X-509 Standard: CC system_keyring.o & x509_certificate_list & build kernel

Welches Modul/Treiber für welche Hardware, Kernel compilieren...
Antworten
Benutzeravatar
ellocco
Beiträge: 24
Registriert: 10.01.2025 14:05:15

X-509 Standard: CC system_keyring.o & x509_certificate_list & build kernel

Beitrag von ellocco » 27.01.2025 09:52:39

I try to compile the current kernel from package: "linux-source-6.1".
I follow the helpful instruction on: Building a custom kernel from Debian kernel source

Code: Alles auswählen

tar -xaf linux-source-6.1.tar.xz
cd linux-source-6.1
make localmodconfig
scripts/config --disable MODULE_SIG
scripts/config --disable DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT
make clean
make bindeb-pkg
I wonder, if it is possible to compile without the message:

Code: Alles auswählen

    CC      certs/system_keyring.o
benötigt von „certs/x509_certificate_list“, zu erstellen.  Schluss.
make[4]: *** [scripts/Makefile.build:508: certs] Fehler 2
I searched for one or two hours, but failed to find the trick (without disabling the X-5009 security standard).
A workaround is for sure to disable this feature, by commands like:

Code: Alles auswählen

scripts/config --disable SYSTEM_TRUSTED_KEYS
scripts/config --disable SYSTEM_REVOCATION_KEYS
Does someone know what the trick without disabling related kernel features for Debian 12 (bookworm)?
Nach oben
Benutzeravatar
ellocco
Beiträge: 24
Registriert: 10.01.2025 14:05:15

Re: X-509 Standard: CC system_keyring.o & x509_certificate_list & build kernel

Beitrag von ellocco » 27.01.2025 12:10:13

It might be that I found out the trick myself, just by intuition and searching.
It might be necessary to:
  • download extra packages:
    sudo apt install linux-kbuild-6.1
    sudo apt install pahole dwarves
pahole / dwarves are realted to the topic "use the DWARF debugging information
inserted in ELF binaries by compilers such as GCC" (it might be that package "pahole" is not needed.).
Without this package I was not able to build the kernel with BTF-information.
Compilation stops and proposes to disable kernel parameter: "CONFIG_DEBUG_INFO_BTF".
  • compile in the original directory
    /usr/src/linux-source-6.1
Maybe it is a mistake, that this folder linux-source-6.1 can be copied somewhere else
for the purpose of compilation.
I do not know if its some kind of Vodún, but before I started the next compilation
I deleted the existing .config and disabled only two kernel parameters:

Code: Alles auswählen

scripts/config --disable MODULE_SIG
scripts/config --disable DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT
make clean
Nach oben
Antworten

Zurück zu „Kernelfragen“