Re: make error in compiling kernel in Debian Stretch

To: Ben Hutchings <ben@decadent.org.uk>, "debian-kernel@lists.debian.org" <debian-kernel@lists.debian.org>
Subject: Re: make error in compiling kernel in Debian Stretch
From: 慕冬亮 <mudongliangabcd@hotmail.com>
Date: Mon, 13 Feb 2017 05:08:31 +0000
Message-id: <[🔎] BY2PR1201MB0936B81CE73CE1D2D0F92190BC590@BY2PR1201MB0936.namprd12.prod.outlook.com>
In-reply-to: <[🔎] 1486955015.2900.80.camel@decadent.org.uk>
References: <[🔎] BY2PR1201MB0936534EC5D43BBE04EAA8FDBC460@BY2PR1201MB0936.namprd12.prod.outlook.com> <[🔎] 1486919651.2900.77.camel@decadent.org.uk> <[🔎] BY2PR1201MB0936B3820659AD98AE05B33ABC590@BY2PR1201MB0936.namprd12.prod.outlook.com> <[🔎] 1486955015.2900.80.camel@decadent.org.uk>

On Mon, 2017-02-13 at 03:03 +0000, Ben Hutchings wrote:
> On Mon, 2017-02-13 at 02:51 +0000, 慕 冬亮 wrote:
> > On Sun, 2017-02-12 at 17:14 +0000, Ben Hutchings wrote:
> > > On Sun, 2017-02-12 at 05:43 +0000, 慕 冬亮 wrote:
> > > > Hi all,
> > > > 
> > > > 
> > > > when I want to compile the master branch of linux kernel in
> > > > Debian
> > > > Stretch, there is one error in the following. It seems to be
> > > > problem
> > > > of Debian, not the upstream
> > > > 
> > > > 
> > > > $ make
> > > >   CHK     include/config/kernel.release
> > > >   CHK     include/generated/uapi/linux/version.h
> > > >   CHK     include/generated/utsrelease.h
> > > >   CHK     include/generated/bounds.h
> > > >   CHK     include/generated/timeconst.h
> > > >   CHK     include/generated/asm-offsets.h
> > > >   CALL    scripts/checksyscalls.sh
> > > >   CHK     include/generated/compile.h
> > > > make[1]: *** No rule to make target 'debian/certs/benh@debian.o
> > > > rg.c
> > > > ert.pem', needed by 'certs/x509_certificate_list'.  Stop.
> > > > Makefile:988: recipe for target 'certs' failed
> > > > make: *** [certs] Error 2
> > > 
> > > You have started with the config file for our official kernel
> > > binary
> > > packages, for which the modules get signed.  You will not be
> > > signing
> > > modules with our signing key, so you need to change the
> > > configuration
> > > accordingly.
> > > 
> > 
> > Yes, I directly used the old config file copied from /boot/config-
> > 4.9.0-1-amd64(linux-image-4.9.0-1-amd64 package).
> > 
> > You mean I need to disable "CONFIG_MODULE_SIG" configuration in
> > "Enable
> > loadable module support"? 
> 
> No, but you do need to clear CONFIG_SYSTEM_TRUSTED_KEYS.

Just open .config file and clear content of 
"CONFIG_SYSTEM_TRUSTED_KEYS", like 

CONFIG_SYSTEM_TRUSTED_KEYS=""

It works now.
> 
> > And why does Debian kernel team enable such one configuration by
> > default? For security or what?
> 
> Yes, this can be a useful security feature.
> 
> Ben.
> 
> > > The config files provided in linux-source-4.9 have the module
> > > signing
> > > configuration changed to be suitable for custom kernel builds.
> > > 
> > > Ben.
> > >

Reply to:

References:
- make error in compiling kernel in Debian Stretch
  - From: 慕冬亮 <mudongliangabcd@hotmail.com>
- Re: make error in compiling kernel in Debian Stretch
  - From: Ben Hutchings <ben@decadent.org.uk>
- Re: make error in compiling kernel in Debian Stretch
  - From: 慕冬亮 <mudongliangabcd@hotmail.com>
- Re: make error in compiling kernel in Debian Stretch
  - From: Ben Hutchings <ben@decadent.org.uk>

Prev by Date: Re: make error in compiling kernel in Debian Stretch
Next by Date: Bug#855003: ATA HD race conditions at boot-time
Previous by thread: Re: make error in compiling kernel in Debian Stretch
Next by thread: Bug#854231: Fwd: Kernel 4.9 traces
Index(es):
- Date
- Thread