James Cloos <cloos <at> jhcloos.com> writes: > > This combination: > > # CONFIG_SYSTEM_TRUSTED_KEYRING is not set > CONFIG_TRUSTED_KEYS=m > > (acquired by oldconfig and N to system keyring) > > fails with: > > Pass 2 > CC [M] crypto/asymmetric_keys/x509_rsakey-asn1.o > CC [M] crypto/asymmetric_keys/x509_cert_parser.o > CC [M] crypto/asymmetric_keys/x509_public_key.o > crypto/asymmetric_keys/x509_public_key.c: In function ‘x509_key_preparse’: > crypto/asymmetric_keys/x509_public_key.c:237:35: error: ‘system_trusted_keyring’ > undeclared (first use in this function) > ret = x509_validate_trust(cert, system_trusted_keyring); > ^ > crypto/asymmetric_keys/x509_public_key.c:237:35: note: each undeclared identifier is reported > only once for each function it appears in > make[2]: *** [crypto/asymmetric_keys/x509_public_key.o] Error 1 > make[1]: *** [crypto/asymmetric_keys] Error 2 > make: *** [crypto] Error 2 > > Perhaps include/keys/system_keyring.h should have a definition for > system_trusted_keyring in the #ifndef CONFIG_SYSTEM_TRUSTED_KEYRING > case (which may entail just removing the #ifdef). > > Commits b56e5a17b6b9acd1 and 09fbc47373826d67 are relevant. > > -JimC
I have same problem too. Using following band-aid patch (though I'm not sure it's correct), build is ok; --- a/security/integrity/digsig.c +++ b/security/integrity/digsig.c @@ -67,6 +67,7 @@ int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen, return -EOPNOTSUPP; } +#ifdef CONFIG_INTEGRITY_ASYMMETRIC_KEYS int integrity_init_keyring(const unsigned int id) { const struct cred *cred = current_cred(); @@ -84,3 +85,4 @@ int integrity_init_keyring(const unsigned int id) keyring_name[id], PTR_ERR(keyring[id])); return 0; } +#endif But, I encounter another build issue; CC crypto/asymmetric_keys/x509_public_key.o crypto/asymmetric_keys/x509_public_key.c: In function ‘x509_key_preparse’: crypto/asymmetric_keys/x509_public_key.c:237:35: error: ‘system_trusted_keyring’ undeclared (first use in this function) ret = x509_validate_trust(cert, system_trusted_keyring); ^ crypto/asymmetric_keys/x509_public_key.c:237:35: note: each undeclared identifier is reported only once for each function it appears in make[2]: *** [crypto/asymmetric_keys/x509_public_key.o] Error 1 make[1]: *** [crypto/asymmetric_keys] Error 2 make: *** [crypto] Error 2 Looks like it's caused by following combination... # CONFIG_SYSTEM_TRUSTED_KEYRING is not set CONFIG_X509_CERTIFICATE_PARSER=y Jongman Heo -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/