From 228c37ff980f5643401a1667f5ab7c6f38602cf8 Mon Sep 17 00:00:00 2001
From: David Howells <dhowells@redhat.com>
Date: Tue, 11 Aug 2015 12:38:54 +0100
Subject: sign-file: Document dependency on OpenSSL devel libraries

The revised sign-file program is no longer a script that wraps the openssl
program, but now rather a program that makes use of OpenSSL's crypto
library.  This means that to build the sign-file program, the kernel build
process now has a dependency on the OpenSSL development packages in
addition to OpenSSL itself.

Document this in Kconfig and in module-signing.txt.

Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: David Woodhouse <David.Woodhouse@intel.com>
---
 init/Kconfig | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'init')

diff --git a/init/Kconfig b/init/Kconfig
index 62b725653c36..5d1a703663ad 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1897,6 +1897,10 @@ config MODULE_SIG
 	  is simply appended to the module. For more information see
 	  Documentation/module-signing.txt.
 
+	  Note that this option adds the OpenSSL development packages as a
+	  kernel build dependency so that the signing tool can use its crypto
+	  library.
+
 	  !!!WARNING!!!  If you enable this option, you MUST make sure that the
 	  module DOES NOT get stripped after being signed.  This includes the
 	  debuginfo strip done by some packagers (such as rpmbuild) and
-- 
cgit v1.2.3