test libressl, step 1

kernel.spec

@@ -11,7 +11,7 @@
 %define sublevel	11
 
 # Release number. Increase this before a rebuild.
-%define rpmrel		5
+%define rpmrel		6
 %define fullrpmrel	%{rpmrel}
 
 %define rpmtag		%{disttag}
@@ -252,8 +252,11 @@ BuildRequires:		pkgconfig(libcrypto)
 %endif
 
 %if %{enhanced_security}
-# To generate keys
+# (To generate keys)
-BuildRequires:		openssl
+# LibreSSL has GOST support without making additional configuration that
+# OpenSSL requires and which is not possible to be done inside a spec file
+# because editing /etc/pki/tls/openssl.cnf is not possible.
+BuildRequires:		libressl
 # To verify signatures (find, xargs, hexdump)
 BuildRequires:		findutils util-linux
 %endif
@@ -795,7 +798,7 @@ echo CONFIG_MODULE_SIG_FORCE=n >> .config
 echo CONFIG_MODULE_SIG_ALL=y >> .config
 # Use SHA-512 algo
 echo CONFIG_MODULE_SIG_SHA512=y >> .config
-# Set path to the key that will be generated later by openssl
+# Set path to the key that will be generated later by openssl/libressl
 echo CONFIG_MODULE_SIG_KEY=\"%{certs_signing_key_rnd}\" >> .config
 # Set path to one PEM file with all keys that the kernel must trust
 sed -i '/CONFIG_SYSTEM_TRUSTED_KEYS/d' .config
@@ -923,7 +926,7 @@ authorityKeyIdentifier=keyid
 EOF
 cat "%{certs_key_config_rnd}"
 
-openssl req -new -nodes -utf8 -batch -x509 \
+libressl req -new -nodes -utf8 -batch -x509 \
 	-days 109500 \
 	-config "%{certs_key_config_rnd}" \
 	-outform PEM \