The module signing script (sign-file) used to be a wrapper around the
openssl program. It has now been replaced by a C program that uses the
crypto library from the OpenSSL package meaning that the OpenSSL devel
packages are necessary to provide the devel library link and the header
files.
This would be openssl-devel on Fedora and libssl-dev on Debian.
Reported-by: Stephen Rothwell <[email protected]>
Signed-off-by: David Howells <[email protected]>
Acked-by: Stephen Rothwell <[email protected]>
---
Documentation/Changes | 17 ++++++++++++++++-
1 file changed, 16 insertions(+), 1 deletion(-)
diff --git a/Documentation/Changes b/Documentation/Changes
index 646cdaa6e9d1..6d8863004858 100644
--- a/Documentation/Changes
+++ b/Documentation/Changes
@@ -43,6 +43,7 @@ o udev 081 # udevd --version
o grub 0.93 # grub --version || grub-install --version
o mcelog 0.6 # mcelog --version
o iptables 1.4.2 # iptables -V
+o openssl & libcrypto 1.0.1k # openssl version
Kernel compilation
@@ -79,6 +80,17 @@ BC
You will need bc to build kernels 3.10 and higher
+OpenSSL
+-------
+
+Module signing and external certificate handling use the OpenSSL program and
+crypto library to do key creation and signature generation.
+
+You will need openssl to build kernels 3.7 and higher if module signing is
+enabled. You will also need openssl development packages to build kernels 4.3
+and higher.
+
+
System utilities
================
@@ -295,6 +307,10 @@ Binutils
--------
o <ftp://ftp.kernel.org/pub/linux/devel/binutils/>
+OpenSSL
+-------
+o <https://www.openssl.org/>
+
System utilities
****************
@@ -392,4 +408,3 @@ o <http://oprofile.sf.net/download/>
NFS-Utils
---------
o <http://nfs.sourceforge.net/>
-
On Thu, 27 Aug 2015, David Howells wrote:
> The module signing script (sign-file) used to be a wrapper around the
> openssl program. It has now been replaced by a C program that uses the
> crypto library from the OpenSSL package meaning that the OpenSSL devel
> packages are necessary to provide the devel library link and the header
> files.
>
> This would be openssl-devel on Fedora and libssl-dev on Debian.
>
> Reported-by: Stephen Rothwell <[email protected]>
> Signed-off-by: David Howells <[email protected]>
> Acked-by: Stephen Rothwell <[email protected]>
Applied to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next
--
James Morris
<[email protected]>