Public bug reported: Problem:
When using make-kpkg to build a current mainline kernel with CONFIG_MODULE_SIG to enable cryptographically signed modules the resulting kernel, when installed and booted, will be tainted immediately upon loading any module, and all modules will appear to have been force loaded. This is the result of make-kpkg unconditionally passing INSTALL_MOD_STRIP=1 when installing modules into its tree for packaging, resulting in their cryptographic signatures being stripped and so failing verification with -ENOKEY. Fix: make-kpkg should not pass INSTALL_MOD_STRIP=1 if CONFIG_MODULE_SIG is set. ProblemType: Bug DistroRelease: Ubuntu 12.10 Package: kernel-package 12.036+nmu3 Uname: Linux 3.8.0-rc2-g974b335-2+ x86_64 ApportVersion: 2.6.1-0ubuntu9 Architecture: amd64 Date: Mon Jan 14 22:40:01 2013 InstallationDate: Installed on 2012-09-20 (116 days ago) InstallationMedia: Kubuntu 12.04 LTS "Precise Pangolin" - Release amd64 (20120423) MarkForUpload: True PackageArchitecture: all ProcEnviron: LANGUAGE=en_AU:en TERM=xterm PATH=(custom, no user) LANG=en_AU.UTF-8 SHELL=/bin/bash SourcePackage: kernel-package UpgradeStatus: Upgraded to quantal on 2012-10-04 (101 days ago) ** Affects: kernel-package (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug quantal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1099371 Title: make-kpkg strips modules when CONFIG_MODULE_SIG is set, breaking crypto sigs To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/kernel-package/+bug/1099371/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs