Description of problem: The documentation at https://docs.fedoraproject.org/en-US/Fedora/21/html/System_Administrators_Guide/sect-kernel-module-authentication.html is out of date and incorrect. "perl /usr/src/kernels/$(uname -r)/scripts/sign-file \ > sha256 \ > my_signing_key.priv \ > my_signing_key_pub.der \ > my_module.ko" The sign-file utility is no longer a perl script but a binary. Executing this command as writen will overwrite 1. the private key 2. the public key 3. the module to be signed. This is very bad for obvious reasons. Also "keyctl list %:.system_keyring" This is no longer a valid keyring name. Presumably there are other errors. These are only the ones I happened to find. If redhat can't be bothered to correct the docs they should at least take them down and put in a FIXME: documentation needed so people don't accidentally delete important files. Version-Release number of selected component (if applicable): What is currently live on the site How reproducible: Every time Steps to Reproduce: 1. Follow instructions 2. File my_signing_key.priv 3. See empty file Actual results: Overwrites private and public keys Expected results: Signs kernel module Additional info:
Hi, the docs are indeed outdated, they're for Fedora 21 which was released in 2014 and EOLed in 2015. The current docs are here, can you please take a look and let me know if it's fine? Also, you might now be wondering why you landed at outdated docs. This is a long running problem, we don't unpublish documentation for releases that are no longer supported, but at the same time those docs tend to show up in search engine results and when you land on a page from a search engine, there's nothing except the URL indicating that you're looking at an old version. We have a couple issues open regarding this problem here: * https://pagure.io/fedora-docs/docs-fp-o/issue/116 * https://pagure.io/fedora-docs/docs-fp-o/issue/118 However, unfortunately I don't have an estimate for when they'll be fixed. Cheers, Petr
Oh actually, I just remembered we have an open issue specifically about this section on Pagure as well. Unfortunately I don't know much about kernel and I don't have the time to go track down someone who does. If you're knowledgeable about the subject, could you take a look at https://pagure.io/fedora-docs/system-administrators-guide/issue/11#comment-570387 and let me know what should go in there?
The current docs are where exactly? I haven't found any. Re: your other question, keyctl list %:.builtin_trusted_keys does do something similar but it's not a 1 to 1 replacement. It only shows the fedora signing key whereas the old command showed all the system keys. I wish I knew what the command is to show all the keys, I've looked and looked and haven't been able to find it.
Oh, sorry, I guess I forgot to paste the link. The current docs are here: https://docs.fedoraproject.org/en-US/fedora/f30/system-administrators-guide/kernel-module-driver-configuration/Working_with_Kernel_Modules/#sect-kernel-module-authentication
Closing this so I can have the whole Fedora Docs BZ project removed. If the problem persists, please open an issue in Gitlab: https://gitlab.com/fedora/docs/fedora-linux-documentation/fedora-linux-sysadmin-guide/-/issues