From: Vladis Dronov <vdronov@xxxxxxxxxx> [redhat] Add CONFIG_SYSTEM_REVOCATION_KEYS and _LIST Add CONFIG_SYSTEM_REVOCATION_KEYS and CONFIG_SYSTEM_REVOCATION_LIST options. Make them disabled since there are no revoked certificates embedded. Link: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b0e22b47f650 Link: https://gitlab.com/redhat/rhel/src/kernel/rhel-8/-/merge_requests/456 Link: https://bugzilla.redhat.com/show_bug.cgi?id=1893793 Signed-off-by: Vladis Dronov <vdronov@xxxxxxxxxx> diff a/redhat/configs/common/generic/CONFIG_SYSTEM_REVOCATION_KEYS b/redhat/configs/common/generic/CONFIG_SYSTEM_REVOCATION_KEYS --- /dev/null +++ b/redhat/configs/common/generic/CONFIG_SYSTEM_REVOCATION_KEYS @@ -0,0 +1 @@ +# CONFIG_SYSTEM_REVOCATION_KEYS is not set diff a/redhat/configs/common/generic/CONFIG_SYSTEM_REVOCATION_LIST b/redhat/configs/common/generic/CONFIG_SYSTEM_REVOCATION_LIST --- /dev/null +++ b/redhat/configs/common/generic/CONFIG_SYSTEM_REVOCATION_LIST @@ -0,0 +1 @@ +# CONFIG_SYSTEM_REVOCATION_LIST is not set diff a/redhat/configs/pending-common/generic/CONFIG_SYSTEM_REVOCATION_LIST b/redhat/configs/pending-common/generic/CONFIG_SYSTEM_REVOCATION_LIST --- a/redhat/configs/pending-common/generic/CONFIG_SYSTEM_REVOCATION_LIST +++ /dev/null @@ -1,19 +0,0 @@ -# CONFIG_SYSTEM_REVOCATION_LIST: -# -# If set, this allows revocation certificates to be stored in the -# blacklist keyring and implements a hook whereby a PKCS#7 message can -# be checked to see if it matches such a certificate. -# -# Symbol: SYSTEM_REVOCATION_LIST [=n] -# Type : bool -# Defined at certs/Kconfig:86 -# Prompt: Provide system-wide ring of revocation certificates -# Depends on: CRYPTO [=y] && SYSTEM_BLACKLIST_KEYRING [=y] && PKCS7_MESSAGE_PARSER [=y]=y -# Location: -# -> Cryptographic API (CRYPTO [=y]) -# -> Certificates for signature checking -# -> Provide system-wide ring of blacklisted keys (SYSTEM_BLACKLIST_KEYRING [=y]) -# -# -# -# CONFIG_SYSTEM_REVOCATION_LIST is not set diff a/redhat/configs/pending-fedora/generic/CONFIG_SYSTEM_REVOCATION_LIST b/redhat/configs/pending-fedora/generic/CONFIG_SYSTEM_REVOCATION_LIST --- a/redhat/configs/pending-fedora/generic/CONFIG_SYSTEM_REVOCATION_LIST +++ /dev/null @@ -1,19 +0,0 @@ -# CONFIG_SYSTEM_REVOCATION_LIST: -# -# If set, this allows revocation certificates to be stored in the -# blacklist keyring and implements a hook whereby a PKCS#7 message can -# be checked to see if it matches such a certificate. -# -# Symbol: SYSTEM_REVOCATION_LIST [=n] -# Type : bool -# Defined at certs/Kconfig:86 -# Prompt: Provide system-wide ring of revocation certificates -# Depends on: CRYPTO [=y] && SYSTEM_BLACKLIST_KEYRING [=y] && PKCS7_MESSAGE_PARSER [=y]=y -# Location: -# -> Cryptographic API (CRYPTO [=y]) -# -> Certificates for signature checking -# -> Provide system-wide ring of blacklisted keys (SYSTEM_BLACKLIST_KEYRING [=y]) -# -# -# -# CONFIG_SYSTEM_REVOCATION_LIST is not set -- https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1145 _______________________________________________ kernel mailing list -- kernel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to kernel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
