[ptxdist] [PATCH] kernel: need openssl since v4.3

mailarchive of the ptxdist mailing list
 help / color / mirror / Atom feed

* [ptxdist] [PATCH] kernel: need openssl since v4.3
@ 2017-03-31 14:30 Markus Niebel
  2017-03-31 14:49 ` Michael Olbrich
  0 siblings, 1 reply; 4+ messages in thread
From: Markus Niebel @ 2017-03-31 14:30 UTC (permalink / raw)
  To: ptxdist; +Cc: Markus Niebel

From: Markus Niebel <Markus.Niebel@tq-group.com>

regarding to https://www.kernel.org/doc/Documentation/Changes
kernel needs openssl to compile since v4.3

Signed-off-by: Markus Niebel <Markus.Niebel@tq-group.com>
---
 platforms/kernel.in | 1 +
 1 file changed, 1 insertion(+)

diff --git a/platforms/kernel.in b/platforms/kernel.in
index 8b16739..69b326f 100644
--- a/platforms/kernel.in
+++ b/platforms/kernel.in
@@ -9,6 +9,7 @@ menuconfig KERNEL
 	select HOST_LZOP		if KERNEL_LZOP
 	select HOST_LIBKMOD		if KERNEL_MODULES
 	select HOST_SYSTEM_BC
+	select HOST_OPENSSL
 	prompt "Linux kernel                  "
 
 if KERNEL
-- 
1.9.1


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [ptxdist] [PATCH] kernel: need openssl since v4.3
  2017-03-31 14:30 [ptxdist] [PATCH] kernel: need openssl since v4.3 Markus Niebel
@ 2017-03-31 14:49 ` Michael Olbrich
  2017-03-31 15:15   ` Markus Niebel
  0 siblings, 1 reply; 4+ messages in thread
From: Michael Olbrich @ 2017-03-31 14:49 UTC (permalink / raw)
  To: ptxdist

On Fri, Mar 31, 2017 at 04:30:48PM +0200, Markus Niebel wrote:
> From: Markus Niebel <Markus.Niebel@tq-group.com>
> 
> regarding to https://www.kernel.org/doc/Documentation/Changes
> kernel needs openssl to compile since v4.3

I think the documentation is a bit misleading. Since v4.3 it needs openssl
development packages _if_ module signing is enabled. Or have you seen
anything else that needs openssl?
If not, then this should be an option like KERNEL_LZOP.

Michael

> Signed-off-by: Markus Niebel <Markus.Niebel@tq-group.com>
> ---
>  platforms/kernel.in | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/platforms/kernel.in b/platforms/kernel.in
> index 8b16739..69b326f 100644
> --- a/platforms/kernel.in
> +++ b/platforms/kernel.in
> @@ -9,6 +9,7 @@ menuconfig KERNEL
>  	select HOST_LZOP		if KERNEL_LZOP
>  	select HOST_LIBKMOD		if KERNEL_MODULES
>  	select HOST_SYSTEM_BC
> +	select HOST_OPENSSL
>  	prompt "Linux kernel                  "
>  
>  if KERNEL
> -- 
> 1.9.1
> 
> 
> _______________________________________________
> ptxdist mailing list
> ptxdist@pengutronix.de

-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [ptxdist] [PATCH] kernel: need openssl since v4.3
  2017-03-31 14:49 ` Michael Olbrich
@ 2017-03-31 15:15   ` Markus Niebel
  2017-03-31 15:22     ` Michael Olbrich
  0 siblings, 1 reply; 4+ messages in thread
From: Markus Niebel @ 2017-03-31 15:15 UTC (permalink / raw)
  To: ptxdist

Hi

Am Freitag, den 31.03.2017, 16:49 +0200 schrieb Michael Olbrich:
> On Fri, Mar 31, 2017 at 04:30:48PM +0200, Markus Niebel wrote:
> > From: Markus Niebel <Markus.Niebel@tq-group.com>
> > 
> > regarding to https://www.kernel.org/doc/Documentation/Changes
> > kernel needs openssl to compile since v4.3
> 
> I think the documentation is a bit misleading. Since v4.3 it needs openssl
> development packages _if_ module signing is enabled. Or have you seen
> anything else that needs openssl?
> If not, then this should be an option like KERNEL_LZOP.
> 

log just from our buildserver (linux 4.6):

HOSTCC  scripts/extract-cert
scripts/sign-file.c:25:30: fatal error: openssl/opensslv.h: No such file or directory
 #include <openssl/opensslv.h>
                              ^
compilation terminated.
scripts/extract-cert.c:21:25: fatal error: openssl/bio.h: No such file or directory
 #include <openssl/bio.h>
                         ^
compilation terminated.
make[2]: *** [scripts/sign-file] Error 1

The compilation is triggered by

hostprogs-$(CONFIG_SYSTEM_TRUSTED_KEYRING) += extract-cert

So I think this is (potentially) wider use case. I'm not the expert for
this kind of stuff. Can send v2 with same approach as KERNEL_LZOP 

Markus

> Michael
> 
> > Signed-off-by: Markus Niebel <Markus.Niebel@tq-group.com>
> > ---
> >  platforms/kernel.in | 1 +
> >  1 file changed, 1 insertion(+)
> > 
> > diff --git a/platforms/kernel.in b/platforms/kernel.in
> > index 8b16739..69b326f 100644
> > --- a/platforms/kernel.in
> > +++ b/platforms/kernel.in
> > @@ -9,6 +9,7 @@ menuconfig KERNEL
> >  	select HOST_LZOP		if KERNEL_LZOP
> >  	select HOST_LIBKMOD		if KERNEL_MODULES
> >  	select HOST_SYSTEM_BC
> > +	select HOST_OPENSSL
> >  	prompt "Linux kernel                  "
> >  
> >  if KERNEL
> > -- 
> > 1.9.1
> > 
> > 
> > _______________________________________________
> > ptxdist mailing list
> > ptxdist@pengutronix.de
> 



_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [ptxdist] [PATCH] kernel: need openssl since v4.3
  2017-03-31 15:15   ` Markus Niebel
@ 2017-03-31 15:22     ` Michael Olbrich
  0 siblings, 0 replies; 4+ messages in thread
From: Michael Olbrich @ 2017-03-31 15:22 UTC (permalink / raw)
  To: ptxdist

On Fri, Mar 31, 2017 at 05:15:29PM +0200, Markus Niebel wrote:
> Am Freitag, den 31.03.2017, 16:49 +0200 schrieb Michael Olbrich:
> > On Fri, Mar 31, 2017 at 04:30:48PM +0200, Markus Niebel wrote:
> > > From: Markus Niebel <Markus.Niebel@tq-group.com>
> > > 
> > > regarding to https://www.kernel.org/doc/Documentation/Changes
> > > kernel needs openssl to compile since v4.3
> > 
> > I think the documentation is a bit misleading. Since v4.3 it needs openssl
> > development packages _if_ module signing is enabled. Or have you seen
> > anything else that needs openssl?
> > If not, then this should be an option like KERNEL_LZOP.
> > 
> 
> log just from our buildserver (linux 4.6):
> 
> HOSTCC  scripts/extract-cert
> scripts/sign-file.c:25:30: fatal error: openssl/opensslv.h: No such file or directory
>  #include <openssl/opensslv.h>
>                               ^
> compilation terminated.
> scripts/extract-cert.c:21:25: fatal error: openssl/bio.h: No such file or directory
>  #include <openssl/bio.h>
>                          ^
> compilation terminated.
> make[2]: *** [scripts/sign-file] Error 1
> 
> The compilation is triggered by
> 
> hostprogs-$(CONFIG_SYSTEM_TRUSTED_KEYRING) += extract-cert
> 
> So I think this is (potentially) wider use case. I'm not the expert for
> this kind of stuff. Can send v2 with same approach as KERNEL_LZOP 

This is for module/image signing and for integrity stuff like IMA. I don't
think this is always needed. So please provide a v2.

mfg,
Michael

-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2017-03-31 15:22 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-03-31 14:30 [ptxdist] [PATCH] kernel: need openssl since v4.3 Markus Niebel
2017-03-31 14:49 ` Michael Olbrich
2017-03-31 15:15   ` Markus Niebel
2017-03-31 15:22     ` Michael Olbrich

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox