lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20210509161914.GB839293@gmail.com>
Date:   Sun, 9 May 2021 18:19:14 +0200
From:   Ingo Molnar <mingo@...nel.org>
To:     David Howells <dhowells@...hat.com>
Cc:     Valdis Klētnieks <valdis.kletnieks@...edu>,
        David Woodhouse <dwmw2@...radead.org>,
        keyrings@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: 'make O=' indigestion with module signing


* Ingo Molnar <mingo@...nel.org> wrote:

> Correction - there appears to be something else going on, but the
> error messages are similar:
> 
>   At main.c:291:
>   - SSL error:02001002:system library:fopen:No such file or directory: ../crypto/bio/bss_file.c:69
>   - SSL error:2006D080:BIO routines:BIO_new_file:no such file: ../crypto/bio/bss_file.c:76
>   sign-file: debian/linux-image/lib/modules/5.12.0-custom/kernel/arch/x86/crypto/aegis128-aesni.ko: No such file or directory
>   At main.c:291:
> 
> The error messages look pretty obscure to me. :-/

I didn't find any stray build files left in the tree, so 'make mrproper'
is innocent I believe.

I ended up with the config tweak below to get the kernel package to build,
which is not an ideal solution. :-/

Let me know if you'd like me to send you the .config and/or any diagnostic
messages or other details.

Thanks,

	Ingo

diff --git a/.config.kepler.ubuntu b/.config.kepler.ubuntu
index 01347a220e54..846a956fcdbd 100644
--- a/.config.kepler.ubuntu
+++ b/.config.kepler.ubuntu
@@ -880,9 +880,8 @@ CONFIG_MODULE_UNLOAD=y
 # CONFIG_MODULE_FORCE_UNLOAD is not set
 # CONFIG_MODVERSIONS is not set
 CONFIG_MODULE_SRCVERSION_ALL=y
-CONFIG_MODULE_SIG=y
-# CONFIG_MODULE_SIG_FORCE is not set
-CONFIG_MODULE_SIG_ALL=y
+# CONFIG_MODULE_SIG is not set
+# CONFIG_MODULE_SIG_ALL is not set
 # CONFIG_MODULE_SIG_SHA1 is not set
 # CONFIG_MODULE_SIG_SHA224 is not set
 # CONFIG_MODULE_SIG_SHA256 is not set
@@ -10177,11 +10176,7 @@ CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y
 # CONFIG_SECURITY_LOADPIN is not set
 CONFIG_SECURITY_YAMA=y
 CONFIG_SECURITY_SAFESETID=y
-CONFIG_SECURITY_LOCKDOWN_LSM=y
-CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
-CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y
-# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set
-# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set
+# CONFIG_SECURITY_LOCKDOWN_LSM is not set
 # CONFIG_SECURITY_LANDLOCK is not set
 CONFIG_INTEGRITY=y
 CONFIG_INTEGRITY_SIGNATURE=y

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ