tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

modsign: hide openssl output in silent builds

When a user calls 'make -s', we can assume they don't want to
see any output except for warnings and errors, but instead
they see this for a warning free build:

###
### Now generating an X.509 key pair to be used for signing modules.
###
### If this takes a long time, you might wish to run rngd in the
### background to keep the supply of entropy topped up. It
### needs to be run as root, and uses a hardware random
### number generator if one is available.
###
Generating a 4096 bit RSA private key
.................................................................................................................................................................................................................................++
..............................................................................................................................++
writing new private key to 'certs/signing_key.pem'
-----
###
### Key pair generated.
###

The output can confuse simple build testing scripts that just check
for an empty build log.

This patch silences all the output:
- "echo" is changed to "@$(kecho)", which is dropped when "-s" gets
passed
- the openssl command itself is only printed with V=1, using the
$(Q) macro
- The output of openssl gets redirected to /dev/null on "-s" builds.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: David Howells <dhowells@redhat.com>

authored by

Arnd Bergmann and committed by
David Howells 5d06ee20 e5a2e3c8

+19 -14
+19 -14
certs/Makefile
··· 36 36 $(error Could not determine digest type to use from kernel config) 37 37 endif 38 38 39 + redirect_openssl = 2>&1 40 + quiet_redirect_openssl = 2>&1 41 + silent_redirect_openssl = 2>/dev/null 42 + 39 43 # We do it this way rather than having a boolean option for enabling an 40 44 # external private key, because 'make randconfig' might enable such a 41 45 # boolean option and we unfortunately can't make it depend on !RANDCONFIG. 42 46 ifeq ($(CONFIG_MODULE_SIG_KEY),"certs/signing_key.pem") 43 47 $(obj)/signing_key.pem: $(obj)/x509.genkey 44 - @echo "###" 45 - @echo "### Now generating an X.509 key pair to be used for signing modules." 46 - @echo "###" 47 - @echo "### If this takes a long time, you might wish to run rngd in the" 48 - @echo "### background to keep the supply of entropy topped up. It" 49 - @echo "### needs to be run as root, and uses a hardware random" 50 - @echo "### number generator if one is available." 51 - @echo "###" 52 - openssl req -new -nodes -utf8 -$(CONFIG_MODULE_SIG_HASH) -days 36500 \ 48 + @$(kecho) "###" 49 + @$(kecho) "### Now generating an X.509 key pair to be used for signing modules." 50 + @$(kecho) "###" 51 + @$(kecho) "### If this takes a long time, you might wish to run rngd in the" 52 + @$(kecho) "### background to keep the supply of entropy topped up. It" 53 + @$(kecho) "### needs to be run as root, and uses a hardware random" 54 + @$(kecho) "### number generator if one is available." 55 + @$(kecho) "###" 56 + $(Q)openssl req -new -nodes -utf8 -$(CONFIG_MODULE_SIG_HASH) -days 36500 \ 53 57 -batch -x509 -config $(obj)/x509.genkey \ 54 58 -outform PEM -out $(obj)/signing_key.pem \ 55 - -keyout $(obj)/signing_key.pem 2>&1 56 - @echo "###" 57 - @echo "### Key pair generated." 58 - @echo "###" 59 + -keyout $(obj)/signing_key.pem \ 60 + $($(quiet)redirect_openssl) 61 + @$(kecho) "###" 62 + @$(kecho) "### Key pair generated." 63 + @$(kecho) "###" 59 64 60 65 $(obj)/x509.genkey: 61 - @echo Generating X.509 key generation config 66 + @$(kecho) Generating X.509 key generation config 62 67 @echo >$@ "[ req ]" 63 68 @echo >>$@ "default_bits = 4096" 64 69 @echo >>$@ "distinguished_name = req_distinguished_name"