linux-dev/certs/.gitignore, branch master

certs: fix and refactor CONFIG_SYSTEM_BLACKLIST_HASH_LIST build

2022-06-15T18:52:32Z

Commit addf466389d9 ("certs: Check that builtin blacklist hashes are valid") was applied 8 months after the submission. In the meantime, the base code had been removed by commit b8c96a6b466c ("certs: simplify $(srctree)/ handling and remove config_filename macro"). Fix the Makefile. Create a local copy of $(CONFIG_SYSTEM_BLACKLIST_HASH_LIST). It is included from certs/blacklist_hashes.c and also works as a timestamp. Send error messages from check-blacklist-hashes.awk to stderr instead of stdout. Fixes: addf466389d9 ("certs: Check that builtin blacklist hashes are valid") Signed-off-by: Masahiro Yamada Reviewed-by: Jarkko Sakkinen Reviewed-by: Mickaël Salaün Signed-off-by: Jarkko Sakkinen

certs: Check that builtin blacklist hashes are valid

2022-05-23T15:47:49Z

Add and use a check-blacklist-hashes.awk script to make sure that the builtin blacklist hashes set with CONFIG_SYSTEM_BLACKLIST_HASH_LIST will effectively be taken into account as blacklisted hashes. This is useful to debug invalid hash formats, and it make sure that previous hashes which could have been loaded in the kernel, but silently ignored, are now noticed and deal with by the user at kernel build time. This also prevent stricter blacklist key description checking (provided by following commits) to failed for builtin hashes. Update CONFIG_SYSTEM_BLACKLIST_HASH_LIST help to explain the content of a hash string and how to generate certificate ones. Cc: David Howells Cc: David Woodhouse Cc: Eric Snowberg Cc: Jarkko Sakkinen Signed-off-by: Mickaël Salaün Link: https://lore.kernel.org/r/20210712170313.884724-3-mic@digikod.net Reviewed-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen

certs: move scripts/extract-cert to certs/

2022-01-08T09:28:21Z

extract-cert is only used in certs/Makefile. Move it there and build extract-cert on demand. Signed-off-by: Masahiro Yamada

.gitignore: prefix local generated files with a slash

2021-05-01T15:43:35Z

The pattern prefixed with '/' matches files in the same directory, but not ones in sub-directories. Signed-off-by: Masahiro Yamada Acked-by: Miguel Ojeda Acked-by: Rob Herring Acked-by: Andra Paraschiv Acked-by: Greg Kroah-Hartman Acked-by: Gabriel Krisman Bertazi

certs: add 'x509_revocation_list' to gitignore

2021-04-26T17:48:07Z

Commit d1f044103dad ("certs: Add ability to preload revocation certs") created a new generated file for revocation certs, but didn't tell git to ignore it. Thus causing unnecessary "git status" noise after a kernel build with CONFIG_SYSTEM_REVOCATION_LIST enabled. Add the proper gitignore magic. Signed-off-by: Linus Torvalds

.gitignore: add SPDX License Identifier

2020-03-25T10:50:48Z

Add SPDX License Identifier to all .gitignore files. Signed-off-by: Masahiro Yamada Signed-off-by: Greg Kroah-Hartman

.gitignore: remove too obvious comments

2020-03-25T10:50:28Z

Some .gitignore files have comments like "Generated files", "Ignore generated files" at the header part, but they are too obvious. Signed-off-by: Masahiro Yamada Signed-off-by: Greg Kroah-Hartman

certs: add .gitignore to stop git nagging about x509_certificate_list

2015-10-21T14:18:35Z

Currently we see this in "git status" if we build in the source dir: Untracked files: (use "git add ..." to include in what will be committed) certs/x509_certificate_list It looks like it used to live in kernel/ so we squash that .gitignore entry at the same time. I didn't bother to dig through git history to see when it moved, since it is just a minor annoyance at most. Cc: David Woodhouse Cc: keyrings@linux-nfs.org Signed-off-by: Paul Gortmaker Signed-off-by: David Howells