Re: RFC: sign the modules at install time
From: Alexander Holler
Date: Fri Oct 19 2012 - 07:40:22 EST
Am 19.10.2012 13:25, schrieb David Howells:
Stephen Rothwell <sfr@xxxxxxxxxxxxxxxx> wrote:
So, this still generates the keys during the normal build, right? That
would be a problem for build servers that have limited randomness
available to them, I think.
openssl uses /dev/urandom (unlike gpg), so that's less of a problem.
Hmm, please don't forget the case where people want to build the kernel
in some sandbox (like chroot or similiar) where the build-system doesn't
have access to /dev.
I haven't checked what openssl does if that is the case, so maybe the
script which calls it should either offer a verbose error message for
that case, or should be prepared that openssl might fail because of a
missing /dev/urandom.
If that's already done, just ignore my email, I haven't read the
complete thread, sorry.
Regards,
Alexander
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/