new CONFIG_SYSTEM_TRUSTED_KEYS setting breaks things like "make olddefconfig" and "make localmodconfig" with upstream sources
People that want to build a kernel from the upstream Linux sources using make targets like "olddefconfig" and "localmodconfig" since a few weeks seem[1] to run into this error:
make[3]: *** No rule to make target 'certs/rhel.pem', needed by
'certs/x509_certificate_list'. Stop.
That apparently is caused by !3160 (merged) from @coxu. That outcome is somewhat annoying and I'd like to see this fixed, unless there is a reason why that setting has to remain that way after the kernel was build. Is there?
If not, I see two possible ways to make "olddefconfig" et. al. upstream work again:
- Run something like a
sed -i 's!CONFIG_SYSTEM_TRUSTED_KEYS=.*!# CONFIG_SYSTEM_TRUSTED_KEYS is not set!' .config
after the kernel was build while the .config is copied into the install target for later inclusion in the package. - Ship that file (if it is public!) in some package which becomes a Require: and BuildRequire and make it the .config sett a full path to that file
But I might miss something; maybe there is an even better way.
[1] see https://www.mail-archive.com/kernel@lists.fedoraproject.org/msg17224.html ; I did not try myself, but I care, because I'm the author of documents in the upstream kernel (like https://docs.kernel.org/admin-guide/verify-bugs-and-bisect-regressions.html and https://docs.kernel.org/admin-guide/quickly-build-trimmed-linux.html) that now likely stopped working on Fedora.