From: Ingo Molnar <mingo@kernel.org>
To: David Howells <dhowells@redhat.com>
Cc: "Valdis Klētnieks" <valdis.kletnieks@vt.edu>,
"David Woodhouse" <dwmw2@infradead.org>,
keyrings@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: 'make O=' indigestion with module signing
Date: Sun, 9 May 2021 18:19:14 +0200 [thread overview]
Message-ID: <20210509161914.GB839293@gmail.com> (raw)
In-Reply-To: <20210509151556.GA842014@gmail.com>
* Ingo Molnar <mingo@kernel.org> wrote:
> Correction - there appears to be something else going on, but the
> error messages are similar:
>
> At main.c:291:
> - SSL error:02001002:system library:fopen:No such file or directory: ../crypto/bio/bss_file.c:69
> - SSL error:2006D080:BIO routines:BIO_new_file:no such file: ../crypto/bio/bss_file.c:76
> sign-file: debian/linux-image/lib/modules/5.12.0-custom/kernel/arch/x86/crypto/aegis128-aesni.ko: No such file or directory
> At main.c:291:
>
> The error messages look pretty obscure to me. :-/
I didn't find any stray build files left in the tree, so 'make mrproper'
is innocent I believe.
I ended up with the config tweak below to get the kernel package to build,
which is not an ideal solution. :-/
Let me know if you'd like me to send you the .config and/or any diagnostic
messages or other details.
Thanks,
Ingo
diff --git a/.config.kepler.ubuntu b/.config.kepler.ubuntu
index 01347a220e54..846a956fcdbd 100644
--- a/.config.kepler.ubuntu
+++ b/.config.kepler.ubuntu
@@ -880,9 +880,8 @@ CONFIG_MODULE_UNLOAD=y
# CONFIG_MODULE_FORCE_UNLOAD is not set
# CONFIG_MODVERSIONS is not set
CONFIG_MODULE_SRCVERSION_ALL=y
-CONFIG_MODULE_SIG=y
-# CONFIG_MODULE_SIG_FORCE is not set
-CONFIG_MODULE_SIG_ALL=y
+# CONFIG_MODULE_SIG is not set
+# CONFIG_MODULE_SIG_ALL is not set
# CONFIG_MODULE_SIG_SHA1 is not set
# CONFIG_MODULE_SIG_SHA224 is not set
# CONFIG_MODULE_SIG_SHA256 is not set
@@ -10177,11 +10176,7 @@ CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y
# CONFIG_SECURITY_LOADPIN is not set
CONFIG_SECURITY_YAMA=y
CONFIG_SECURITY_SAFESETID=y
-CONFIG_SECURITY_LOCKDOWN_LSM=y
-CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
-CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y
-# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set
-# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set
+# CONFIG_SECURITY_LOCKDOWN_LSM is not set
# CONFIG_SECURITY_LANDLOCK is not set
CONFIG_INTEGRITY=y
CONFIG_INTEGRITY_SIGNATURE=y
next prev parent reply other threads:[~2021-05-09 16:19 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-11 6:32 'make O=' indigestion with module signing Valdis Klētnieks
2021-03-11 9:34 ` David Howells
2021-03-11 9:51 ` Valdis Klētnieks
2021-03-11 10:49 ` David Howells
2021-03-11 11:44 ` Valdis Klētnieks
2021-03-11 12:04 ` David Howells
2021-03-12 0:55 ` Valdis Klētnieks
2021-03-12 9:01 ` David Howells
2021-03-12 9:06 ` Valdis Klētnieks
2021-03-12 11:19 ` [PATCH] certs: Clean up signing_key.pem and x509.genkey on make mrproper David Howells
2021-05-09 15:11 ` 'make O=' indigestion with module signing Ingo Molnar
2021-05-09 15:15 ` Ingo Molnar
2021-05-09 16:19 ` Ingo Molnar [this message]
2021-05-10 12:41 ` Ingo Molnar
2021-03-11 13:31 ` David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210509161914.GB839293@gmail.com \
--to=mingo@kernel.org \
--cc=dhowells@redhat.com \
--cc=dwmw2@infradead.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=valdis.kletnieks@vt.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).