Kernel headers for Debian image
402 views
Skip to first unread message
Jeff Hanson
Jan 12, 2021, 11:39:49 PM1/12/21
to USB armory
Hello,
I am looking to install Wireguard on my USB armory MkII running the F-Secure Debian image. Wireguard tries to build via DKMS but the Linux headers aren't included in the image.
I setup a docker build environment and modified the Makefile to do a "make headers-install", then copied the files over and made the appropriate symlinks under /lib/module.../build but that didn't work as it was missing some binaries in the src/scripts directory.
I then tried to make a headers .deb file by adding the "deb-pkg" target to make command that builds the zImage, modules and dtb. Despite the cross-compile environment variables this built a linux-headers .deb file with amd64 binaries. This caused the DKMS build to fail when it tried to run the fixdeps binary.
Does anyone know how to get the kernel headers installed in the Debian image such that modules like wireguard-dkms can be installed?
Andrej Rosano
Jan 13, 2021, 5:02:21 AM1/13/21
to Jeff Hanson, USB armory
Hi Jeff,
please check the last commit in the repo [1]. This the add Makefile target
`linux-headers-deb`.
Cheers
Andrej
[1] https://github.com/f-secure-foundry/usbarmory-debian-base_image/commit/89cb9c696d5c8cdf1aebc0a89e83cd855c99e92e
> --
> You received this message because you are subscribed to the Google Groups "USB armory" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to usbarmory+...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/usbarmory/6af71d86-1912-49f7-adb5-143ee6ed411bn%40googlegroups.com.
--
Andrej Rosano
Hardware Security | Inverse Path | F-Secure
www.inversepath.com | foundry.f-secure.com
5BB8 574E 68E8 D841 E18F D5E9 CEAD E0CF 0193 9B21
please check the last commit in the repo [1]. This the add Makefile target
`linux-headers-deb`.
Cheers
Andrej
[1] https://github.com/f-secure-foundry/usbarmory-debian-base_image/commit/89cb9c696d5c8cdf1aebc0a89e83cd855c99e92e
> You received this message because you are subscribed to the Google Groups "USB armory" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to usbarmory+...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/usbarmory/6af71d86-1912-49f7-adb5-143ee6ed411bn%40googlegroups.com.
--
Andrej Rosano
Hardware Security | Inverse Path | F-Secure
www.inversepath.com | foundry.f-secure.com
5BB8 574E 68E8 D841 E18F D5E9 CEAD E0CF 0193 9B21
Jeff Hanson
Jan 13, 2021, 10:21:07 AM1/13/21
to Jeff Hanson, USB armory
Hello,
Thanks for the fast reply! I pulled your commit (actually a new checkout of master to make sure my changes were gone) and attempted to build an image but ran into an error. It looks like control_template_linux-headers doesn't exist?
root@d7320a327739:/opt/armory# make all V=mark-two IMX=imx6ulz BOOT=eMMC
...<snip>...
make[1]: Leaving directory '/opt/armory/mxs-dcp-master'
cd linux-image-5.4-usbarmory-mark-two_5.4.87-0_armhf/boot ; ln -sf zImage-5.4.87-0-usbarmory zImage
cd linux-image-5.4-usbarmory-mark-two_5.4.87-0_armhf/boot ; ln -sf imx6ulz-usbarmory-default-5.4.87-0.dtb imx6ulz-usbarmory.dtb
cd linux-image-5.4-usbarmory-mark-two_5.4.87-0_armhf/boot ; ln -sf imx6ulz-usbarmory.dtb imx6ull-usbarmory.dtb
rm linux-image-5.4-usbarmory-mark-two_5.4.87-0_armhf/lib/modules/5.4.87-0/{build,source}
chmod 755 linux-image-5.4-usbarmory-mark-two_5.4.87-0_armhf/DEBIAN
fakeroot dpkg-deb -b linux-image-5.4-usbarmory-mark-two_5.4.87-0_armhf linux-image-5.4-usbarmory-mark-two_5.4.87-0_armhf.deb
dpkg-deb: building package 'linux-image-5.4-usbarmory-mark-two' in 'linux-image-5.4-usbarmory-mark-two_5.4.87-0_armhf.deb'.
mkdir -p linux-headers-5.4-usbarmory-mark-two_5.4.87-0_armhf/{DEBIAN,boot,lib/modules/5.4.87-0/build}
cd linux-headers-5.4-usbarmory-mark-two_5.4.87-0_armhf/lib/modules/5.4.87-0 ; ln -sf build source
cat control_template_linux-headers | \
sed -e 's/XXXX/5.4/' | \
sed -e 's/YYYY/5.4.87-0/' | \
sed -e 's/ZZZZ/linux-image-5.4-usbarmory (=5.4.87-0)/' | \
sed -e 's/USB armory/USB armory mark-two/' \
> linux-headers-5.4-usbarmory-mark-two_5.4.87-0_armhf/DEBIAN/control
cat: control_template_linux-headers: No such file or directory
cd linux-5.4.87 && make INSTALL_HDR_PATH=../linux-headers-5.4-usbarmory-mark-two_5.4.87-0_armhf/lib/modules/5.4.87-0/build ARCH=
arm headers_install
make[1]: Entering directory '/opt/armory/linux-5.4.87'
INSTALL ../linux-headers-5.4-usbarmory-mark-two_5.4.87-0_armhf/lib/modules/5.4.87-0/build/include
make[1]: Leaving directory '/opt/armory/linux-5.4.87'
chmod 755 linux-headers-5.4-usbarmory-mark-two_5.4.87-0_armhf/DEBIAN
fakeroot dpkg-deb -b linux-headers-5.4-usbarmory-mark-two_5.4.87-0_armhf linux-headers-5.4-usbarmory-mark-two_5.4.87-0_armhf.deb
dpkg-deb: error: no package information in 'linux-headers-5.4-usbarmory-mark-two_5.4.87-0_armhf/DEBIAN/control'
make: *** [Makefile:260: linux-headers-deb] Error 2
cd linux-image-5.4-usbarmory-mark-two_5.4.87-0_armhf/boot ; ln -sf zImage-5.4.87-0-usbarmory zImage
cd linux-image-5.4-usbarmory-mark-two_5.4.87-0_armhf/boot ; ln -sf imx6ulz-usbarmory-default-5.4.87-0.dtb imx6ulz-usbarmory.dtb
cd linux-image-5.4-usbarmory-mark-two_5.4.87-0_armhf/boot ; ln -sf imx6ulz-usbarmory.dtb imx6ull-usbarmory.dtb
rm linux-image-5.4-usbarmory-mark-two_5.4.87-0_armhf/lib/modules/5.4.87-0/{build,source}
chmod 755 linux-image-5.4-usbarmory-mark-two_5.4.87-0_armhf/DEBIAN
fakeroot dpkg-deb -b linux-image-5.4-usbarmory-mark-two_5.4.87-0_armhf linux-image-5.4-usbarmory-mark-two_5.4.87-0_armhf.deb
dpkg-deb: building package 'linux-image-5.4-usbarmory-mark-two' in 'linux-image-5.4-usbarmory-mark-two_5.4.87-0_armhf.deb'.
mkdir -p linux-headers-5.4-usbarmory-mark-two_5.4.87-0_armhf/{DEBIAN,boot,lib/modules/5.4.87-0/build}
cd linux-headers-5.4-usbarmory-mark-two_5.4.87-0_armhf/lib/modules/5.4.87-0 ; ln -sf build source
cat control_template_linux-headers | \
sed -e 's/XXXX/5.4/' | \
sed -e 's/YYYY/5.4.87-0/' | \
sed -e 's/ZZZZ/linux-image-5.4-usbarmory (=5.4.87-0)/' | \
sed -e 's/USB armory/USB armory mark-two/' \
> linux-headers-5.4-usbarmory-mark-two_5.4.87-0_armhf/DEBIAN/control
cat: control_template_linux-headers: No such file or directory
cd linux-5.4.87 && make INSTALL_HDR_PATH=../linux-headers-5.4-usbarmory-mark-two_5.4.87-0_armhf/lib/modules/5.4.87-0/build ARCH=
arm headers_install
make[1]: Entering directory '/opt/armory/linux-5.4.87'
INSTALL ../linux-headers-5.4-usbarmory-mark-two_5.4.87-0_armhf/lib/modules/5.4.87-0/build/include
make[1]: Leaving directory '/opt/armory/linux-5.4.87'
chmod 755 linux-headers-5.4-usbarmory-mark-two_5.4.87-0_armhf/DEBIAN
fakeroot dpkg-deb -b linux-headers-5.4-usbarmory-mark-two_5.4.87-0_armhf linux-headers-5.4-usbarmory-mark-two_5.4.87-0_armhf.deb
dpkg-deb: error: no package information in 'linux-headers-5.4-usbarmory-mark-two_5.4.87-0_armhf/DEBIAN/control'
make: *** [Makefile:260: linux-headers-deb] Error 2
root@d7320a327739:/opt/armory# find . -name control_template_linux-headers
root@d7320a327739:/opt/armory#
root@d7320a327739:/opt/armory#
Jeff Hanson
Jan 13, 2021, 2:24:15 PM1/13/21
to USB armory
Hello again,
I noticed some additional commits fixed the problem I encountered above. I pulled the latest and built a new image with the headers installed. Unfortunately it seems the build directory under the kernel headers is missing some key files required for DKMS to build properly. Here are the steps I took on a new debian image:
echo "deb http://deb.debian.org/debian buster-backports main" | sudo tee /etc/apt/sources.list
sudo apt update && sudo apt dist-upgrade && sudo apt install wireguard
The first time it looks like the DKMS build failed because it tried to run before g++ was fully setup. I attempted to re-run the setup using "sudo apt-get -f install" which tried to rebuild wireguard-dkms but failed:
usbarmory@usbarmory:~$ sudo apt-get -f install
Reading package lists... Done
Building dependency tree
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
2 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
Setting up wireguard-dkms (1.0.20201221-1~bpo10+1) ...
Removing old wireguard-1.0.20201221 DKMS files...
------------------------------
Deleting module version: 1.0.20201221
completely from the DKMS tree.
------------------------------
Done.
Loading new wireguard-1.0.20201221 DKMS files...
It is likely that 5.4.87-0 belongs to a chroot's host
Building for 5.4.87-0
Building initial module for 5.4.87-0
Error! Bad return status for module build on kernel: 5.4.87-0 (armv7l)
Consult /var/lib/dkms/wireguard/1.0.20201221/build/make.log for more information.
dpkg: error processing package wireguard-dkms (--configure):
installed wireguard-dkms package post-installation script subprocess returned error exit status 10
Reading package lists... Done
Building dependency tree
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
2 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
Setting up wireguard-dkms (1.0.20201221-1~bpo10+1) ...
Removing old wireguard-1.0.20201221 DKMS files...
------------------------------
Deleting module version: 1.0.20201221
completely from the DKMS tree.
------------------------------
Done.
Loading new wireguard-1.0.20201221 DKMS files...
It is likely that 5.4.87-0 belongs to a chroot's host
Building for 5.4.87-0
Building initial module for 5.4.87-0
Error! Bad return status for module build on kernel: 5.4.87-0 (armv7l)
Consult /var/lib/dkms/wireguard/1.0.20201221/build/make.log for more information.
dpkg: error processing package wireguard-dkms (--configure):
installed wireguard-dkms package post-installation script subprocess returned error exit status 10
Here's the contents of
/var/lib/dkms/wireguard/1.0.20201221/build/make.log
DKMS make.log for wireguard-1.0.20201221 for kernel 5.4.87-0 (armv7l)Wed 13 Jan 2021 07:12:26 PM UTC
make: Entering directory '/usr/lib/modules/5.4.87-0/build'
make: *** No targets specified and no makefile found. Stop.
make: Leaving directory '/usr/lib/modules/5.4.87-0/build'
Andrej Rosano
Jan 14, 2021, 3:46:28 AM1/14/21
to Jeff Hanson, USB armory
Hi Jeff,
would you please open an issue in github so we can better track this issue?
Thanks
Andrej
> To view this discussion on the web visit https://groups.google.com/d/msgid/usbarmory/9d05f8ca-aede-4d1a-84d2-818c2ae75de9n%40googlegroups.com.
would you please open an issue in github so we can better track this issue?
Thanks
Andrej
Reply all
Reply to author
Forward
0 new messages