Re: [RFC PATCH v1] module: sign with sha512 by default to avoid build errors

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Oct 10, 2024 at 10:19 AM Thorsten Leemhuis <linux@xxxxxxxxxxxxx> wrote:
>
> On 10.10.24 09:00, Thorsten Leemhuis wrote:
> > Avoid build errors with allmodconfig on Fedora Linux 41+ by reordering
> > the Kconfig choices so modules are signed with sha512 by default. That
> > way sha1 will be avoided, which beforehand was chosen by default on
> > x86_64 when running allmodconfig -- which on the latest Fedora leads to
> > the following build error when building the certs/ directory:
> > [...]
> > Link: https://fedoraproject.org/wiki/Changes/OpenSSLDistrustsha1SigVer [1]
>
> Sorry, one search-and-replace went to far, this is meant to be:
> https://fedoraproject.org/wiki/Changes/OpenSSLDistrustSHA1SigVer
>
> Ciao, Thorsten
>

Hi Thorsten,

That was wrong in the original code which you moved:

+config MODULE_SIG_SHA384
+       bool "SHA-384"
+       select CRYPTO_SHA512 <--- SHA*384*

BR,
-sed@-





[Index of Archives]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [Big List of Linux Books]

  Powered by Linux