $vmlinux; + +open FD, ">$keyring" || die $keyring; +binmode(FD); +$len = syswrite(FD, $buf, $size); +die "$keyring" if (!defined($len)); +die "Short write on $keyring\n" if ($len != $size); +close(FD) || die $keyring; diff --git a/scripts/kernel-doc b/scripts/kernel-doc index 9a08fb5c1af6..125b906cd1d4 100755 --- a/scripts/kernel-doc +++ b/scripts/kernel-doc @@ -206,59 +206,73 @@ my $type_env = '(\$\w+)'; # One for each output format # these work fairly well -my %highlights_html = ( $type_constant, "<i>\$1</i>", - $type_func, "<b>\$1</b>", - $type_struct_xml, "<i>\$1</i>", - $type_env, "<b><i>\$1</i></b>", - $type_param, "<tt><b>\$1</b></tt>" ); +my @highlights_html = ( + [$type_constant, "<i>\$1</i>"], + [$type_func, "<b>\$1</b>"], + [$type_struct_xml, "<i>\$1</i>"], + [$type_env, "<b><i>\$1</i></b>"], + [$type_param, "<tt><b>\$1</b></tt>"] + ); my $local_lt = "\\\\\\\\lt:"; my $local_gt = "\\\\\\\\gt:"; my $blankline_html = $local_lt . "p" . $local_gt; # was "<p>" # html version 5 -my %highlights_html5 = ( $type_constant, "<span class=\"const\">\$1</span>", - $type_func, "<span class=\"func\">\$1</span>", - $type_struct_xml, "<span class=\"struct\">\$1</span>", - $type_env, "<span class=\"env\">\$1</span>", - $type_param, "<span class=\"param\">\$1</span>" ); +my @highlights_html5 = ( + [$type_constant, "<span class=\"const\">\$1</span>"], + [$type_func, "<span class=\"func\">\$1</span>"], + [$type_struct_xml, "<span class=\"struct\">\$1</span>"], + [$type_env, "<span class=\"env\">\$1</span>"], + [$type_param, "<span class=\"param\">\$1</span>]"] + ); my $blankline_html5 = $local_lt . "br /" . $local_gt; # XML, docbook format -my %highlights_xml = ( "([^=])\\\"([^\\\"<]+)\\\"", "\$1<quote>\$2</quote>", - $type_constant, "<constant>\$1</constant>", - $type_func, "<function>\$1</function>", - $type_struct_xml, "<structname>\$1</structname>", - $type_env, "<envar>\$1</envar>", - $type_param, "<parameter>\$1</parameter>" ); +my @highlights_xml = ( + ["([^=])\\\"([^\\\"<]+)\\\"", "\$1<quote>\$2</quote>"], + [$type_constant, "<constant>\$1</constant>"], + [$type_struct_xml, "<structname>\$1</structname>"], + [$type_param, "<parameter>\$1</parameter>"], + [$type_func, "<function>\$1</function>"], + [$type_env, "<envar>\$1</envar>"] + ); my $blankline_xml = $local_lt . "/para" . $local_gt . $local_lt . "para" . $local_gt . "\n"; # gnome, docbook format -my %highlights_gnome = ( $type_constant, "<replaceable class=\"option\">\$1</replaceable>", - $type_func, "<function>\$1</function>", - $type_struct, "<structname>\$1</structname>", - $type_env, "<envar>\$1</envar>", - $type_param, "<parameter>\$1</parameter>" ); +my @highlights_gnome = ( + [$type_constant, "<replaceable class=\"option\">\$1</replaceable>"], + [$type_func, "<function>\$1</function>"], + [$type_struct, "<structname>\$1</structname>"], + [$type_env, "<envar>\$1</envar>"], + [$type_param, "<parameter>\$1</parameter>" ] + ); my $blankline_gnome = "</para><para>\n"; # these are pretty rough -my %highlights_man = ( $type_constant, "\$1", - $type_func, "\\\\fB\$1\\\\fP", - $type_struct, "\\\\fI\$1\\\\fP", - $type_param, "\\\\fI\$1\\\\fP" ); +my @highlights_man = ( + [$type_constant, "\$1"], + [$type_func, "\\\\fB\$1\\\\fP"], + [$type_struct, "\\\\fI\$1\\\\fP"], + [$type_param, "\\\\fI\$1\\\\fP"] + ); my $blankline_man = ""; # text-mode -my %highlights_text = ( $type_constant, "\$1", - $type_func, "\$1", - $type_struct, "\$1", - $type_param, "\$1" ); +my @highlights_text = ( + [$type_constant, "\$1"], + [$type_func, "\$1"], + [$type_struct, "\$1"], + [$type_param, "\$1"] + ); my $blankline_text = ""; # list mode -my %highlights_list = ( $type_constant, "\$1", - $type_func, "\$1", - $type_struct, "\$1", - $type_param, "\$1" ); +my @highlights_list = ( + [$type_constant, "\$1"], + [$type_func, "\$1"], + [$type_struct, "\$1"], + [$type_param, "\$1"] + ); my $blankline_list = ""; # read arguments @@ -273,7 +287,7 @@ my $verbose = 0; my $output_mode = "man"; my $output_preformatted = 0; my $no_doc_sections = 0; -my %highlights = %highlights_man; +my @highlights = @highlights_man; my $blankline = $blankline_man; my $modulename = "Kernel API"; my $function_only = 0; @@ -374,31 +388,31 @@ while ($ARGV[0] =~ m/^-(.*)/) { my $cmd = shift @ARGV; if ($cmd eq "-html") { $output_mode = "html"; - %highlights = %highlights_html; + @highlights = @highlights_html; $blankline = $blankline_html; } elsif ($cmd eq "-html5") { $output_mode = "html5"; - %highlights = %highlights_html5; + @highlights = @highlights_html5; $blankline = $blankline_html5; } elsif ($cmd eq "-man") { $output_mode = "man"; - %highlights = %highlights_man; + @highlights = @highlights_man; $blankline = $blankline_man; } elsif ($cmd eq "-text") { $output_mode = "text"; - %highlights = %highlights_text; + @highlights = @highlights_text; $blankline = $blankline_text; } elsif ($cmd eq "-docbook") { $output_mode = "xml"; - %highlights = %highlights_xml; + @highlights = @highlights_xml; $blankline = $blankline_xml; } elsif ($cmd eq "-list") { $output_mode = "list"; - %highlights = %highlights_list; + @highlights = @highlights_list; $blankline = $blankline_list; } elsif ($cmd eq "-gnome") { $output_mode = "gnome"; - %highlights = %highlights_gnome; + @highlights = @highlights_gnome; $blankline = $blankline_gnome; } elsif ($cmd eq "-module") { # not needed for XML, inherits from calling document $modulename = shift @ARGV; @@ -1746,7 +1760,7 @@ sub output_declaration { my $func = "output_${functype}_$output_mode"; if (($function_only==0) || ( $function_only == 1 && defined($function_table{$name})) || - ( $function_only == 2 && !defined($function_table{$name}))) + ( $function_only == 2 && !($functype eq "function" && defined($function_table{$name})))) { &$func(@_); $section_counter++; @@ -1791,8 +1805,8 @@ sub dump_struct($$) { $nested = $1; # ignore members marked private: - $members =~ s/\/\*\s*private:.*?\/\*\s*public:.*?\*\///gos; - $members =~ s/\/\*\s*private:.*//gos; + $members =~ s/\/\*\s*private:.*?\/\*\s*public:.*?\*\///gosi; + $members =~ s/\/\*\s*private:.*//gosi; # strip comments: $members =~ s/\/\*.*?\*\///gos; $nested =~ s/\/\*.*?\*\///gos; @@ -1869,6 +1883,31 @@ sub dump_typedef($$) { my $file = shift; $x =~ s@/\*.*?\*/@@gos; # strip comments. + + # Parse function prototypes + if ($x =~ /typedef\s+(\w+)\s*\(\*\s*(\w\S+)\s*\)\s*\((.*)\);/) { + # Function typedefs + $return_type = $1; + $declaration_name = $2; + my $args = $3; + + create_parameterlist($args, ',', $file); + + output_declaration($declaration_name, + 'function', + {'function' => $declaration_name, + 'module' => $modulename, + 'functiontype' => $return_type, + 'parameterlist' => \@parameterlist, + 'parameterdescs' => \%parameterdescs, + 'parametertypes' => \%parametertypes, + 'sectionlist' => \@sectionlist, + 'sections' => \%sections, + 'purpose' => $declaration_purpose + }); + return; + } + while (($x =~ /\(*.\)\s*;$/) || ($x =~ /\[*.\]\s*;$/)) { $x =~ s/\(*.\)\s*;$/;/; $x =~ s/\[*.\]\s*;$/;/; @@ -2391,12 +2430,13 @@ sub process_file($) { my $descr; my $in_purpose = 0; my $initial_section_counter = $section_counter; + my ($orig_file) = @_; if (defined($ENV{'SRCTREE'})) { - $file = "$ENV{'SRCTREE'}" . "/" . "@_"; + $file = "$ENV{'SRCTREE'}" . "/" . $orig_file; } else { - $file = "@_"; + $file = $orig_file; } if (defined($source_map{$file})) { $file = $source_map{$file}; @@ -2640,7 +2680,7 @@ sub process_file($) { print "<refentry>\n"; print " <refnamediv>\n"; print " <refname>\n"; - print " ${file}\n"; + print " ${orig_file}\n"; print " </refname>\n"; print " <refpurpose>\n"; print " Document generation inconsistency\n"; @@ -2654,7 +2694,7 @@ sub process_file($) { print " <para>\n"; print " The template for this document tried to insert\n"; print " the structured comment from the file\n"; - print " <filename>${file}</filename> at this point,\n"; + print " <filename>${orig_file}</filename> at this point,\n"; print " but none was found.\n"; print " This dummy section is inserted to allow\n"; print " generation to continue.\n"; @@ -2671,9 +2711,11 @@ $kernelversion = get_kernel_version(); # generate a sequence of code that will splice in highlighting information # using the s// operator. -foreach my $pattern (sort keys %highlights) { -# print STDERR "scanning pattern:$pattern, highlight:($highlights{$pattern})\n"; - $dohighlight .= "\$contents =~ s:$pattern:$highlights{$pattern}:gs;\n"; +foreach my $k (keys @highlights) { + my $pattern = $highlights[$k][0]; + my $result = $highlights[$k][1]; +# print STDERR "scanning pattern:$pattern, highlight:($result)\n"; + $dohighlight .= "\$contents =~ s:$pattern:$result:gs;\n"; } # Read the file that maps relative names to absolute names for diff --git a/scripts/mod/devicetable-offsets.c b/scripts/mod/devicetable-offsets.c index e70fcd12eeeb..5a6edacc85d9 100644 --- a/scripts/mod/devicetable-offsets.c +++ b/scripts/mod/devicetable-offsets.c @@ -185,6 +185,7 @@ int main(void) DEVID(mei_cl_device_id); DEVID_FIELD(mei_cl_device_id, name); DEVID_FIELD(mei_cl_device_id, uuid); + DEVID_FIELD(mei_cl_device_id, version); DEVID(rio_device_id); DEVID_FIELD(rio_device_id, did); diff --git a/scripts/mod/file2alias.c b/scripts/mod/file2alias.c index 5f2088209132..9bc2cfe0ee37 100644 --- a/scripts/mod/file2alias.c +++ b/scripts/mod/file2alias.c @@ -137,10 +137,12 @@ static inline void add_wildcard(char *str) static inline void add_uuid(char *str, uuid_le uuid) { int len = strlen(str); - int i; - for (i = 0; i < 16; i++) - sprintf(str + len + (i << 1), "%02x", uuid.b[i]); + sprintf(str + len, "%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x", + uuid.b[3], uuid.b[2], uuid.b[1], uuid.b[0], + uuid.b[5], uuid.b[4], uuid.b[7], uuid.b[6], + uuid.b[8], uuid.b[9], uuid.b[10], uuid.b[11], + uuid.b[12], uuid.b[13], uuid.b[14], uuid.b[15]); } /** @@ -1200,16 +1202,18 @@ static int do_cpu_entry(const char *filename, void *symval, char *alias) } ADD_TO_DEVTABLE("cpu", cpu_feature, do_cpu_entry); -/* Looks like: mei:S:uuid */ +/* Looks like: mei:S:uuid:N:* */ static int do_mei_entry(const char *filename, void *symval, char *alias) { DEF_FIELD_ADDR(symval, mei_cl_device_id, name); DEF_FIELD_ADDR(symval, mei_cl_device_id, uuid); + DEF_FIELD(symval, mei_cl_device_id, version); sprintf(alias, MEI_CL_MODULE_PREFIX); sprintf(alias + strlen(alias), "%s:", (*name)[0] ? *name : "*"); add_uuid(alias, *uuid); + ADD(alias, ":", version != MEI_CL_VERSION_ANY, version); strcat(alias, ":*"); diff --git a/scripts/package/builddeb b/scripts/package/builddeb index 0cd46e129920..b967e4f9fed2 100755 --- a/scripts/package/builddeb +++ b/scripts/package/builddeb @@ -115,7 +115,7 @@ esac BUILD_DEBUG="$(grep -s '^CONFIG_DEBUG_INFO=y' $KCONFIG_CONFIG || true)" # Setup the directory structure -rm -rf "$tmpdir" "$fwdir" "$kernel_headers_dir" "$libc_headers_dir" "$dbg_dir" +rm -rf "$tmpdir" "$fwdir" "$kernel_headers_dir" "$libc_headers_dir" "$dbg_dir" $objtree/debian/files mkdir -m 755 -p "$tmpdir/DEBIAN" mkdir -p "$tmpdir/lib" "$tmpdir/boot" mkdir -p "$fwdir/lib/firmware/$version/" @@ -408,7 +408,7 @@ binary-arch: \$(MAKE) KDEB_SOURCENAME=${sourcename} KDEB_PKGVERSION=${packageversion} bindeb-pkg clean: - rm -rf debian/*tmp + rm -rf debian/*tmp debian/files mv debian/ debian.backup # debian/ might be cleaned away \$(MAKE) clean mv debian.backup debian diff --git a/scripts/sign-file.c b/scripts/sign-file.c index c3899ca4811c..250a7a645033 100755 --- a/scripts/sign-file.c +++ b/scripts/sign-file.c @@ -20,13 +20,34 @@ #include <getopt.h> #include <err.h> #include <arpa/inet.h> +#include <openssl/opensslv.h> #include <openssl/bio.h> #include <openssl/evp.h> #include <openssl/pem.h> -#include <openssl/cms.h> #include <openssl/err.h> #include <openssl/engine.h> +/* + * Use CMS if we have openssl-1.0.0 or newer available - otherwise we have to + * assume that it's not available and its header file is missing and that we + * should use PKCS#7 instead. Switching to the older PKCS#7 format restricts + * the options we have on specifying the X.509 certificate we want. + * + * Further, older versions of OpenSSL don't support manually adding signers to + * the PKCS#7 message so have to accept that we get a certificate included in + * the signature message. Nor do such older versions of OpenSSL support + * signing with anything other than SHA1 - so we're stuck with that if such is + * the case. + */ +#if OPENSSL_VERSION_NUMBER < 0x10000000L +#define USE_PKCS7 +#endif +#ifndef USE_PKCS7 +#include <openssl/cms.h> +#else +#include <openssl/pkcs7.h> +#endif + struct module_signature { uint8_t algo; /* Public-key crypto algorithm [0] */ uint8_t hash; /* Digest algorithm [0] */ @@ -110,30 +131,42 @@ int main(int argc, char **argv) struct module_signature sig_info = { .id_type = PKEY_ID_PKCS7 }; char *hash_algo = NULL; char *private_key_name, *x509_name, *module_name, *dest_name; - bool save_cms = false, replace_orig; + bool save_sig = false, replace_orig; bool sign_only = false; unsigned char buf[4096]; - unsigned long module_size, cms_size; - unsigned int use_keyid = 0, use_signed_attrs = CMS_NOATTR; + unsigned long module_size, sig_size; + unsigned int use_signed_attrs; const EVP_MD *digest_algo; EVP_PKEY *private_key; +#ifndef USE_PKCS7 CMS_ContentInfo *cms; + unsigned int use_keyid = 0; +#else + PKCS7 *pkcs7; +#endif X509 *x509; BIO *b, *bd = NULL, *bm; int opt, n; - OpenSSL_add_all_algorithms(); ERR_load_crypto_strings(); ERR_clear_error(); key_pass = getenv("KBUILD_SIGN_PIN"); +#ifndef USE_PKCS7 + use_signed_attrs = CMS_NOATTR; +#else + use_signed_attrs = PKCS7_NOATTR; +#endif + do { opt = getopt(argc, argv, "dpk"); switch (opt) { - case 'p': save_cms = true; break; - case 'd': sign_only = true; save_cms = true; break; + case 'p': save_sig = true; break; + case 'd': sign_only = true; save_sig = true; break; +#ifndef USE_PKCS7 case 'k': use_keyid = CMS_USE_KEYID; break; +#endif case -1: break; default: format(); } @@ -157,6 +190,14 @@ int main(int argc, char **argv) replace_orig = true; } +#ifdef USE_PKCS7 + if (strcmp(hash_algo, "sha1") != 0) { + fprintf(stderr, "sign-file: %s only supports SHA1 signing\n", + OPENSSL_VERSION_TEXT); + exit(3); + } +#endif + /* Read the private key and the X.509 cert the PKCS#7 message * will point to. */ @@ -213,7 +254,8 @@ int main(int argc, char **argv) bm = BIO_new_file(module_name, "rb"); ERR(!bm, "%s", module_name); - /* Load the CMS message from the digest buffer. */ +#ifndef USE_PKCS7 + /* Load the signature message from the digest buffer. */ cms = CMS_sign(NULL, NULL, NULL, NULL, CMS_NOCERTS | CMS_PARTIAL | CMS_BINARY | CMS_DETACHED | CMS_STREAM); ERR(!cms, "CMS_sign"); @@ -221,17 +263,31 @@ int main(int argc, char **argv) ERR(!CMS_add1_signer(cms, x509, private_key, digest_algo, CMS_NOCERTS | CMS_BINARY | CMS_NOSMIMECAP | use_keyid | use_signed_attrs), - "CMS_sign_add_signer"); + "CMS_add1_signer"); ERR(CMS_final(cms, bm, NULL, CMS_NOCERTS | CMS_BINARY) < 0, "CMS_final"); - if (save_cms) { - char *cms_name; +#else + pkcs7 = PKCS7_sign(x509, private_key, NULL, bm, + PKCS7_NOCERTS | PKCS7_BINARY | + PKCS7_DETACHED | use_signed_attrs); + ERR(!pkcs7, "PKCS7_sign"); +#endif - ERR(asprintf(&cms_name, "%s.p7s", module_name) < 0, "asprintf"); - b = BIO_new_file(cms_name, "wb"); - ERR(!b, "%s", cms_name); - ERR(i2d_CMS_bio_stream(b, cms, NULL, 0) < 0, "%s", cms_name); + if (save_sig) { + char *sig_file_name; + + ERR(asprintf(&sig_file_name, "%s.p7s", module_name) < 0, + "asprintf"); + b = BIO_new_file(sig_file_name, "wb"); + ERR(!b, "%s", sig_file_name); +#ifndef USE_PKCS7 + ERR(i2d_CMS_bio_stream(b, cms, NULL, 0) < 0, + "%s", sig_file_name); +#else + ERR(i2d_PKCS7_bio(b, pkcs7) < 0, + "%s", sig_file_name); +#endif BIO_free(b); } @@ -247,9 +303,13 @@ int main(int argc, char **argv) ERR(n < 0, "%s", module_name); module_size = BIO_number_written(bd); +#ifndef USE_PKCS7 ERR(i2d_CMS_bio_stream(bd, cms, NULL, 0) < 0, "%s", dest_name); - cms_size = BIO_number_written(bd) - module_size; - sig_info.sig_len = htonl(cms_size); +#else + ERR(i2d_PKCS7_bio(bd, pkcs7) < 0, "%s", dest_name); +#endif + sig_size = BIO_number_written(bd) - module_size; + sig_info.sig_len = htonl(sig_size); ERR(BIO_write(bd, &sig_info, sizeof(sig_info)) < 0, "%s", dest_name); ERR(BIO_write(bd, magic_number, sizeof(magic_number) - 1) < 0, "%s", dest_name); diff --git a/scripts/ver_linux b/scripts/ver_linux index 7de36df4eaa5..024a11ac8b97 100755 --- a/scripts/ver_linux +++ b/scripts/ver_linux @@ -11,47 +11,95 @@ echo ' ' uname -a echo ' ' -gcc -dumpversion 2>&1| awk \ -'NR==1{print "Gnu C ", $1}' - -make --version 2>&1 | awk -F, '{print $1}' | awk \ - '/GNU Make/{print "Gnu make ",$NF}' - -echo "binutils $(ld -v | egrep -o '[0-9]+\.[0-9\.]+')" - -echo -n "util-linux " -fdformat --version | awk '{print $NF}' | sed -e s/^util-linux-// -e s/\)$// - -echo -n "mount " -mount --version | awk '{print $NF}' | sed -e s/^mount-// -e s/\)$// - -depmod -V 2>&1 | awk 'NR==1 {print "module-init-tools ",$NF}' - -tune2fs 2>&1 | grep "^tune2fs" | sed 's/,//' | awk \ -'NR==1 {print "e2fsprogs ", $2}' - -fsck.jfs -V 2>&1 | grep version | sed 's/,//' | awk \ -'NR==1 {print "jfsutils ", $3}' - -reiserfsck -V 2>&1 | grep ^reiserfsck | awk \ -'NR==1{print "reiserfsprogs ", $2}' +gcc -dumpversion 2>&1 | +awk '/[0-9]+([.]?[0-9]+)+/ && !/not found$/{ + match($0, /[0-9]+([.]?[0-9]+)+/) + printf("GNU C\t\t\t%s\n", + substr($0,RSTART,RLENGTH)) +}' + +make --version 2>&1 | +awk '/GNU Make/{ + match($0, /[0-9]+([.]?[0-9]+)+/) + printf("GNU Make\t\t%s\n", + substr($0,RSTART,RLENGTH)) +}' + +ld -v 2>&1 | +awk '/[0-9]+([.]?[0-9]+)+/ && !/not found$/{ + match($0, /[0-9]+([.]?[0-9]+)+/) + printf("Binutils\t\t%s\n", + substr($0,RSTART,RLENGTH)) +}' + +mount --version 2>&1 | +awk '/[0-9]+([.]?[0-9]+)+/ && !/not found$/{ + match($0, /[0-9]+([.]?[0-9]+)+/) + $0 = substr($0,RSTART,RLENGTH) + printf("Util-linux\t\t%s\nMount\t\t\t%s\n",$0,$0) +}' + +depmod -V 2>&1 | +awk '/[0-9]+([.]?[0-9]+)+/ && !/not found$/{ + match($0, /[0-9]+([.]?[0-9]+)+/) + printf("Module-init-tools\t%s\n", + substr($0,RSTART,RLENGTH)) +}' + +tune2fs 2>&1 | +awk '/^tune2fs/{ + match($0, /[0-9]+([.]?[0-9]+)+/) + printf("E2fsprogs\t\t%s\n", + substr($0,RSTART,RLENGTH)) +}' + +fsck.jfs -V 2>&1 | +awk '/version/{ + match($0, /[0-9]+([.]?[0-9]+)+/) + printf("Jfsutils\t\t%s\n", + substr($0,RSTART,RLENGTH)) +}' + +reiserfsck -V 2>&1 | +awk '/^reiserfsck/{ + match($0, /[0-9]+([.]?[0-9]+)+/) + printf("Reiserfsprogs\t\t%s\n", + substr($0,RSTART,RLENGTH)) +}' fsck.reiser4 -V 2>&1 | grep ^fsck.reiser4 | awk \ 'NR==1{print "reiser4progs ", $2}' -xfs_db -V 2>&1 | grep version | awk \ -'NR==1{print "xfsprogs ", $3}' +xfs_db -V 2>&1 | +awk '/version/{ + match($0, /[0-9]+([.]?[0-9]+)+/) + printf("Xfsprogs\t\t%s\n", + substr($0,RSTART,RLENGTH)) +}' -pccardctl -V 2>&1| grep pcmciautils | awk '{print "pcmciautils ", $2}' +pccardctl -V 2>&1 | +awk '/pcmciautils/{ + match($0, /[0-9]+([.]?[0-9]+)+/) + printf("Pcmciautils\t\t%s\n", + substr($0,RSTART,RLENGTH)) +}' cardmgr -V 2>&1| grep version | awk \ 'NR==1{print "pcmcia-cs ", $3}' -quota -V 2>&1 | grep version | awk \ -'NR==1{print "quota-tools ", $NF}' +quota -V 2>&1 | +awk '/version/{ + match($0, /[0-9]+([.]?[0-9]+)+/) + printf("Quota-tools\t\t%s\n", + substr($0,RSTART,RLENGTH)) +}' -pppd --version 2>&1| grep version | awk \ -'NR==1{print "PPP ", $3}' +pppd --version 2>&1 | +awk '/version/{ + match($0, /[0-9]+([.]?[0-9]+)+/) + printf("PPP\t\t\t%s\n", + substr($0,RSTART,RLENGTH)) +}' isdnctrl 2>&1 | grep version | awk \ 'NR==1{print "isdn4k-utils ", $NF}' @@ -59,40 +107,87 @@ isdnctrl 2>&1 | grep version | awk \ showmount --version 2>&1 | grep nfs-utils | awk \ 'NR==1{print "nfs-utils ", $NF}' -echo -n "Linux C Library " -sed -n -e '/^.*\/libc-\([^/]*\)\.so$/{s//\1/;p;q}' < /proc/self/maps - -ldd -v > /dev/null 2>&1 && ldd -v || ldd --version |head -n 1 | awk \ -'NR==1{print "Dynamic linker (ldd) ", $NF}' - -ls -l /usr/lib/libg++.so /usr/lib/libstdc++.so 2>/dev/null | awk -F. \ - '{print "Linux C++ Library " $4"."$5"."$6}' - -ps --version 2>&1 | grep version | awk \ -'NR==1{print "Procps ", $NF}' - -ifconfig --version 2>&1 | grep tools | awk \ -'NR==1{print "Net-tools ", $NF}' - -# Kbd needs 'loadkeys -h', -loadkeys -h 2>&1 | awk \ -'(NR==1 && ($3 !~ /option/)) {print "Kbd ", $3}' - -# while console-tools needs 'loadkeys -V'. -loadkeys -V 2>&1 | awk \ -'(NR==1 && ($2 ~ /console-tools/)) {print "Console-tools ", $3}' +test -r /proc/self/maps && +sed ' + /.*libc-\(.*\)\.so$/!d + s//Linux C Library\t\t\1/ + q +' /proc/self/maps + +ldd --version 2>&1 | +awk '/^ldd/{ + match($0, /[0-9]+([.]?[0-9]+)+/) + printf("Dynamic linker (ldd)\t%s\n", + substr($0,RSTART,RLENGTH)) +}' + +libcpp=`ldconfig -p 2>/dev/null | + awk '/(libg|stdc)[+]+\.so/ { + print $NF + exit + } +'` +test -r "$libcpp" && +ls -l $libcpp | +sed ' + s!.*so\.!! + s!^!Linux C++ Library\t! +' +ps --version 2>&1 | +awk '/version/{ + match($0, /[0-9]+([.]?[0-9]+)+/) + printf("Procps\t\t\t%s\n", + substr($0,RSTART,RLENGTH)) +}' + +ifconfig --version 2>&1 | +awk '/tools/{ + match($0, /[0-9]+([.]?[0-9]+)+/) + printf("Net-tools\t\t%s\n", + substr($0,RSTART,RLENGTH)) +}' + +loadkeys -V 2>&1 | +awk '/[0-9]+([.]?[0-9]+)+/ && !/not found$/{ + match($0, /[0-9]+([.]?[0-9]+)+/) + $0 = substr($0,RSTART,RLENGTH) + printf("Kbd\t\t\t%s\nConsole-tools\t\t%s\n",$0,$0) +}' oprofiled --version 2>&1 | awk \ '(NR==1 && ($2 == "oprofile")) {print "oprofile ", $3}' -expr --v 2>&1 | awk 'NR==1{print "Sh-utils ", $NF}' - -udevinfo -V 2>&1 | grep version | awk '{print "udev ", $3}' - -iwconfig --version 2>&1 | awk \ -'(NR==1 && ($3 == "version")) {print "wireless-tools ",$4}' - -if [ -e /proc/modules ]; then - X=`cat /proc/modules | sed -e "s/ .*$//"` - echo "Modules Loaded "$X -fi +expr --v 2>&1 | +awk '/^expr/{ + match($0, /[0-9]+([.]?[0-9]+)+/) + printf("Sh-utils\t\t%s\n", + substr($0,RSTART,RLENGTH)) +}' + +udevadm --version 2>&1 | +awk '/[0-9]+([.]?[0-9]+)+/ && !/not found$/{ + match($0, /[0-9]+([.]?[0-9]+)+/) + printf("Udev\t\t\t%s\n", + substr($0,RSTART,RLENGTH)) +}' + +iwconfig --version 2>&1 | +awk '/version/{ + match($0, /[0-9]+([.]?[0-9]+)+/) + printf("Wireless-tools\t\t%s\n", + substr($0,RSTART,RLENGTH)) +}' + +test -e /proc/modules && +sort /proc/modules | +sed ' + s/ .*// + H +${ + g + s/^\n/Modules Loaded\t\t/ + y/\n/ / + q +} + d +' |