Re: [Bug] 6.12+ DKMS modsign breakage due to missing .config in Debian headers package

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Dec 9, 2024 at 5:31 PM Mihai Limbășan <mihai@xxxxxxxxxxx> wrote:
>
> Hi!
>
> Would like to report a DKMS build system impacting bug with kernel 6.12+
> introduced in commit aaed5c7739be81ebdd6008aedc8befd98c88e67a . Hope I'm
> addressing this following proper protocol by mailing linux-kbuild, tried
> mailing the maintainer directly on 2024-11-20 but received no feedback;
> my apologies otherwise, it's my first kernel bug report.

Sorry, I missed that.

Before you, another guy asked me the same question off-list.
Multiple people contacted me off-list for the same question.

Presumably, asking this in the ML is better because
other people may find the answer and avoid duplicated questions.

>
> Specifically, the commit changes scripts/package/install-extmod-build to
> remove the shipped copy of the kernel configuration as .config in the
> generated package. Unfortunately, this breaks DKMS when secure boot is
> being used and any locally compiled the modules need to be signed. DKMS
> needs it to extract various characteristics of the built kernel, among
> which CONFIG_MODULE_SIG_HASH so that it can sign the .ko files it
> creates. It's likely that it also uses various other symbols from the
> kernel config, e.g. clang-related stuff, but I didn't test that.
>
> The removal of the other formerly shipped files doesn't appear to cause
> any problems, at least not in this scenario.

I do not think removal of the .config is a problem because
another copy, include/config/auto.conf exists in the package.

DKMS can parse "${kernel_source_dir}/include/config/auto.conf
for CONFIG options.

Masahiro



> In detail:
>
> DKMS sets its path to the kernel config into the kernel_config var in
> this function:
> https://github.com/dell/dkms/blob/93bf2bd79704c0a8a39b240a52b001610cdc419b/dkms.in#L274
> DKMS then uses it to extract CONFIG_MODULE_SIG_HASH in this function:
> https://github.com/dell/dkms/blob/93bf2bd79704c0a8a39b240a52b001610cdc419b/dkms.in#L1021
> If kernel_config isn't set, the build process issues "Kernel config
> ${kernel_config} not found, modules won't be signed" and skips signing
> the built .ko files, subsequently resulting in a runtime failure to load
> the corresponding module with "Loading of unsigned module is rejected"
> when secure boot is being used.
>
> While it's possible to supply the path to the kernel config manually
> when invoking DKMS, it would need manual intervention after every kernel
> header package installation. This would be rather clumsy and
> inconvenient compared to the current set-and-forget approach where a
> kernel headers package install hook auto-builds and installs modules.
> Unfortunately there's no viable workaround via a config snippet or any
> sort of build hook, DKMS would need to be patched to somehow figure out
> the relationships between the installed packages and the various kernel
> config file placement conventions across distros.
>
> Is there any chance for .config to be shipped again when generating the
> headers package? This would be a simple two-line change, restoring the
> shipped copy of the kernel config. I.e. something like the below. Have
> tested that patch and can confirm it restores proper modsign functionality.
>
> Thank you very much!
> Mihai Limbasan
>
> diff -Naur linux.orig/scripts/package/install-extmod-build
> linux/scripts/package/install-extmod-build
> --- linux.orig/scripts/package/install-extmod-build    2024-12-09
> 10:28:03.000000000 +0200
> +++ linux/scripts/package/install-extmod-build    2024-12-09
> 10:30:28.871498366 +0200
> @@ -76,4 +76,6 @@
>       rm -f "${destdir}/Kbuild" "${destdir}/scripts/Kbuild"
>   fi
>
> +# copy .config manually to be where it's expected to be
> +cp "${KCONFIG_CONFIG}" "${destdir}/.config"
>   find "${destdir}" \( -name '.*.cmd' -o -name '*.o' \) -delete
>
>


-- 
Best Regards
Masahiro Yamada





[Index of Archives]     [Linux&nblp;USB Development]     [Linux Media]     [Video for Linux]     [Linux Audio Users]     [Yosemite Secrets]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux