Re: [RFC PATCH v1] module: sign with sha512 by default to avoid build errors

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Oct 10, 2024 at 10:29 AM Sedat Dilek <sedat.dilek@xxxxxxxxx> wrote:
>
> On Thu, Oct 10, 2024 at 10:19 AM Thorsten Leemhuis <linux@xxxxxxxxxxxxx> wrote:
> >
> > On 10.10.24 09:00, Thorsten Leemhuis wrote:
> > > Avoid build errors with allmodconfig on Fedora Linux 41+ by reordering
> > > the Kconfig choices so modules are signed with sha512 by default. That
> > > way sha1 will be avoided, which beforehand was chosen by default on
> > > x86_64 when running allmodconfig -- which on the latest Fedora leads to
> > > the following build error when building the certs/ directory:
> > > [...]
> > > Link: https://fedoraproject.org/wiki/Changes/OpenSSLDistrustsha1SigVer [1]
> >
> > Sorry, one search-and-replace went to far, this is meant to be:
> > https://fedoraproject.org/wiki/Changes/OpenSSLDistrustSHA1SigVer
> >
> > Ciao, Thorsten
> >
>
> Hi Thorsten,
>
> That was wrong in the original code which you moved:
>
> +config MODULE_SIG_SHA384
> +       bool "SHA-384"
> +       select CRYPTO_SHA512 <--- SHA*384*
>
> BR,
> -sed@-

Thorsten, please fix it!

-sed@-

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/kernel/module/Kconfig#n249
https://git.kernel.org/linus/ea0b6dcf71d216dc11733ac19b26df0f5d0fd6c2





[Index of Archives]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [Big List of Linux Books]

  Powered by Linux