| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <134696.1615510534@turing-police>
Date: Thu, 11 Mar 2021 19:55:34 -0500
From: "Valdis Klētnieks" <valdis.kletnieks@...edu>
To: David Howells <dhowells@...hat.com>
Cc: David Woodhouse <dwmw2@...radead.org>, keyrings@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: 'make O=' indigestion with module signing
On Thu, 11 Mar 2021 12:04:19 +0000, David Howells said:
> EXTRACT_CERTS /usr/src/linux-next/"certs/signing_key.pem"
>
> but I don't know why. There are some odd quotes in your line also which may
> be related to the problem. The relevant config line looks the same:
>
> CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
Aha. I figured it out.
If you have a *totally* clean source tree, 'make -O' works for all users.
If you have in the past done a build in the tree, and then done a 'make mrproper'
to clean it out so 'make -O' doesn't complain, it fails because it
finds an *old* certs/signing_key.pem in /usr/src/linux-next and tries to
put the new generated files in the same directory.
So the root cause was: 'make mrproper doesn't clean certs/' out enough,
and this chunk of certs/Makefile
# If CONFIG_MODULE_SIG_KEY isn't a PKCS#11 URI, depend on it
ifeq ($(patsubst pkcs11:%,%,$(firstword $(MODULE_SIG_KEY_FILENAME))),$(firstword $(MODULE_SIG_KEY_FILENAME)))
X509_DEP := $(MODULE_SIG_KEY_SRCPREFIX)$(MODULE_SIG_KEY_FILENAME)
endif
MODULE_SIG_KEY_SRCPREFIX was where my /usr/src/linux-next was coming from...
I admit not being sure how (or if) this should be fixed
Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists