Re: [RFC PATCH v1] module: sign with sha512 by default to avoid build errors

From: Sedat Dilek
Date: Thu Oct 10 2024 - 04:47:36 EST

Next message: Paolo Abeni: "Re: [PATCH net-next v2 0/7] net: ip: add drop reasons to input route"
Previous message: K Prateek Nayak: "[PATCH 3/3] sched/core: Indicate a sched_delayed task was migrated before wakeup"
In reply to: Thorsten Leemhuis: "Re: [RFC PATCH v1] module: sign with sha512 by default to avoid build errors"
Next in thread: Sedat Dilek: "Re: [RFC PATCH v1] module: sign with sha512 by default to avoid build errors"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Oct 10, 2024 at 10:19 AM Thorsten Leemhuis <linux@xxxxxxxxxxxxx> wrote:
>
> On 10.10.24 09:00, Thorsten Leemhuis wrote:
> > Avoid build errors with allmodconfig on Fedora Linux 41+ by reordering
> > the Kconfig choices so modules are signed with sha512 by default. That
> > way sha1 will be avoided, which beforehand was chosen by default on
> > x86_64 when running allmodconfig -- which on the latest Fedora leads to
> > the following build error when building the certs/ directory:
> > [...]
> > Link: https://fedoraproject.org/wiki/Changes/OpenSSLDistrustsha1SigVer [1]
>
> Sorry, one search-and-replace went to far, this is meant to be:
> https://fedoraproject.org/wiki/Changes/OpenSSLDistrustSHA1SigVer
>
> Ciao, Thorsten
>

Hi Thorsten,

That was wrong in the original code which you moved:

+config MODULE_SIG_SHA384
+ bool "SHA-384"
+ select CRYPTO_SHA512 <--- SHA*384*

BR,
-sed@-

Next message: Paolo Abeni: "Re: [PATCH net-next v2 0/7] net: ip: add drop reasons to input route"
Previous message: K Prateek Nayak: "[PATCH 3/3] sched/core: Indicate a sched_delayed task was migrated before wakeup"
In reply to: Thorsten Leemhuis: "Re: [RFC PATCH v1] module: sign with sha512 by default to avoid build errors"
Next in thread: Sedat Dilek: "Re: [RFC PATCH v1] module: sign with sha512 by default to avoid build errors"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]