On Thu, 11 Mar 2021 10:49:14 +0000, David Howells said: > I wonder... Can you grab branch keys-cve-2020-26541-branch from: > > https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/ > > and try that? If that breaks, can you try dropping the top four commits? [/usr/src/linux-next] git checkout keys-cve-2020-26541-branch Checking out files: 100% (13062/13062), done. Previous HEAD position was b01d57bfdc41 Add linux-next specific files for 20210310 Branch 'keys-cve-2020-26541-branch' set up to track remote branch 'keys-cve-2020-26541-branch' from 'linux-fs'. Switched to a new branch 'keys-cve-2020-26541-branch' That still didn't work, and dropping off the 4 commits from Eric Snowberg didn't change things. I checked out next-20210310, did a 'make mrproper', and tested as the owner of the source tree rather than as a different user... LANG=C make O=/tmp/test-as-owner V=1 ARCH=arm64 ASFLAGS='-mcpu=all' CROSS_COMPILE=/opt/aarch64/bin/aarch64-linux-gnu- certs/ make -f /usr/src/linux-next/scripts/Makefile.build obj=certs \ single-build= \ need-builtin=1 need-modorder=1 scripts/extract-cert /usr/src/linux-next/"certs/signing_key.pem" certs/signing_key.x509 Extracted cert: /CN=Build time autogenerated kernel key /opt/aarch64/bin/aarch64-linux-gnu-gcc (...) -o certs/system_keyring.o /usr/src/linux-next/certs/system_keyring.c And the files ended up where they belonged: ls -l /tmp/test-as-owner/certs/ total 72 -rw-r--r-- 1 source source 1288 Mar 11 06:33 blacklist_nohashes.o -rw-r--r-- 1 source source 18496 Mar 11 06:33 blacklist.o -rw-r--r-- 1 source source 542 Mar 11 06:33 built-in.a -rw-r--r-- 1 source source 5856 Mar 11 06:33 common.o -rw-r--r-- 1 source source 0 Mar 11 06:33 modules.order -rw-r--r-- 1 source source 1184 Mar 11 06:33 revocation_certificates.o -rw-r--r-- 1 source source 1357 Mar 11 06:33 signing_key.x509 -rw-r--r-- 1 source source 6888 Mar 11 06:33 system_certificates.o -rw-r--r-- 1 source source 17504 Mar 11 06:33 system_keyring.o -rw-r--r-- 1 source source 0 Mar 11 06:33 x509_certificate_list -rw-r--r-- 1 source source 0 Mar 11 06:33 x509_revocation_list So there's something weird going on with scripts/extract-cert when running as a userid other than the owner of the source tree.. I wonder if it's actually an OpenSSL issue... I'll look at it some more later today...