Re: [opensuse-factory] Re: Issue with Kernel 4.15.1 from the Kernel:stable Repo
On Fri, Feb 9, 2018 at 3:19 PM, Mischa Salle <mischa.salle@gmail.com> wrote:
Also, why is extract-cert now build, which it wasn't before?
It was always built, just Factory now switched to openssl 1.1. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Fri, Feb 9, 2018 at 1:27 PM, Andrei Borzenkov <arvidjaar@gmail.com> wrote:
On Fri, Feb 9, 2018 at 3:19 PM, Mischa Salle <mischa.salle@gmail.com> wrote:
Also, why is extract-cert now build, which it wasn't before?
It was always built, just Factory now switched to openssl 1.1.
It's not there in kernel-default-devel-4.14.15-5.1.g9a6fca5.x86_64 (build Mon 29 Jan 2018 01:00:00 PM CET). The switch to OpenSSL 1.1 was I think in November... Mischa -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Am Freitag, 9. Februar 2018, 15:27:57 schrieb Andrei Borzenkov:
On Fri, Feb 9, 2018 at 3:19 PM, Mischa Salle <mischa.salle@gmail.com> wrote:
Also, why is extract-cert now build, which it wasn't before?
It was always built, just Factory now switched to openssl 1.1. I can't find it in kernel-default-devel-4.14.14-1.1.geef6178
-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Am 09.02.2018 um 13:27 schrieb Andrei Borzenkov:
On Fri, Feb 9, 2018 at 3:19 PM, Mischa Salle <mischa.salle@gmail.com> wrote:
Also, why is extract-cert now build, which it wasn't before?
It was always built, just Factory now switched to openssl 1.1.
No, AFAICT from rpm changelog, CONFIG_SYSTEM_TRUSTED_KEYRING was disabled, until 4.15rc1, when INTEGRITY_TRUSTED_KEYRING=y was configured which in turn depends on CONFIG_SYSTEM_TRUSTED_KEYRING. extract-certs is only built if CONFIG_SYSTEM_TRUSTED_KEYRING!=n I have no Idea what INTEGRITY_TRUSTED_KEYRING is good for, but maybe it (and SYSTEM_TRUSTED_KEYRING) could just be disabled again for general-purpose kernels? -- Stefan Seyfried "For a successful technology, reality must take precedence over public relations, for nature cannot be fooled." -- Richard Feynman -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
09.02.2018 21:27, Stefan Seyfried пишет:
Am 09.02.2018 um 13:27 schrieb Andrei Borzenkov:
On Fri, Feb 9, 2018 at 3:19 PM, Mischa Salle <mischa.salle@gmail.com> wrote:
Also, why is extract-cert now build, which it wasn't before?
It was always built, just Factory now switched to openssl 1.1.
No, AFAICT from rpm changelog, CONFIG_SYSTEM_TRUSTED_KEYRING was disabled, until 4.15rc1, when INTEGRITY_TRUSTED_KEYRING=y was configured which in turn depends on CONFIG_SYSTEM_TRUSTED_KEYRING.
extract-certs is only built if CONFIG_SYSTEM_TRUSTED_KEYRING!=n
I have no Idea what INTEGRITY_TRUSTED_KEYRING is good for, but maybe it (and SYSTEM_TRUSTED_KEYRING) could just be disabled again for general-purpose kernels?
As far as I can tell it is pulled in by CONFIG_CFG80211_REQUIRE_SIGNED_REGDB which defaults to "y" in 4.15 and came in with commit 90a53e4432b12288316efaa5f308adafb8d304b0 Author: Johannes Berg <johannes.berg@intel.com> Date: Wed Sep 13 22:21:08 2017 +0200 cfg80211: implement regdb signature checking +config CFG80211_REQUIRE_SIGNED_REGDB + bool "require regdb signature" if CFG80211_CERTIFICATION_ONUS + default y + select SYSTEM_DATA_VERIFICATION SYSTEM_DATA_VERIFICATION in turn pulls in SYTSEM_TRISTED_KEYRING I wonder if this can be related to mysterious wireless failures with 4.15 some people reported. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Andrei Borzenkov wrote:
09.02.2018 21:27, Stefan Seyfried пишет:
Am 09.02.2018 um 13:27 schrieb Andrei Borzenkov:
On Fri, Feb 9, 2018 at 3:19 PM, Mischa Salle <mischa.salle@gmail.com> wrote:
Also, why is extract-cert now build, which it wasn't before?
It was always built, just Factory now switched to openssl 1.1.
No, AFAICT from rpm changelog, CONFIG_SYSTEM_TRUSTED_KEYRING was disabled, until 4.15rc1, when INTEGRITY_TRUSTED_KEYRING=y was configured which in turn depends on CONFIG_SYSTEM_TRUSTED_KEYRING.
extract-certs is only built if CONFIG_SYSTEM_TRUSTED_KEYRING!=n
I have no Idea what INTEGRITY_TRUSTED_KEYRING is good for, but maybe it (and SYSTEM_TRUSTED_KEYRING) could just be disabled again for general-purpose kernels?
As far as I can tell it is pulled in by CONFIG_CFG80211_REQUIRE_SIGNED_REGDB which defaults to "y" in 4.15 and came in with
commit 90a53e4432b12288316efaa5f308adafb8d304b0 [..] I wonder if this can be related to mysterious wireless failures with 4.15 some people reported.
Hmm, and I wonder whether this causes my eth0 device not working after a resume from suspend mode. Ciao, Michael.
participants (5)
-
Andrei Borzenkov -
Markus Koßmann -
Michael Ströder -
Mischa Salle -
Stefan Seyfried