From: Ingo Molnar <mingo@kernel.org>
To: David Howells <dhowells@redhat.com>
Cc: "Valdis Klētnieks" <valdis.kletnieks@vt.edu>,
"David Woodhouse" <dwmw2@infradead.org>,
keyrings@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: 'make O=' indigestion with module signing
Date: Sun, 9 May 2021 18:19:14 +0200 [thread overview]
Message-ID: <20210509161914.GB839293@gmail.com> (raw)
In-Reply-To: <20210509151556.GA842014@gmail.com>
* Ingo Molnar <mingo@kernel.org> wrote:
> Correction - there appears to be something else going on, but the
> error messages are similar:
>
> At main.c:291:
> - SSL error:02001002:system library:fopen:No such file or directory: ../crypto/bio/bss_file.c:69
> - SSL error:2006D080:BIO routines:BIO_new_file:no such file: ../crypto/bio/bss_file.c:76
> sign-file: debian/linux-image/lib/modules/5.12.0-custom/kernel/arch/x86/crypto/aegis128-aesni.ko: No such file or directory
> At main.c:291:
>
> The error messages look pretty obscure to me. :-/
I didn't find any stray build files left in the tree, so 'make mrproper'
is innocent I believe.
I ended up with the config tweak below to get the kernel package to build,
which is not an ideal solution. :-/
Let me know if you'd like me to send you the .config and/or any diagnostic
messages or other details.
Thanks,
Ingo
diff --git a/.config.kepler.ubuntu b/.config.kepler.ubuntu
index 01347a220e54..846a956fcdbd 100644
--- a/.config.kepler.ubuntu
+++ b/.config.kepler.ubuntu
@@ -880,9 +880,8 @@ CONFIG_MODULE_UNLOAD=y
# CONFIG_MODULE_FORCE_UNLOAD is not set
# CONFIG_MODVERSIONS is not set
CONFIG_MODULE_SRCVERSION_ALL=y
-CONFIG_MODULE_SIG=y
-# CONFIG_MODULE_SIG_FORCE is not set
-CONFIG_MODULE_SIG_ALL=y
+# CONFIG_MODULE_SIG is not set
+# CONFIG_MODULE_SIG_ALL is not set
# CONFIG_MODULE_SIG_SHA1 is not set
# CONFIG_MODULE_SIG_SHA224 is not set
# CONFIG_MODULE_SIG_SHA256 is not set
@@ -10177,11 +10176,7 @@ CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y
# CONFIG_SECURITY_LOADPIN is not set
CONFIG_SECURITY_YAMA=y
CONFIG_SECURITY_SAFESETID=y
-CONFIG_SECURITY_LOCKDOWN_LSM=y
-CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
-CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y
-# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set
-# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set
+# CONFIG_SECURITY_LOCKDOWN_LSM is not set
# CONFIG_SECURITY_LANDLOCK is not set
CONFIG_INTEGRITY=y
CONFIG_INTEGRITY_SIGNATURE=y
next prev parent reply other threads:[~2021-05-09 16:19 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-11 6:32 'make O=' indigestion with module signing Valdis Klētnieks
2021-03-11 9:34 ` David Howells
2021-03-11 9:51 ` Valdis Klētnieks
2021-03-11 10:49 ` David Howells
2021-03-11 11:44 ` Valdis Klētnieks
2021-03-11 12:04 ` David Howells
2021-03-12 0:55 ` Valdis Klētnieks
2021-03-12 9:01 ` David Howells
2021-03-12 9:06 ` Valdis Klētnieks
2021-03-12 11:19 ` [PATCH] certs: Clean up signing_key.pem and x509.genkey on make mrproper David Howells
2021-05-09 15:11 ` 'make O=' indigestion with module signing Ingo Molnar
2021-05-09 15:15 ` Ingo Molnar
2021-05-09 16:19 ` Ingo Molnar [this message]
2021-05-10 12:41 ` Ingo Molnar
2021-03-11 13:31 ` David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210509161914.GB839293@gmail.com \
--to=mingo@kernel.org \
--cc=dhowells@redhat.com \
--cc=dwmw2@infradead.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=valdis.kletnieks@vt.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.