Kernel/linux
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-01-06 13:23:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

sign-file: Document dependency on OpenSSL devel libraries

Browse Source 
The revised sign-file program is no longer a script that wraps the openssl
program, but now rather a program that makes use of OpenSSL's crypto
library.  This means that to build the sign-file program, the kernel build
process now has a dependency on the OpenSSL development packages in
addition to OpenSSL itself.

Document this in Kconfig and in module-signing.txt.

Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: David Woodhouse <David.Woodhouse@intel.com>
This commit is contained in:
David Howells 2015-08-11 12:38:54 +01:00
parent 99db443506
commit 228c37ff98
2 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Documentation/module-signing.txt
View File

@ -111,6 +111,9 @@ This has a number of options available:
additional certificates which will be included in the system keyring by
default.
Note that enabling module signing adds a dependency on the OpenSSL devel
packages to the kernel build processes for the tool that does the signing.
=======================
GENERATING SIGNING KEYS

4
init/Kconfig
View File

@ -1897,6 +1897,10 @@ config MODULE_SIG
is simply appended to the module. For more information see
Documentation/module-signing.txt.
Note that this option adds the OpenSSL development packages as a
kernel build dependency so that the signing tool can use its crypto
library.
!!!WARNING!!! If you enable this option, you MUST make sure that the
module DOES NOT get stripped after being signed. This includes the
debuginfo strip done by some packagers (such as rpmbuild) and