On Mon, 2017-02-13 at 03:03 +0000, Ben Hutchings wrote: > On Mon, 2017-02-13 at 02:51 +0000, 慕 冬亮 wrote: > > On Sun, 2017-02-12 at 17:14 +0000, Ben Hutchings wrote: > > > On Sun, 2017-02-12 at 05:43 +0000, 慕 冬亮 wrote: > > > > Hi all, > > > > > > > > > > > > when I want to compile the master branch of linux kernel in > > > > Debian > > > > Stretch, there is one error in the following. It seems to be > > > > problem > > > > of Debian, not the upstream > > > > > > > > > > > > $ make > > > > CHK include/config/kernel.release > > > > CHK include/generated/uapi/linux/version.h > > > > CHK include/generated/utsrelease.h > > > > CHK include/generated/bounds.h > > > > CHK include/generated/timeconst.h > > > > CHK include/generated/asm-offsets.h > > > > CALL scripts/checksyscalls.sh > > > > CHK include/generated/compile.h > > > > make[1]: *** No rule to make target 'debian/certs/[email protected] > > > > rg.c > > > > ert.pem', needed by 'certs/x509_certificate_list'. Stop. > > > > Makefile:988: recipe for target 'certs' failed > > > > make: *** [certs] Error 2 > > > > > > You have started with the config file for our official kernel > > > binary > > > packages, for which the modules get signed. You will not be > > > signing > > > modules with our signing key, so you need to change the > > > configuration > > > accordingly. > > > > > > > Yes, I directly used the old config file copied from /boot/config- > > 4.9.0-1-amd64(linux-image-4.9.0-1-amd64 package). > > > > You mean I need to disable "CONFIG_MODULE_SIG" configuration in > > "Enable > > loadable module support"? > > No, but you do need to clear CONFIG_SYSTEM_TRUSTED_KEYS.
Just open .config file and clear content of "CONFIG_SYSTEM_TRUSTED_KEYS", like CONFIG_SYSTEM_TRUSTED_KEYS="" It works now. > > > And why does Debian kernel team enable such one configuration by > > default? For security or what? > > Yes, this can be a useful security feature. > > Ben. > > > > The config files provided in linux-source-4.9 have the module > > > signing > > > configuration changed to be suitable for custom kernel builds. > > > > > > Ben. > > >
