Public bug reported:
Problem:
When using make-kpkg to build a current mainline kernel with
CONFIG_MODULE_SIG to enable cryptographically signed modules the
resulting kernel, when installed and booted, will be tainted immediately
upon loading any module, and all modules will appear to have been force
loaded.
This is the result of make-kpkg unconditionally passing
INSTALL_MOD_STRIP=1 when installing modules into its tree for packaging,
resulting in their cryptographic signatures being stripped and so
failing verification with -ENOKEY.
Fix:
make-kpkg should not pass INSTALL_MOD_STRIP=1 if CONFIG_MODULE_SIG is
set.
ProblemType: Bug
DistroRelease: Ubuntu 12.10
Package: kernel-package 12.036+nmu3
Uname: Linux 3.8.0-rc2-g974b335-2+ x86_64
ApportVersion: 2.6.1-0ubuntu9
Architecture: amd64
Date: Mon Jan 14 22:40:01 2013
InstallationDate: Installed on 2012-09-20 (116 days ago)
InstallationMedia: Kubuntu 12.04 LTS "Precise Pangolin" - Release amd64
(20120423)
MarkForUpload: True
PackageArchitecture: all
ProcEnviron:
LANGUAGE=en_AU:en
TERM=xterm
PATH=(custom, no user)
LANG=en_AU.UTF-8
SHELL=/bin/bash
SourcePackage: kernel-package
UpgradeStatus: Upgraded to quantal on 2012-10-04 (101 days ago)
** Affects: kernel-package (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug quantal
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1099371
Title:
make-kpkg strips modules when CONFIG_MODULE_SIG is set, breaking
crypto sigs
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/kernel-package/+bug/1099371/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
