编译内核时出现错误No rule to make target 'debian/certs/debian-uefi-certs.pem我正在学习本教程https://www.cyberciti.biz/tips/compiling-linux-kernel-26.html
CC kernel/jump_label.o
CC kernel/iomem.o
CC kernel/rseq.o
AR kernel/built-in.a
CC certs/system_keyring.o
make[1]: *** No rule to make target 'debian/certs/debian-uefi-certs.pem', needed by 'certs/x509_certificate_list'. Stop.
make: *** [Makefile:1851: certs] Error 2
我没有删除内核签名检查,而是正确配置了它:
#
# Certificates for signature checking
#
CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
CONFIG_MODULE_SIG_KEY_TYPE_RSA=y
CONFIG_MODULE_SIG_KEY_TYPE_ECDSA=y
CONFIG_SYSTEM_TRUSTED_KEYRING=y
CONFIG_SYSTEM_TRUSTED_KEYS="/usr/local/src/debian/canonical-certs.pem"
CONFIG_SYSTEM_EXTRA_CERTIFICATE=y
CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096
CONFIG_SECONDARY_TRUSTED_KEYRING=y
CONFIG_SYSTEM_BLACKLIST_KEYRING=y
CONFIG_SYSTEM_BLACKLIST_HASH_LIST=""
CONFIG_SYSTEM_REVOCATION_LIST=y
CONFIG_SYSTEM_REVOCATION_KEYS="/usr/local/src/debian/canonical-revoked-certs.pem"
# end of Certificates for signature checking
为了达到目的,我只遵循了以下步骤:
sudo mkdir -p /usr/local/src/debian
sudo apt install linux-source
sudo cp -v /usr/src/linux-source-*/debian/canonical-*.pem /usr/local/src/debian/
sudo apt purge linux-source*
其中:
- 安装Ubuntu Linux内核源代码
- 将证书复制到专用的非包管理目录中
- 再次删除任何内核源代码包
只要需要更新(例如新证书(,就可以重复此过程。
这似乎是当前版本的做法:
https://unix.stackexchange.com/a/649484/301245
现在有很多配置标志,签名系统必须保持可操作性才能使构建工作。最简单的方法是将debian/和debian.master/复制到要构建的内核的源树中,然后它就可以在没有其他更改的情况下工作。嗯,差不多:可能对关键文件的引用仍然存在。conf文件中的keys部分应该如下所示:
#
# Certificates for signature checking
#
CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
CONFIG_SYSTEM_TRUSTED_KEYRING=y
CONFIG_SYSTEM_TRUSTED_KEYS=""
CONFIG_SYSTEM_EXTRA_CERTIFICATE=y
CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096
CONFIG_SECONDARY_TRUSTED_KEYRING=y
CONFIG_SYSTEM_BLACKLIST_KEYRING=y
CONFIG_SYSTEM_BLACKLIST_HASH_LIST=""
CONFIG_SYSTEM_REVOCATION_LIST=y
CONFIG_SYSTEM_REVOCATION_KEYS=""
# end of Certificates for signature checking
如果您收到证书错误,请在内核源的根目录中执行以下操作
scripts/config --disable SYSTEM_TRUSTED_KEYS
scripts/config --disable SYSTEM_REVOCATION_KEYS
然后再次运行make,它应该可以工作了!
在内核源代码树的顶级目录中运行ln -s /usr/src/linux-source-x.y.z/debian debian。用适当的内核版本替换x.y.z。
根据您提供的错误消息,您的Linux内核配置文件似乎包含类似的路径,如下所示:
#
# Certificates for signature checking
#
CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
CONFIG_MODULE_SIG_KEY_TYPE_RSA=y
# CONFIG_MODULE_SIG_KEY_TYPE_ECDSA is not set
CONFIG_SYSTEM_TRUSTED_KEYRING=y
CONFIG_SYSTEM_TRUSTED_KEYS="debian/canonical-certs.pem"
CONFIG_SYSTEM_EXTRA_CERTIFICATE=y
CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096
CONFIG_SECONDARY_TRUSTED_KEYRING=y
CONFIG_SYSTEM_BLACKLIST_KEYRING=y
CONFIG_SYSTEM_BLACKLIST_HASH_LIST=""
CONFIG_SYSTEM_REVOCATION_LIST=y
CONFIG_SYSTEM_REVOCATION_KEYS="debian/canonical-revoked-certs.pem"
# end of Certificates for signature checking
要解决此问题,您可以按照以下步骤操作:
- 在Linux构建根目录中创建一个名为debian/certs的目录
- 将证书从当前内核复制到新创建的debian/certs目录中
sudo cp -v /usr/src/$(uname -r)/debian/certs/* /path-to-linux-Build/debian/certs/
执行以下操作:
sudo apt install linux-buildinfo-5.15.0-70-generic
然后在文本编辑器中打开.config文件并更改:
CONFIG_SYSTEM_REVOCATION_KEYS="debian/canonical-revoked-certs.pem"
至
CONFIG_SYSTEM_REVOCATION_KEYS="/usr/lib/linux/5.15.0-70-generic/canonical-certs.pem"
然后尝试重新编译它。