From: Randy Dunlap <rdunlap@infradead.org>
To: Stephen Rothwell <sfr@canb.auug.org.au>,
Linux Next Mailing List <linux-next@vger.kernel.org>
Cc: Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
linux-integrity@vger.kernel.org, Mimi Zohar <zohar@linux.ibm.com>,
Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
Masahiro Yamada <masahiroy@kernel.org>
Subject: Re: linux-next: Tree for Apr 16 (IMA appraise causing build error)
Date: Fri, 16 Apr 2021 11:53:53 -0700 [thread overview]
Message-ID: <80839e94-f72c-4d2c-6b3a-b68beea72a27@infradead.org> (raw)
In-Reply-To: <20210416213625.14542675@canb.auug.org.au>
[-- Attachment #1: Type: text/plain, Size: 1211 bytes --]
On 4/16/21 4:36 AM, Stephen Rothwell wrote:
> Hi all,
>
> Changes since 20210415:
>
I noticed this build error message (on an i386 build):
../certs/Makefile:52: *** Could not determine digest type to use from kernel config. Stop.
and when I was checking on why it happened, I noticed that
# CONFIG_MODULES is not set
and hence
ifndef CONFIG_MODULE_SIG_HASH
$(error Could not determine digest type to use from kernel config)
endif
CONFIG_MODULE_SIG_HASH is not set/enabled/defined.
However, the .config file does have
CONFIG_IMA_APPRAISE=y
# CONFIG_IMA_ARCH_POLICY is not set
# CONFIG_IMA_APPRAISE_BUILD_POLICY is not set
CONFIG_IMA_APPRAISE_BOOTPARAM=y
CONFIG_IMA_APPRAISE_MODSIG=y
as well as
CONFIG_MODULE_SIG_FORMAT=y
due to a "select" by IMA_APPRAISE_MODSIG.
(although I see that MODULE_SIG_FORMAT does not depend on MODULES)
Is there anything that you can do (or recommend) to prevent
the build error?
BTW, it looks like this:
config IMA_APPRAISE_REQUIRE_MODULE_SIGS
bool "Appraise kernel modules signatures"
depends on IMA_APPRAISE_BUILD_POLICY
could also depend on MODULES.
Full i386 randconfig file is attached.
thanks.
--
~Randy
Reported-by: Randy Dunlap <rdunlap@infradead.org>
[-- Attachment #2: config-r8835.gz --]
[-- Type: application/gzip, Size: 37123 bytes --]
next prev parent reply other threads:[~2021-04-16 18:54 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-16 11:36 linux-next: Tree for Apr 16 Stephen Rothwell
2021-04-16 17:50 ` linux-next: Tree for Apr 16 (objtool: warnings) Randy Dunlap
2021-06-21 13:34 ` Peter Zijlstra
2021-06-21 14:23 ` Peter Zijlstra
2021-06-21 17:53 ` [tip: objtool/urgent] objtool/x86: Ignore __x86_indirect_alt_* symbols tip-bot2 for Peter Zijlstra
2021-06-21 23:30 ` linux-next: Tree for Apr 16 (objtool: warnings) Randy Dunlap
2021-04-16 18:53 ` Randy Dunlap [this message]
2021-04-16 20:25 ` linux-next: Tree for Apr 16 (IMA appraise causing build error) Nayna
2021-04-16 20:32 ` Randy Dunlap
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=80839e94-f72c-4d2c-6b3a-b68beea72a27@infradead.org \
--to=rdunlap@infradead.org \
--cc=dmitry.kasatkin@gmail.com \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-next@vger.kernel.org \
--cc=masahiroy@kernel.org \
--cc=sfr@canb.auug.org.au \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.