Bug#823107: linux: make deb-pkg fails: No rule to make target 'debian/certs/benh@debian.org.cert.pem')

[Santiago Vila <sanvila@unex.es>]

On Sat, Apr 30, 2016 at 11:41:09PM +0200, Ben Hutchings wrote:
> > > Yes, you must do that.  Your custom kernel configuration should be
> > > based on the appropriate file provided in linux-source-4.5.  These have
> > > the CONFIG_MODULE_SIG_ALL, CONFIG_MODULE_SIG_KEY and
> > > CONFIG_SYSTEM_TRUSTED_KEYS settings removed so that custom kernels will
> > > get modules signed by a one-time key.
> > If I have to remove CONFIG_SYSTEM_TRUSTED_KEYS by hand, then
> > documentation is wrong.
> [...]
> 
> Oh, I see the problem.  I didn't realise that the local{mod,yes}config
> rules would (a) copy the config file from /boot or (b) keep the keyring
> config symbols unchanged.

Thanks a lot!


I have a related question: I know that you spent some time making
linux-image build reproducible. If by way of this module signing thing
the linux-image distributed by Debian is based on your key, does this
not make the build unreproducible again?