Public bug reported:
[Impact]
/usr/src/linux-headers-6.8.0-47-generic/scripts/insert-sys-cert fails to insert a certificate into vmlinuz
[Test Case]
1. cp /boot/vmlinuz-6.8.0-47-generic ~/workdir/
2. cp /boot/System.map-6.8.0-47-generic ~/workdir/
3. cd ~/workdir
4. openssl req -x509 -newkey rsa:4096 -keyout snakeoil-key.der -out snakeoil-cert.der -sha256 -days 3650 -nodes -subj "/O=MyCert/OU=MyCert/CN=snakeoil" -outform DER
5. /usr/src/linux-headers-6.8.0-47-generic/scripts/insert-sys-cert -s System.map-6.8.0-47-generic -z vmlinuz-6.8.0-47-generic -c snakeoil-cert.der
ERROR: Unable to determine the compression of vmlinux
Recent kernels use zstd compression, which Ubuntu's insert-sys-cert does not know about. The
scripts/extract-vmlinux could be used to extract the vmlinux since it knows about zstd. However, because it has been stripped, it tries to use the Systems.map file to find the symbol, but has trouble reading
lines of the file.
1. /usr/src/linux-headers-6.8.0-47-generic/scripts/extract-vmlinux vmlinuz-6.8.0-47-generic > myvmlinux
2. file vmlinux
vmlinux: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked,
BuildID[sha1]=90786183f0bb9cf3d745ac2a83e1b86d473d6594, stripped
3. /usr/src/linux-headers-6.8.0-47-generic/scripts/insert-sys-cert -s
System.map-6.8.0-47-generic -b myvmlinux -c snakeoil-cert.der
WARNING: Could not find the symbol table.
ERROR: Missing line ending.
ERROR: Missing line ending.
ERROR: Missing line ending.
[ Where Problem Occurred ]
Package Name:
# dpkg -l | grep linux-headers-6.8.0-47-generic
ii linux-headers-6.8.0-47-generic 6.8.0-47.47 amd64 Linux kernel headers for version 6.8.0 on 64 bit x86 SMP
# cat /proc/version_signature
Ubuntu 6.8.0-47.47-generic 6.8.12
# lsb_release -rd
No LSB modules are available.
Description: Ubuntu 24.04.1 LTS
Release: 24.04
** Affects: linux (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are subscribed to linux
in Ubuntu.
Matching subscriptions: Bgg, Bmail, Nb
https://bugs.launchpad.net/bugs/2086819
Title:
scripts/insert-sys-cert does not insert a cert into kernel image
Status in linux package in Ubuntu:
New
Bug description:
[Impact]
/usr/src/linux-headers-6.8.0-47-generic/scripts/insert-sys-cert fails to insert a certificate into vmlinuz
[Test Case]
1. cp /boot/vmlinuz-6.8.0-47-generic ~/workdir/
2. cp /boot/System.map-6.8.0-47-generic ~/workdir/
3. cd ~/workdir
4. openssl req -x509 -newkey rsa:4096 -keyout snakeoil-key.der -out snakeoil-cert.der -sha256 -days 3650 -nodes -subj "/O=MyCert/OU=MyCert/CN=snakeoil" -outform DER
5. /usr/src/linux-headers-6.8.0-47-generic/scripts/insert-sys-cert -s System.map-6.8.0-47-generic -z vmlinuz-6.8.0-47-generic -c snakeoil-cert.der
ERROR: Unable to determine the compression of vmlinux
Recent kernels use zstd compression, which Ubuntu's insert-sys-cert does not know about. The
scripts/extract-vmlinux could be used to extract the vmlinux since it knows about zstd. However, because it has been stripped, it tries to use the Systems.map file to find the symbol, but has trouble reading
lines of the file.
1. /usr/src/linux-headers-6.8.0-47-generic/scripts/extract-vmlinux vmlinuz-6.8.0-47-generic > myvmlinux
2. file vmlinux
vmlinux: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked,
BuildID[sha1]=90786183f0bb9cf3d745ac2a83e1b86d473d6594, stripped
3. /usr/src/linux-headers-6.8.0-47-generic/scripts/insert-sys-cert -s
System.map-6.8.0-47-generic -b myvmlinux -c snakeoil-cert.der
WARNING: Could not find the symbol table.
ERROR: Missing line ending.
ERROR: Missing line ending.
ERROR: Missing line ending.
[ Where Problem Occurred ]
Package Name:
# dpkg -l | grep linux-headers-6.8.0-47-generic
ii linux-headers-6.8.0-47-generic 6.8.0-47.47 amd64 Linux kernel headers for version 6.8.0 on 64 bit x86 SMP
# cat /proc/version_signature
Ubuntu 6.8.0-47.47-generic 6.8.12
# lsb_release -rd
No LSB modules are available.
Description: Ubuntu 24.04.1 LTS
Release: 24.04
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2086819/+subscriptions
Комментариев нет:
Отправить комментарий