On Sat, Dec 9, 2023 at 6:18 PM Masahiro Yamada <masahiroy@xxxxxxxxxx> wrote: > On Fri, Dec 8, 2023 at 8:14 PM Tom Cook <tom.k.cook@xxxxxxxxx> wrote: > > > > I'm trying to build a signed .deb kernel package of > > https://github.com/torvalds/linux/tree/v6.6. I've copied > > certs/default_x509.genkey to certs/x509.genkey. The .config is the > > one from Ubuntu 23.10's default kernel with all new options accepted > > at their default and CONFIG_SYSTEM_TRUSTED_KEYS="" and > > CONFIG_SYSTEM_REVOCATION_KEYS="". > > > > This builds the kernel and modules, signs the modules, compresses the > > modules and then attempts to sign the modules again. That fails, > > because the .ko module files are now .ko.zst files and the file it's > > trying to sign isn't there. Full failure is pasted below. > > > > Modules are signed before the compression. Reading back through my earlier email, I wasn't clear that when I said "This builds the kernel..." I meant "`make deb-pkg` builds the kernel". I'm not doing anything outlandish here, I think, just expecting the build system to work. Regards, Tom
