Re: [PATCH 1/4] modsign: Abort modules_install when signing fails

[Woodhouse, David]

On Mon, 2015-05-18 at 21:29 -0400, Mimi Zohar wrote:
> On Fri, 2015-05-15 at 17:52 +0100, David Woodhouse wrote:
> > Signed-off-by: David Woodhouse <David.Woodhouse@xxxxxxxxx>
> 
> I assume the patch descriptions will be added before being upstreamed.  

This patch aborts modules_install when signing fails :)

> With this patch, as expected the modules_install aborted on failure.  Is
> there any way to capture the reason for the failure?   In my case,
> dropping the '-j <num>' option resolved the problem.

Hm, was there no output from sign-file when this happened? Remember that
with a parallel make the error which stops the build might not be the
last thing it printed. Can you show the full output?

It's possible that there's a limit on the number of sessions you can
have open to the hardware token, and we are exceeding it with a parallel
build. I thought that pcscd was going to serialize the access and it
should work properly though. I can certainly do 'make -j
modules_install' with a Yubikey NEO here (although my test build only
has about 20 modules).

Any better ideas on how to specify the key passphrase/PIN? Just put it
in a file in the top-level directory? 

-- 
David Woodhouse                            Open Source Technology Centre
David.Woodhouse@xxxxxxxxx                              Intel Corporation

Attachment: smime.p7s
Description: S/MIME cryptographic signature