Ubuntu
kernel-package package

  1. Bug #1099371
  2. Activity log

Activity log for bug #1099371

Date Who What changed Old value New value Message
2013-01-14 11:51:09 Chris Samuel bug added bug
2013-02-23 12:39:26 Launchpad Janitor kernel-package (Ubuntu): status New Confirmed
2013-02-23 12:44:48 FR. Loïc bug task added kernel-package (Debian)
2013-03-25 12:12:13 Chris Samuel description Problem: When using make-kpkg to build a current mainline kernel with CONFIG_MODULE_SIG to enable cryptographically signed modules the resulting kernel, when installed and booted, will be tainted immediately upon loading any module, and all modules will appear to have been force loaded. This is the result of make-kpkg unconditionally passing INSTALL_MOD_STRIP=1 when installing modules into its tree for packaging, resulting in their cryptographic signatures being stripped and so failing verification with -ENOKEY. Fix: make-kpkg should not pass INSTALL_MOD_STRIP=1 if CONFIG_MODULE_SIG is set. ProblemType: Bug DistroRelease: Ubuntu 12.10 Package: kernel-package 12.036+nmu3 Uname: Linux 3.8.0-rc2-g974b335-2+ x86_64 ApportVersion: 2.6.1-0ubuntu9 Architecture: amd64 Date: Mon Jan 14 22:40:01 2013 InstallationDate: Installed on 2012-09-20 (116 days ago) InstallationMedia: Kubuntu 12.04 LTS "Precise Pangolin" - Release amd64 (20120423) MarkForUpload: True PackageArchitecture: all ProcEnviron: LANGUAGE=en_AU:en TERM=xterm PATH=(custom, no user) LANG=en_AU.UTF-8 SHELL=/bin/bash SourcePackage: kernel-package UpgradeStatus: Upgraded to quantal on 2012-10-04 (101 days ago) After doing a module install make-kpkg runs objcopy on the modules to copy out the debug sections for a debug package. It then uses objcopy to remove those same debug sections (along with the crypto signature of the module) from the ones in the main package. Removing those signatures results in any loading of those modules to immediately taint the kernel as the kernel considers the loading of an unsigned module when CONFIG_MODULE_SIG is set as if the module has been forcibly loaded. make-kpkg should not use objcopy to strip modules if CONFIG_MODULE_SIG is set. My brief testing with my custom kernel config indicated that stripping modules saved 1MB out of 120MB, so it may be not be worth doing in the first place (YMMV). ProblemType: Bug DistroRelease: Ubuntu 12.10 Package: kernel-package 12.036+nmu3 Uname: Linux 3.8.0-rc2-g974b335-2+ x86_64 ApportVersion: 2.6.1-0ubuntu9 Architecture: amd64 Date: Mon Jan 14 22:40:01 2013 InstallationDate: Installed on 2012-09-20 (116 days ago) InstallationMedia: Kubuntu 12.04 LTS "Precise Pangolin" - Release amd64 (20120423) MarkForUpload: True PackageArchitecture: all ProcEnviron: LANGUAGE=en_AU:en TERM=xterm PATH=(custom, no user) LANG=en_AU.UTF-8 SHELL=/bin/bash SourcePackage: kernel-package UpgradeStatus: Upgraded to quantal on 2012-10-04 (101 days ago)