编译 kernel 给出错误 No rule to make target 'debian/certs/debian-uefi-certs.pem'
[英]Compiling kernel gives error No rule to make target 'debian/certs/debian-uefi-certs.pem'
问题描述
Compiling kernel gives error No rule to make target 'debian/certs/debian-uefi-certs.pem I am following this tutorial https://www.cyberciti.biz/tips/compiling-linux-kernel-26.html 
Compiling kernel gives error No rule to make target 'debian/certs/debian-uefi-certs.pem I am following this tutorial https://www.cyberciti.biz/tips/compiling-linux-kernel-26.html
CC kernel/jump_label.o
CC kernel/iomem.o
CC kernel/rseq.o
AR kernel/built-in.a
CC certs/system_keyring.o
make[1]: *** No rule to make target 'debian/certs/debian-uefi-certs.pem', needed by 'certs/x509_certificate_list'. Stop.
make: *** [Makefile:1851: certs] Error 2
2 个解决方案
解决方案1
3 已采纳 2021-08-25 12:30:16
This seems to be the way to go with the current version:这似乎是 go 与当前版本的方式:
https://unix.stackexchange.com/a/649484/301245 https://unix.stackexchange.com/a/649484/301245
There are many, many config flags now, and the signing system must stay operational for the build to work.现在有很多很多的配置标志,并且签名系统必须保持运行才能使构建工作。 Easiest is to copy debian/ and debian.master/ into the source tree of the kernel to be built, then it works without additional changes.最简单的方法是将 debian/ 和 debian.master/ 复制到要构建的 kernel 的源代码树中,然后无需额外更改即可工作。 Well, almost: It can happen that references to key files still exist.好吧,几乎:对关键文件的引用可能仍然存在。 The keys section in the.conf file should look like this: .conf 文件中的 keys 部分应如下所示:
#
# Certificates for signature checking
#
CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
CONFIG_SYSTEM_TRUSTED_KEYRING=y
CONFIG_SYSTEM_TRUSTED_KEYS=""
CONFIG_SYSTEM_EXTRA_CERTIFICATE=y
CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096
CONFIG_SECONDARY_TRUSTED_KEYRING=y
CONFIG_SYSTEM_BLACKLIST_KEYRING=y
CONFIG_SYSTEM_BLACKLIST_HASH_LIST=""
CONFIG_SYSTEM_REVOCATION_LIST=y
CONFIG_SYSTEM_REVOCATION_KEYS=""
# end of Certificates for signature checking
解决方案2
0 2022-06-07 08:30:32
Instead of removing the kernel signature checking, I've just configured it correctly:我没有删除 kernel 签名检查,而是正确配置了它:
#
# Certificates for signature checking
#
CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
CONFIG_MODULE_SIG_KEY_TYPE_RSA=y
CONFIG_MODULE_SIG_KEY_TYPE_ECDSA=y
CONFIG_SYSTEM_TRUSTED_KEYRING=y
CONFIG_SYSTEM_TRUSTED_KEYS="/usr/local/src/debian/canonical-certs.pem"
CONFIG_SYSTEM_EXTRA_CERTIFICATE=y
CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096
CONFIG_SECONDARY_TRUSTED_KEYRING=y
CONFIG_SYSTEM_BLACKLIST_KEYRING=y
CONFIG_SYSTEM_BLACKLIST_HASH_LIST=""
CONFIG_SYSTEM_REVOCATION_LIST=y
CONFIG_SYSTEM_REVOCATION_KEYS="/usr/local/src/debian/canonical-revoked-certs.pem"
# end of Certificates for signature checking
To get there, I've just followed these steps:为了到达那里,我只是按照以下步骤操作:
sudo mkdir -p /usr/local/src/debian
sudo apt install linux-source
sudo cp -v /usr/src/linux-source-*/debian/canonical-*.pem /usr/local/src/debian/
sudo apt purge linux-source*
...which: ...哪个:
- installs the Ubuntu Linux kernel sources安装 Ubuntu Linux kernel 源
- copies the certificates into a dedicated non-package-managed directory将证书复制到专用的非包管理目录
- removes any kernel sources package again再次删除任何 kernel 源 package
This process can be repeated whenever an update is required (eg new certificates).只要需要更新(例如新证书),就可以重复此过程。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.