Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

run_tests: saner handling of sig key/hashalgo #310

Merged
merged 2 commits into from
Mar 5, 2023

Conversation

evelikov
Copy link
Collaborator

Namely request the field we're interested in.

Aka use modinfo -F foobar instead of modinfo | grep foobar| sed 's/foobar://' and alike.

@xuzhen can you double-check I'm not missing anything?

@evelikov
Copy link
Collaborator Author

Hmm stumbled upon the kmod built without openssl. Seems like the proper fix is to actually check for the algo first - if unknown, then skip the key check. The current tests (at least) seem to be backwards.

@evelikov evelikov force-pushed the modinfo branch 2 times, most recently from 191ae7f to 5aa069a Compare February 26, 2023 18:33
@evelikov
Copy link
Collaborator Author

evelikov commented Feb 26, 2023

Pardon for the noise - trying to track down which piece of the stack is borked and thus srcversion is not produced. The original comment was saying Debian, although I suspect it could be kernel version related ... or patch thereof.

kmod itself doesn't even know about that field.

EDIT: found it - some distros do not set CONFIG_MODULE_SRCVERSION_ALL 🤦

Return is only a thing in functions, swap it with exit.

Signed-off-by: Emil Velikov <[email protected]>
Currently we make a few odd assumptions - we track the key field first.
Which may be either empty (kmod build w/o openssl) or missing all
together (aka something has gone horribly wrong). Then based on that we
try and workaround the hashalgo.

That approach was chosen since kmod <26 was buggy (at least the hashalgo
provided was).

Instead - start with a kmod version check (anything half-recent uses
26+) then check the algo, which if unknown tells us to not look at
the empty key. Or if the hash is known and key is missing we can
meaningfully error out.

In the process of this, use modinfo -F instead of the current modinfo |
grep | sed dance.

Side note: the NO_SIGNING_TOOL hunk (and surrounding code) should be
de duplicated into a function or sorts. But that for another day.

Signed-off-by: Emil Velikov <[email protected]>
@evelikov
Copy link
Collaborator Author

The srcversion seems semi-magical and semi-broken atm - opened an issue for it #311.

The updated PR, should do a saner handing of sig key/hashalgo now ... even though it started with a simple modinfo -F simplification 😅

@evelikov evelikov changed the title run_tests: simplify modinfo handling run_tests: saner handling of sig key/hashalgo Feb 27, 2023
@xuzhen
Copy link
Collaborator

xuzhen commented Mar 5, 2023

I think it's ready to merge.

@evelikov evelikov merged commit 3e0af66 into dell:master Mar 5, 2023
@evelikov evelikov deleted the modinfo branch March 5, 2023 10:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants