On Fri, Dec 8, 2023 at 12:06 PM Bagas Sanjaya <bagasdotme@xxxxxxxxx> wrote: > On Fri, Dec 08, 2023 at 11:14:35AM +0000, Tom Cook wrote: > > Unsetting CONFIG_MODULE_COMPRESS_ZSTD is a workaround (ie disable > > module compression). > > > > Seriously? Unrelated option becomes a workaround? "Workaround" as in "With this options set, `make deb-pkg` crashes out with the reported error, while with this option unset it produces a deb package of a signed kernel and modules." This looks like a defect in the build system to me and the workaround allows me to build a package in the meantime. > > Is there a way to build a .deb of a signed kernel with compressed modules? > > > > Thanks for any help, > > Tom > > > > INSTALL debian/linux-libc-dev/usr/include > > SIGN debian/linux-image/lib/modules/6.6.0-local/kernel/arch/x86/events/amd/amd-uncore.ko > > SIGN debian/linux-image/lib/modules/6.6.0-local/kernel/arch/x86/events/intel/intel-cstate.ko > > At main.c:298: > > - SSL error:FFFFFFFF80000002:system library::No such file or > > directory: ../crypto/bio/bss_file.c:67 > > Above means that you don't have a valid certificate/keypair set in > CONFIG_MODULE_SIG_KEY. If you keep the option value on `certs/signing_key.pem` > (which is the default), the key should be automatically generated > (with your observation, only if `certs/x509.genkey` doesn't already exist). > After building the kernel with `make all`, you should check if the certificate > pointed in CONFIG_MODULE_SIG_KEY is present or not. If it isn't the case, > you have to generate the certificate yourself. For more information, see > Documentation/admin-guide/module.signing.rst in the kernel sources. Sorry for being unclear - I'm not building with `make all`, I'm building with `make deb-pkg`. If I had to guess, I'd say the .deb depends on the uncompressed modules rather than the dependency depending on whether module compression is turned on or not, but it's only a guess. Regards, Tom
