Re: 'make O=' indigestion with module signing

[Ingo Molnar]

* Ingo Molnar <mingo@xxxxxxxxxx> wrote:

> Correction - there appears to be something else going on, but the
> error messages are similar:
> 
>   At main.c:291:
>   - SSL error:02001002:system library:fopen:No such file or directory: ../crypto/bio/bss_file.c:69
>   - SSL error:2006D080:BIO routines:BIO_new_file:no such file: ../crypto/bio/bss_file.c:76
>   sign-file: debian/linux-image/lib/modules/5.12.0-custom/kernel/arch/x86/crypto/aegis128-aesni.ko: No such file or directory
>   At main.c:291:
> 
> The error messages look pretty obscure to me. :-/

I didn't find any stray build files left in the tree, so 'make mrproper'
is innocent I believe.

I ended up with the config tweak below to get the kernel package to build,
which is not an ideal solution. :-/

Let me know if you'd like me to send you the .config and/or any diagnostic
messages or other details.

Thanks,

	Ingo

diff --git a/.config.kepler.ubuntu b/.config.kepler.ubuntu
index 01347a220e54..846a956fcdbd 100644
--- a/.config.kepler.ubuntu
+++ b/.config.kepler.ubuntu
@@ -880,9 +880,8 @@ CONFIG_MODULE_UNLOAD=y
 # CONFIG_MODULE_FORCE_UNLOAD is not set
 # CONFIG_MODVERSIONS is not set
 CONFIG_MODULE_SRCVERSION_ALL=y
-CONFIG_MODULE_SIG=y
-# CONFIG_MODULE_SIG_FORCE is not set
-CONFIG_MODULE_SIG_ALL=y
+# CONFIG_MODULE_SIG is not set
+# CONFIG_MODULE_SIG_ALL is not set
 # CONFIG_MODULE_SIG_SHA1 is not set
 # CONFIG_MODULE_SIG_SHA224 is not set
 # CONFIG_MODULE_SIG_SHA256 is not set
@@ -10177,11 +10176,7 @@ CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y
 # CONFIG_SECURITY_LOADPIN is not set
 CONFIG_SECURITY_YAMA=y
 CONFIG_SECURITY_SAFESETID=y
-CONFIG_SECURITY_LOCKDOWN_LSM=y
-CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
-CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y
-# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set
-# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set
+# CONFIG_SECURITY_LOCKDOWN_LSM is not set
 # CONFIG_SECURITY_LANDLOCK is not set
 CONFIG_INTEGRITY=y
 CONFIG_INTEGRITY_SIGNATURE=y