aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2017-03-19 15:13:12 -0400
committerJack Lloyd <[email protected]>2017-03-19 15:13:12 -0400
commiteea97459a6044e83897d8d5eb4a3111d0dc6aae9 (patch)
tree0b7c51ce44155d9ed10d58e8440c585b7097ef16
parent6817d1a2332b822e7f12e8904ad8e27081d6c827 (diff)
parent780dd7c611c53b66ed4ceb6614ae806941883fcc (diff)
Merge GH #924 Add note about RNGs and minimized builds
-rw-r--r--doc/manual/building.rst14
1 files changed, 12 insertions, 2 deletions
diff --git a/doc/manual/building.rst b/doc/manual/building.rst
index d13cabd35..804b421f0 100644
--- a/doc/manual/building.rst
+++ b/doc/manual/building.rst
@@ -61,10 +61,11 @@ we might see lines like::
INFO: Skipping, requires external dependency - boost bzip2 lzma sqlite3 tpm
The ones that are skipped because they are require an external
-depedency have to be explicitly asked for, because they rely on third
+dependency have to be explicitly asked for, because they rely on third
party libraries which your system might not have or that you might not
want the resulting binary to depend on. For instance to enable zlib
support, add ``--with-zlib`` to your invocation of ``configure.py``.
+All available modules can be listed with ``--list-modules``.
You can control which algorithms and modules are built using the
options ``--enable-modules=MODS`` and ``--disable-modules=MODS``, for
@@ -84,7 +85,16 @@ For instance::
will set up a build that only includes RSA, OAEP, PSS along with any
required dependencies. A small subset of core features, including AES,
SHA-2, HMAC, and the multiple precision integer library, are always
-loaded.
+loaded. Note that a minimized build does not include any random number
+generator, which is needed for example to generate keys, nonces and IVs.
+See :doc:`rng` on which random number generators are available.
+
+The option ``--module-policy=POL`` enables modules required by and
+disables modules prohibited by a text policy in ``src/build-data/policy``.
+Additional modules can be enabled if not prohibited by the policy.
+Currently available policies include ``bsi``, ``nist`` and ``modern``::
+
+ $ ./configure.py --module-policy=bsi --enable-modules=tls,xts
The script tries to guess what kind of makefile to generate, and it
almost always guesses correctly (basically, Visual C++ uses NMAKE with