From: Alexander Holler <holler@ahsoftware.de>
To: David Howells <dhowells@redhat.com>
Cc: Stephen Rothwell <sfr@canb.auug.org.au>,
Rusty Russell <rusty@rustcorp.com.au>,
Linus Torvalds <torvalds@linux-foundation.org>,
David Miller <davem@davemloft.net>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: RFC: sign the modules at install time
Date: Fri, 19 Oct 2012 13:40:05 +0200 [thread overview]
Message-ID: <50813C15.1000202@ahsoftware.de> (raw)
In-Reply-To: <2201.1350645923@warthog.procyon.org.uk>
Am 19.10.2012 13:25, schrieb David Howells:
> Stephen Rothwell <sfr@canb.auug.org.au> wrote:
>
>> So, this still generates the keys during the normal build, right? That
>> would be a problem for build servers that have limited randomness
>> available to them, I think.
>
> openssl uses /dev/urandom (unlike gpg), so that's less of a problem.
Hmm, please don't forget the case where people want to build the kernel
in some sandbox (like chroot or similiar) where the build-system doesn't
have access to /dev.
I haven't checked what openssl does if that is the case, so maybe the
script which calls it should either offer a verbose error message for
that case, or should be prepared that openssl might fail because of a
missing /dev/urandom.
If that's already done, just ignore my email, I haven't read the
complete thread, sorry.
Regards,
Alexander
next prev parent reply other threads:[~2012-10-19 11:40 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-10-17 20:36 RFC: sign the modules at install time Linus Torvalds
2012-10-17 22:19 ` David Howells
2012-10-17 22:44 ` Linus Torvalds
2012-10-18 0:54 ` Greg KH
2012-10-18 3:14 ` Linus Torvalds
2012-10-18 3:18 ` Linus Torvalds
2012-10-18 4:34 ` Rusty Russell
2012-10-18 17:16 ` Greg KH
2012-10-18 4:31 ` Rusty Russell
2012-10-18 12:11 ` Josh Boyer
2012-10-18 16:29 ` Linus Torvalds
2012-10-19 0:20 ` Rusty Russell
2012-10-19 11:21 ` David Howells
2012-10-21 23:51 ` Rusty Russell
2012-10-20 16:41 ` Romain Francoise
2012-10-20 16:47 ` Linus Torvalds
2012-10-17 22:26 ` Josh Boyer
2012-10-17 23:07 ` Linus Torvalds
2012-10-17 23:20 ` Josh Boyer
2012-10-17 23:25 ` Linus Torvalds
2012-10-17 23:44 ` Linus Torvalds
2012-10-18 0:06 ` Linus Torvalds
2012-10-17 23:21 ` Linus Torvalds
2012-10-18 0:13 ` Josh Boyer
2012-10-18 4:41 ` Rusty Russell
2012-10-18 1:17 ` Rusty Russell
2012-10-18 3:27 ` Linus Torvalds
2012-10-18 5:34 ` Rusty Russell
2012-10-18 18:46 ` Linus Torvalds
2012-10-18 19:58 ` Josh Boyer
2012-10-19 0:48 ` Rusty Russell
2012-10-19 11:44 ` Josh Boyer
2012-10-19 1:16 ` Rusty Russell
2012-10-19 11:49 ` Josh Boyer
2012-10-19 1:23 ` Rusty Russell
2012-10-19 3:21 ` Stephen Rothwell
2012-10-19 11:25 ` David Howells
2012-10-19 11:30 ` Stephen Rothwell
2012-10-19 11:40 ` Alexander Holler [this message]
2012-10-20 3:53 ` Rusty Russell
2012-10-19 19:58 ` Linus Torvalds
2012-10-19 22:04 ` Linus Torvalds
2012-10-22 0:28 ` Rusty Russell
-- strict thread matches above, loose matches on Subject: below --
2012-10-18 21:31 George Spelvin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=50813C15.1000202@ahsoftware.de \
--to=holler@ahsoftware.de \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=rusty@rustcorp.com.au \
--cc=sfr@canb.auug.org.au \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.