From: David Howells <[email protected]> Sent: Sunday, February 1, 2026 8:45 AM
>
> Michael Kelley <[email protected]> wrote:
>
> > I'm building linux-next20260130, which has this patch, and get the
> > following errors:
> >
> > HOSTCC scripts/sign-file
> > scripts/sign-file.c: In function 'main':
> > scripts/sign-file.c:282:25: error: 'CMS_NO_SIGNING_TIME' undeclared (first
> > use in this function)
> > ...
> > The problem is that I'm running on Ubuntu 20.04, with this openssl:
> >
> > # openssl version
> > OpenSSL 1.1.1f 31 Mar 2020
>
> The problem probably isn't this patch, it's almost certainly due to:
>
> d7afd65b4acc7 ("sign-file: Use only the OpenSSL CMS API for signing")
>
> in the modules tree. It removes support for PKCS#7 signature generation.
>
> Were you using PKCS#7 with SHA1?
>
If I comment out code from 7ca1c9dcb7b0 as follows, sign-file.c will build. The
kernel will then build and run. I'm doing dev/test builds with no need to sign
anything. MODULE_SIG_ALL is not set.
diff --git a/scripts/sign-file.c b/scripts/sign-file.c
index 5391b5b7e178..724944cf8a26 100644
--- a/scripts/sign-file.c
+++ b/scripts/sign-file.c
@@ -279,18 +279,15 @@ int main(int argc, char **argv)
CMS_DETACHED |
CMS_STREAM |
CMS_NOSMIMECAP |
- CMS_NO_SIGNING_TIME |
+ /* CMS_NO_SIGNING_TIME | */
use_keyid;
- if ((EVP_PKEY_is_a(private_key, "ML-DSA-44") ||
+/* if ((EVP_PKEY_is_a(private_key, "ML-DSA-44") ||
EVP_PKEY_is_a(private_key, "ML-DSA-65") ||
EVP_PKEY_is_a(private_key, "ML-DSA-87")) &&
- OPENSSL_VERSION_MAJOR < 4) {
- /* ML-DSA + CMS_NOATTR is not supported in openssl-3.5
- * and before.
- */
+ OPENSSL_VERSION_MAJOR < 4) {
use_signed_attrs = 0;
- }
+ } */
Pardon my ignorance of the signing details, but I don't see an indication
of having selected PKCS#7 with SHA1 in my .config. What am I looking for?
Michael
