1. 15 Nov, 2015 1 commit
  2. 01 Nov, 2015 1 commit
  3. 24 Oct, 2015 1 commit
  4. 18 Oct, 2015 1 commit
  5. 11 Oct, 2015 1 commit
  6. 08 Oct, 2015 1 commit
  7. 04 Oct, 2015 1 commit
  8. 01 Oct, 2015 1 commit
  9. 28 Sep, 2015 1 commit
    • Ben Hutchings's avatar
      DocBook: Use a fixed encoding for output · b479bfd0
      Ben Hutchings authored
      Currently the encoding of documents generated by DocBook depends on
      the current locale.  Make the output reproducible independently of
      the locale, by setting the encoding to UTF-8 (LC_CTYPE=C.UTF-8) by
      preference, or ASCII (LC_CTYPE=C) as a fallback.
      
      LC_CTYPE can normally be overridden by LC_ALL, but the top-level
      Makefile unsets that.
      Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
      [jc: added check-lc_ctype to .gitignore]
      Signed-off-by: default avatarJonathan Corbet <corbet@lwn.net>
      b479bfd0
  10. 27 Sep, 2015 1 commit
  11. 20 Sep, 2015 1 commit
  12. 12 Sep, 2015 1 commit
  13. 04 Sep, 2015 1 commit
  14. 30 Aug, 2015 1 commit
  15. 28 Aug, 2015 1 commit
  16. 23 Aug, 2015 1 commit
  17. 16 Aug, 2015 1 commit
  18. 14 Aug, 2015 2 commits
  19. 09 Aug, 2015 1 commit
  20. 07 Aug, 2015 3 commits
    • David Woodhouse's avatar
      modsign: Use single PEM file for autogenerated key · fb117949
      David Woodhouse authored
      The current rule for generating signing_key.priv and signing_key.x509 is
      a classic example of a bad rule which has a tendency to break parallel
      make. When invoked to create *either* target, it generates the other
      target as a side-effect that make didn't predict.
      
      So let's switch to using a single file signing_key.pem which contains
      both key and certificate. That matches what we do in the case of an
      external key specified by CONFIG_MODULE_SIG_KEY anyway, so it's also
      slightly cleaner.
      Signed-off-by: default avatarDavid Woodhouse <David.Woodhouse@intel.com>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      fb117949
    • David Woodhouse's avatar
    • David Howells's avatar
      MODSIGN: Use PKCS#7 messages as module signatures · 3f1e1bea
      David Howells authored
      Move to using PKCS#7 messages as module signatures because:
      
       (1) We have to be able to support the use of X.509 certificates that don't
           have a subjKeyId set.  We're currently relying on this to look up the
           X.509 certificate in the trusted keyring list.
      
       (2) PKCS#7 message signed information blocks have a field that supplies the
           data required to match with the X.509 certificate that signed it.
      
       (3) The PKCS#7 certificate carries fields that specify the digest algorithm
           used to generate the signature in a standardised way and the X.509
           certificates specify the public key algorithm in a standardised way - so
           we don't need our own methods of specifying these.
      
       (4) We now have PKCS#7 message support in the kernel for signed kexec purposes
           and we can make use of this.
      
      To make this work, the old sign-file script has been replaced with a program
      that needs compiling in a previous patch.  The rules to build it are added
      here.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Tested-by: default avatarVivek Goyal <vgoyal@redhat.com>
      3f1e1bea
  21. 02 Aug, 2015 1 commit
  22. 26 Jul, 2015 1 commit
  23. 22 Jul, 2015 2 commits
  24. 19 Jul, 2015 1 commit
  25. 12 Jul, 2015 1 commit
  26. 05 Jul, 2015 2 commits
  27. 21 Jun, 2015 1 commit
  28. 14 Jun, 2015 1 commit
  29. 07 Jun, 2015 1 commit
  30. 31 May, 2015 1 commit
  31. 24 May, 2015 1 commit
  32. 18 May, 2015 1 commit
  33. 10 May, 2015 1 commit
  34. 03 May, 2015 1 commit
  35. 29 Apr, 2015 1 commit