sign-file: Document dependency on OpenSSL devel libraries
The revised sign-file program is no longer a script that wraps the openssl program, but now rather a program that makes use of OpenSSL's crypto library. This means that to build the sign-file program, the kernel build process now has a dependency on the OpenSSL development packages in addition to OpenSSL itself. Document this in Kconfig and in module-signing.txt. Signed-off-by: David Howells <dhowells@redhat.com> Reviewed-by: David Woodhouse <David.Woodhouse@intel.com>
This commit is contained in:
David Howells
parent
99db443506
commit
228c37ff98
|
|
@ -111,6 +111,9 @@ This has a number of options available:
|
|||
additional certificates which will be included in the system keyring by
|
||||
default.
|
||||
|
||||
Note that enabling module signing adds a dependency on the OpenSSL devel
|
||||
packages to the kernel build processes for the tool that does the signing.
|
||||
|
||||
|
||||
=======================
|
||||
GENERATING SIGNING KEYS
|
||||
|
|
|
|||
|
|
@ -1897,6 +1897,10 @@ config MODULE_SIG
|
|||
is simply appended to the module. For more information see
|
||||
Documentation/module-signing.txt.
|
||||
|
||||
Note that this option adds the OpenSSL development packages as a
|
||||
kernel build dependency so that the signing tool can use its crypto
|
||||
library.
|
||||
|
||||
!!!WARNING!!! If you enable this option, you MUST make sure that the
|
||||
module DOES NOT get stripped after being signed. This includes the
|
||||
debuginfo strip done by some packagers (such as rpmbuild) and
|
||||
|
|
|
|||
Loading…
Reference in New Issue