sign-file: Document dependency on OpenSSL devel libraries

The revised sign-file program is no longer a script that wraps the openssl program, but now rather a program that makes use of OpenSSL's crypto library. This means that to build the sign-file program, the kernel build process now has a dependency on the OpenSSL development packages in addition to OpenSSL itself. Document this in Kconfig and in module-signing.txt. Signed-off-by: David Howells <[email protected]> Reviewed-by: David Woodhouse <[email protected]>
chewitt · Aug 12, 2015 · 228c37f · 228c37f
1 parent 99db443
commit 228c37f
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 0 deletions.
diff --git a/Documentation/module-signing.txt b/Documentation/module-signing.txt
@@ -111,6 +111,9 @@ This has a number of options available:
      additional certificates which will be included in the system keyring by
      default.
 
+Note that enabling module signing adds a dependency on the OpenSSL devel
+packages to the kernel build processes for the tool that does the signing.
+
 
 =======================
 GENERATING SIGNING KEYS

diff --git a/init/Kconfig b/init/Kconfig
@@ -1897,6 +1897,10 @@ config MODULE_SIG
 	  is simply appended to the module. For more information see
 	  Documentation/module-signing.txt.
 
+	  Note that this option adds the OpenSSL development packages as a
+	  kernel build dependency so that the signing tool can use its crypto
+	  library.
+
 	  !!!WARNING!!!  If you enable this option, you MUST make sure that the
 	  module DOES NOT get stripped after being signed.  This includes the
 	  debuginfo strip done by some packagers (such as rpmbuild) and