Re: [RFC PATCH v1] module: sign with sha512 by default to avoid build errors
From: Sedat Dilek
Date: Thu Oct 10 2024 - 04:53:30 EST
On Thu, Oct 10, 2024 at 10:29 AM Sedat Dilek <sedat.dilek@xxxxxxxxx> wrote:
>
> On Thu, Oct 10, 2024 at 10:19 AM Thorsten Leemhuis <linux@xxxxxxxxxxxxx> wrote:
> >
> > On 10.10.24 09:00, Thorsten Leemhuis wrote:
> > > Avoid build errors with allmodconfig on Fedora Linux 41+ by reordering
> > > the Kconfig choices so modules are signed with sha512 by default. That
> > > way sha1 will be avoided, which beforehand was chosen by default on
> > > x86_64 when running allmodconfig -- which on the latest Fedora leads to
> > > the following build error when building the certs/ directory:
> > > [...]
> > > Link: https://fedoraproject.org/wiki/Changes/OpenSSLDistrustsha1SigVer [1]
> >
> > Sorry, one search-and-replace went to far, this is meant to be:
> > https://fedoraproject.org/wiki/Changes/OpenSSLDistrustSHA1SigVer
> >
> > Ciao, Thorsten
> >
>
> Hi Thorsten,
>
> That was wrong in the original code which you moved:
>
> +config MODULE_SIG_SHA384
> + bool "SHA-384"
> + select CRYPTO_SHA512 <--- SHA*384*
>
> BR,
> -sed@-
Thorsten, please fix it!
-sed@-
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/kernel/module/Kconfig#n249
https://git.kernel.org/linus/ea0b6dcf71d216dc11733ac19b26df0f5d0fd6c2