Public bug reported:
[Impact]
/usr/src/linux-headers-6.8.0-47-generic/scripts/insert-sys-cert fails to insert
a certificate into vmlinuz
[Test Case]
1. cp /boot/vmlinuz-6.8.0-47-generic ~/workdir/
2. cp /boot/System.map-6.8.0-47-generic ~/workdir/
3. cd ~/workdir
4. openssl req -x509 -newkey rsa:4096 -keyout snakeoil-key.der -out
snakeoil-cert.der -sha256 -days 3650 -nodes -subj
"/O=MyCert/OU=MyCert/CN=snakeoil" -outform DER
5. /usr/src/linux-headers-6.8.0-47-generic/scripts/insert-sys-cert -s
System.map-6.8.0-47-generic -z vmlinuz-6.8.0-47-generic -c snakeoil-cert.der
ERROR: Unable to determine the compression of vmlinux
Recent kernels use zstd compression, which Ubuntu's insert-sys-cert does not
know about. The
scripts/extract-vmlinux could be used to extract the vmlinux since it knows
about zstd. However, because it has been stripped, it tries to use the
Systems.map file to find the symbol, but has trouble reading
lines of the file.
1. /usr/src/linux-headers-6.8.0-47-generic/scripts/extract-vmlinux
vmlinuz-6.8.0-47-generic > myvmlinux
2. file vmlinux
vmlinux: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically
linked,
BuildID[sha1]=90786183f0bb9cf3d745ac2a83e1b86d473d6594, stripped
3. /usr/src/linux-headers-6.8.0-47-generic/scripts/insert-sys-cert -s
System.map-6.8.0-47-generic -b myvmlinux -c snakeoil-cert.der
WARNING: Could not find the symbol table.
ERROR: Missing line ending.
ERROR: Missing line ending.
ERROR: Missing line ending.
[ Where Problem Occurred ]
Package Name:
# dpkg -l | grep linux-headers-6.8.0-47-generic
ii linux-headers-6.8.0-47-generic 6.8.0-47.47
amd64 Linux kernel headers for version 6.8.0 on 64 bit x86 SMP
# cat /proc/version_signature
Ubuntu 6.8.0-47.47-generic 6.8.12
# lsb_release -rd
No LSB modules are available.
Description: Ubuntu 24.04.1 LTS
Release: 24.04
** Affects: linux (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2086819
Title:
scripts/insert-sys-cert does not insert a cert into kernel image
Status in linux package in Ubuntu:
New
Bug description:
[Impact]
/usr/src/linux-headers-6.8.0-47-generic/scripts/insert-sys-cert fails to
insert a certificate into vmlinuz
[Test Case]
1. cp /boot/vmlinuz-6.8.0-47-generic ~/workdir/
2. cp /boot/System.map-6.8.0-47-generic ~/workdir/
3. cd ~/workdir
4. openssl req -x509 -newkey rsa:4096 -keyout snakeoil-key.der -out
snakeoil-cert.der -sha256 -days 3650 -nodes -subj
"/O=MyCert/OU=MyCert/CN=snakeoil" -outform DER
5. /usr/src/linux-headers-6.8.0-47-generic/scripts/insert-sys-cert -s
System.map-6.8.0-47-generic -z vmlinuz-6.8.0-47-generic -c snakeoil-cert.der
ERROR: Unable to determine the compression of vmlinux
Recent kernels use zstd compression, which Ubuntu's insert-sys-cert does not
know about. The
scripts/extract-vmlinux could be used to extract the vmlinux since it knows
about zstd. However, because it has been stripped, it tries to use the
Systems.map file to find the symbol, but has trouble reading
lines of the file.
1. /usr/src/linux-headers-6.8.0-47-generic/scripts/extract-vmlinux
vmlinuz-6.8.0-47-generic > myvmlinux
2. file vmlinux
vmlinux: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically
linked,
BuildID[sha1]=90786183f0bb9cf3d745ac2a83e1b86d473d6594, stripped
3. /usr/src/linux-headers-6.8.0-47-generic/scripts/insert-sys-cert -s
System.map-6.8.0-47-generic -b myvmlinux -c snakeoil-cert.der
WARNING: Could not find the symbol table.
ERROR: Missing line ending.
ERROR: Missing line ending.
ERROR: Missing line ending.
[ Where Problem Occurred ]
Package Name:
# dpkg -l | grep linux-headers-6.8.0-47-generic
ii linux-headers-6.8.0-47-generic 6.8.0-47.47
amd64 Linux kernel headers for version 6.8.0 on 64 bit x86 SMP
# cat /proc/version_signature
Ubuntu 6.8.0-47.47-generic 6.8.12
# lsb_release -rd
No LSB modules are available.
Description: Ubuntu 24.04.1 LTS
Release: 24.04
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2086819/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
