sign-file: Document dependency on OpenSSL devel libraries

The revised sign-file program is no longer a script that wraps the openssl
program, but now rather a program that makes use of OpenSSL's crypto
library.  This means that to build the sign-file program, the kernel build
process now has a dependency on the OpenSSL development packages in
addition to OpenSSL itself.

Document this in Kconfig and in module-signing.txt.

Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: David Woodhouse <David.Woodhouse@intel.com>

diff --git a/Documentation/module-signing.txt b/Documentation/module-signing.txt
index 4e62bc29666ec59128b737da2e527b91d0f96bb8..02a9baf1c72fd078f60a127efb182c44c290c338 100644 (file)
--- a/Documentation/module-signing.txt
+++ b/Documentation/module-signing.txt
@@ -111,6 +111,9 @@ This has a number of options available:
      additional certificates which will be included in the system keyring by
      default.
 
+Note that enabling module signing adds a dependency on the OpenSSL devel
+packages to the kernel build processes for the tool that does the signing.
+
 
 =======================
 GENERATING SIGNING KEYS

diff --git a/init/Kconfig b/init/Kconfig
index 62b725653c36db335b6f1bbf6e5cc6535aea68bd..5d1a703663ad982bd479461701355916659ae531 100644 (file)
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1897,6 +1897,10 @@ config MODULE_SIG
          is simply appended to the module. For more information see
          Documentation/module-signing.txt.
 
+         Note that this option adds the OpenSSL development packages as a
+         kernel build dependency so that the signing tool can use its crypto
+         library.
+
          !!!WARNING!!!  If you enable this option, you MUST make sure that the
          module DOES NOT get stripped after being signed.  This includes the
          debuginfo strip done by some packagers (such as rpmbuild) and