Control: reopen -1 Control: retitle -1 local{mod,yes}config should fix references to unavailable certificates Control: tag -1 upstream On Sat, 2016-04-30 at 23:24 +0200, Santiago Vila wrote: > On Sat, Apr 30, 2016 at 08:51:25PM +0000, Debian Bug Tracking System wrote: > > > > > You wrote: > > [...] > > > > > > Should I remove CONFIG_SYSTEM_TRUSTED_KEYS from .config before building > > > the kernel? I hope not. > > [...] > > > > Yes, you must do that. Your custom kernel configuration should be > > based on the appropriate file provided in linux-source-4.5. These have > > the CONFIG_MODULE_SIG_ALL, CONFIG_MODULE_SIG_KEY and > > CONFIG_SYSTEM_TRUSTED_KEYS settings removed so that custom kernels will > > get modules signed by a one-time key. > If I have to remove CONFIG_SYSTEM_TRUSTED_KEYS by hand, then > documentation is wrong. [...] Oh, I see the problem. I didn't realise that the local{mod,yes}config rules would (a) copy the config file from /boot or (b) keep the keyring config symbols unchanged. Ben. -- Ben Hutchings Tomorrow will be cancelled due to lack of interest.
Attachment:
signature.asc
Description: This is a digitally signed message part