On Sun, Nov 22, 2015 at 5:49 PM, Ian Pilcher <[email protected]> wrote: > I am hitting this pesign issue when trying to (locally) build a custom > kernel RPM with mock: > > https://bugzilla.redhat.com/show_bug.cgi?id=1283475 > > Is there any way to work around this before the pesign update makes it > into stable?
Comment out the call to pesign and the check for vmlinuz being signed in kernel.spec. This will mean that your kernel is unsigned, but the modules will remain signed. Given that you're doing a local build, a signed kernel in that context is using a test certificate that everyone has access to. Commenting out this section of the kernel spec and leaving it unsigned really isn't much of a change in security from that perspective. josh _______________________________________________ kernel mailing list [email protected] http://lists.fedoraproject.org/admin/lists/[email protected]
