Am Freitag, 10. April 2020, 06:42:07 CEST schrieb Hans-Peter Jansen:
Am Donnerstag, 9. April 2020, 16:41:17 CEST schrieb Hans-Peter Jansen:
Section: Signing EFI binaries/kernel modules for EFI Secure Boot and below: out of my capabilities.
and seems to be defunct as well. :|
Attempt to build kernel-default from Kernel:stable for 15.{1,2} and TW, here are the relevant parts to pesign and co:
Significant deviations to Kernel:stable build inlined.
[ 146s] ### [ 146s] Generating a RSA private key [ 146s] ............................................................................ .... ++++ [ 146s] .......++++ [ 146s] writing new private key to 'certs/signing_key.pem' [ 146s] ----- [ 146s] ### [ 146s] ### Key pair generated. [ 146s] ### [ 146s] EXTRACT_CERTS certs/signing_key.pem [ 146s] AS certs/system_certificates.o
K:s seems to have one already: [ 122s] EXTRACT_CERTS [ 122s] EXTRACT_CERTS certs/signing_key.pem
[ 5533s] + /usr/lib/rpm/pesign/gen-hmac -r /home/abuild/rpmbuild/BUILDROOT/ kernel-default-5.6.2-2.3.x86_64 /boot/vmlinuz-5.6.2-2-default [ 5533s] + certs=() [ 5533s] + test y = y [ 5533s] + for f in /home/abuild/rpmbuild/SOURCES/*.crt [ 5533s] + test -s '/home/abuild/rpmbuild/SOURCES/*.crt' [ 5533s] + continue
K:s has a key from an unknown source: [ 4190s] + test -s /home/abuild/rpmbuild/SOURCES/_projectcert.crt
[ 6115s] calling /usr/lib/rpm/brp-suse.d/brp-99-pesign [ 6116s] No buildservice signing certificate [ 6116s] Creating /home/abuild/rpmbuild/OTHER/kernel-default.cpio.rsasign
unlike K:s [ 5122s] calling /usr/lib/rpm/brp-suse.d/brp-99-pesign [ 5122s] Using signing certificate /home/abuild/rpmbuild/SOURCES/ _projectcert.crt [ 5123s] Creating /home/abuild/rpmbuild/OTHER/kernel-default.cpio.rsasign so the issue boils down to: where does _projectcert.crt come from and how is it injected into the build? Thanks, Pete -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org