Summary: | sys-kernel/gentoo-sources sign-file: full functionality with modern LibreSSL [PATCH] | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | David Duchesne <aether> |
Component: | Current packages | Assignee: | Gentoo Kernel Bug Wranglers and Kernel Maintainers <kernel> |
Status: | RESOLVED FIXED | ||
Severity: | enhancement | CC: | jstein, progenyx |
Priority: | Normal | Keywords: | InVCS |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | gentoo-sources-5.6.15 | ||
Package list: | Runtime testing required: | --- |
Description
David Duchesne
2020-04-12 04:30:15 UTC
Actually, CMS functionality is included in LibreSSL since version 3.0.2. The kernel team doesn't need to wait for 3.1.0 to stabilize before they update the sign-file. (In reply to Progenyx from comment #1) > Actually, CMS functionality is included in LibreSSL since version 3.0.2. The > kernel team doesn't need to wait for 3.1.0 to stabilize before they update > the sign-file. Ah! Thanks for pointing this out. I hadn't noticed that. It will save me rebuild against Libressl 3.1.0 for my other machines for now. > CMS functionality is included in LibreSSL since version 3.0.2
AFAIK in 3.0.2 CMS support is partial and disabled by default.
(In reply to Stefan Strogin from comment #3) > > CMS functionality is included in LibreSSL since version 3.0.2 > > AFAIK in 3.0.2 CMS support is partial and disabled by default. Indeed. I tried the kernel patch with Libressl 3.0.2, it doesn't work. You need 3.1.0 to make it work. This will be in gentoo-sources-5.6.15 commit dee616e55bf3f2ced4f2f4688df60626ed2f6a29 (HEAD -> 5.6, origin/5.6) Author: Mike Pagano <mpagano@gentoo.org> Date: Wed May 20 19:10:07 2020 -0400 sign-file: full functionality with modern LibreSSL Bug: https://bugs.gentoo.org/717166 Signed-off-by: Mike Pagano <mpagano@gentoo.org> (In reply to Mike Pagano from comment #5) > This will be in gentoo-sources-5.6.15 > > > commit dee616e55bf3f2ced4f2f4688df60626ed2f6a29 (HEAD -> 5.6, origin/5.6) > Author: Mike Pagano <mpagano@gentoo.org> > Date: Wed May 20 19:10:07 2020 -0400 > > sign-file: full functionality with modern LibreSSL > > Bug: https://bugs.gentoo.org/717166 > > Signed-off-by: Mike Pagano <mpagano@gentoo.org> Great. Thanks Mike. Any chance this is included for LTS kernel too ? Because I use 5.4.x on all my machines. (In reply to David Duchesne from comment #6) > > Great. Thanks Mike. > Any chance this is included for LTS kernel too ? Because I use 5.4.x on all > my machines. That usually depends on whether it's been added to the stable-queue repos that GregKH maintains, as we try not to carry too many custom patches in Gentoo. That said, there's nothing stopping you adding it to /etc/portage/patches/<> https://wiki.gentoo.org/wiki//etc/portage/patches ;) Added to 5.4 and 5.6. Closing. commit fc41eb3ddc9a0920c23174ef59d9a20cd6415e09 Author: Mike Pagano <mpagano@gentoo.org> Date: Tue Jun 2 07:36:46 2020 -0400 sign-file: full functionality with modern LibreSSL Bug: https://bugs.gentoo.org/717166 Signed-off-by: Mike Pagano <mpagano@gentoo.org> |