1 Star 0 Fork 22

问书/systemtap1

forked from src-anolis-os/systemtap 
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
文件
该仓库未声明开源许可证文件(LICENSE),使用请关注具体项目描述及其代码上游依赖。
克隆/下载
pr30749.patch 3.49 KB
一键复制 编辑 原始数据 按行查看 历史
Zhao Hang 提交于 2023-12-05 16:35 +08:00 . update to systemtap-4.9-3.src.rpm
commit 9839db5514a29cf4f58b3de8cc6155088be6d061
gpg: Signature made Sat 12 Aug 2023 02:49:26 PM EDT
gpg: using RSA key 5D38116FA4D3A7CC77E378D37E83610126DCC2E8
gpg: Good signature from "Frank Ch. Eigler <[email protected]>" [full]
Author: Frank Ch. Eigler <[email protected]>
Date: Sat Aug 12 14:28:44 2023 -0400
PR30749: correct stap --sign-module timing
Previous code signed the temp directory copy, after it had already
been copied into the cache -- so the signature never made it to a
permanent artifact.
If the module was being fetched from the cache from a previous build
run, a sign (re)attempt will still be done. This may not be
necessary, but shouldn't be harmful.
Reported-By: Renaud Métrich <[email protected]>
diff --git a/main.cxx b/main.cxx
index 06adb66ad..9f695cbd8 100644
--- a/main.cxx
+++ b/main.cxx
@@ -1190,8 +1190,10 @@ passes_0_4 (systemtap_session &s)
s.mok_fingerprints.clear();
s.mok_fingerprints.push_back(mok_fingerprint);
}
- rc =
- sign_module (s.tmpdir, s.module_filename(), s.mok_fingerprints, mok_path, s.kernel_build_tree);
+ if (s.verbose)
+ clog << _F("Signing %s with mok key %s", s.module_filename().c_str(), mok_path.c_str())
+ << endl;
+ rc = sign_module (s.tmpdir, s.module_filename(), s.mok_fingerprints, mok_path, s.kernel_build_tree);
}
#endif
@@ -1310,8 +1312,30 @@ passes_0_4 (systemtap_session &s)
if (! s.use_script_cache && s.last_pass <= 4)
s.save_module = true;
+#if HAVE_NSS
+ // PR30749
+ if (!rc && s.module_sign_given)
+ {
+ // when run on client as --sign-module, mok fingerprints are result of mokutil -l
+ // when run from server as --sign-module=PATH, mok fingerprint is given by PATH
+ string mok_path;
+ if (!s.module_sign_mok_path.empty())
+ {
+ string mok_fingerprint;
+ split_path (s.module_sign_mok_path, mok_path, mok_fingerprint);
+ s.mok_fingerprints.clear();
+ s.mok_fingerprints.push_back(mok_fingerprint);
+ }
+
+ if (s.verbose)
+ clog << _F("Signing %s with mok key %s", s.module_filename().c_str(), mok_path.c_str())
+ << endl;
+ rc = sign_module (s.tmpdir, s.module_filename(), s.mok_fingerprints, mok_path, s.kernel_build_tree);
+ }
+#endif
+
// Copy module to the current directory.
- if (s.save_module && !pending_interrupts)
+ if (!rc && s.save_module && !pending_interrupts)
{
string module_src_path = s.tmpdir + "/" + s.module_filename();
string module_dest_path = s.module_filename();
@@ -1327,29 +1351,11 @@ passes_0_4 (systemtap_session &s)
}
}
-#if HAVE_NSS
- if (s.module_sign_given)
- {
- // when run on client as --sign-module, mok fingerprints are result of mokutil -l
- // when run from server as --sign-module=PATH, mok fingerprint is given by PATH
- string mok_path;
- if (!s.module_sign_mok_path.empty())
- {
- string mok_fingerprint;
- split_path (s.module_sign_mok_path, mok_path, mok_fingerprint);
- s.mok_fingerprints.clear();
- s.mok_fingerprints.push_back(mok_fingerprint);
- }
-
- rc = sign_module (s.tmpdir, s.module_filename(), s.mok_fingerprints, mok_path, s.kernel_build_tree);
- }
-#endif
-
PROBE1(stap, pass4__end, &s);
return rc;
}
-
+
int
pass_5 (systemtap_session &s, vector<remote*> targets)
{
Loading...
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化
1
https://gitee.com/Weisson/systemtap1.git
[email protected]:Weisson/systemtap1.git
Weisson
systemtap1
systemtap1
a8

搜索帮助