Ubuntu
sbsigntool package

make check fails due to "subj"

Asked by Vindicator

make[2]: 'private-key.rsa' is up to date.
openssl req -x509 -sha256 -subj '/' -new -key private-key.rsa -out public-cert.pem
req: Unknown digest subj
req: Use -help for summary.
Makefile:938: recipe for target 'public-cert.pem' failed
make[2]: *** [public-cert.pem] Error 1
make[2]: Leaving directory '/home/user/Desktop/sbsigntool/tests'
Makefile:786: recipe for target 'check-am' failed
make[1]: *** [check-am] Error 2
make[1]: Leaving directory '/home/user/Desktop/sbsigntool/tests'
Makefile:355: recipe for target 'check-recursive' failed
make: *** [check-recursive] Error 1

Expanding "subj" to "subject" seems to take care of that, but then is explodes with errors:
openssl genrsa -out private-key.rsa 2048
invalid engine "private-key.rsa"
139718926882448:error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library:dso_dlfcn.c:172:filename(/usr/local/ssl/lib/engines/libprivate-key.rsa.so): /usr/local/ssl/lib/engines/libprivate-key.rsa.so: cannot open shared object file: No such file or directory
139718926882448:error:25070067:DSO support routines:DSO_load:could not load the shared library:dso_lib.c:228:
139718926882448:error:260B6084:engine routines:DYNAMIC_LOAD:dso not found:eng_dyn.c:458:
139718926882448:error:2606A074:engine routines:ENGINE_by_id:no such engine:eng_list.c:379:id=private-key.rsa
139718926882448:error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library:dso_dlfcn.c:172:filename(libprivate-key.rsa.so): libprivate-key.rsa.so: cannot open shared object file: No such file or directory
139718926882448:error:25070067:DSO support routines:DSO_load:could not load the shared library:dso_lib.c:228:
139718926882448:error:260B6084:engine routines:DYNAMIC_LOAD:dso not found:eng_dyn.c:458:
Generating RSA private key, 2048 bit long modulus
............................+++
...............+++
e is 65537 (0x010001)
openssl req -x509 -sha256 -subject '/' -new -key private-key.rsa -out public-cert.pem
rm test-x86_64.elf test-i386.o test-i386.elf test-x86_64.o
make[2]: Leaving directory '/home/user/Desktop/sbsigntool/tests'
make check-TESTS
make[2]: Entering directory '/home/user/Desktop/sbsigntool/tests'
make[3]: Entering directory '/home/user/Desktop/sbsigntool/tests'
FAIL: sign-verify.sh
FAIL: sign-verify-detached.sh
FAIL: sign-detach-verify.sh
FAIL: sign-attach-verify.sh
FAIL: sign-missing-image.sh
FAIL: sign-missing-cert.sh
FAIL: sign-missing-key.sh
FAIL: verify-missing-image.sh
FAIL: verify-missing-cert.sh
FAIL: sign-invalidattach-verify.sh
FAIL: cert-table-header.sh
FAIL: resign-warning.sh
FAIL: reattach-warning.sh
FAIL: detach-remove.sh

Question information

Language:
English Edit question
Status:
Expired
For:
Ubuntu sbsigntool Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Vindicator (vindicator) said : 		#1

I should add the following info:

I'm following https://wiki.ubuntu.com/UEFI/SecureBoot

It seems to be an openssl issue:
$ openssl genrsa -out test-key.rsa 2048
invalid engine "test-key.rsa"
139954577688208:error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library:dso_dlfcn.c:172:filename(/usr/local/ssl/lib/engines/libtest-key.rsa.so): /usr/local/ssl/lib/engines/libtest-key.rsa.so: cannot open shared object file: No such file or directory
139954577688208:error:25070067:DSO support routines:DSO_load:could not load the shared library:dso_lib.c:228:
139954577688208:error:260B6084:engine routines:DYNAMIC_LOAD:dso not found:eng_dyn.c:458:
139954577688208:error:2606A074:engine routines:ENGINE_by_id:no such engine:eng_list.c:379:id=test-key.rsa
139954577688208:error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library:dso_dlfcn.c:172:filename(libtest-key.rsa.so): libtest-key.rsa.so: cannot open shared object file: No such file or directory
139954577688208:error:25070067:DSO support routines:DSO_load:could not load the shared library:dso_lib.c:228:
139954577688208:error:260B6084:engine routines:DYNAMIC_LOAD:dso not found:eng_dyn.c:458:
Generating RSA private key, 2048 bit long modulus
......................+++
....+++
e is 65537 (0x010001)

The key appears to be created but I may have gitted a buggy openssl master.
... it was. No problems with: $ git checkout OpenSSL_1_0_2-stable
The "subj" was not a problem and did not need to be expanded, HOWEVER there are still 14 failed tests:
FAIL: sign-verify.sh
FAIL: sign-verify-detached.sh
FAIL: sign-detach-verify.sh
FAIL: sign-attach-verify.sh
FAIL: sign-missing-image.sh
FAIL: sign-missing-cert.sh
FAIL: sign-missing-key.sh
FAIL: verify-missing-image.sh
FAIL: verify-missing-cert.sh
FAIL: sign-invalidattach-verify.sh
FAIL: cert-table-header.sh
FAIL: resign-warning.sh
FAIL: reattach-warning.sh
FAIL: detach-remove.sh
sign-verify.log "../test-driver: line 107: TEST_ARCHES=x86_64 i386: command not found"

Revision history for this message
actionparsnip (andrew-woodhead666) said : 		#2

Isn't sbsigntool in the repositories?

Revision history for this message
Vindicator (vindicator) said : 		#3

I'm sure it is, but as the ubuntu link says, you can build it from git.
I like to build packages manually and run checks/tests so I know if it runs clean or not.

Revision history for this message
Launchpad Janitor (janitor) said : 		#4

This question was expired because it remained in the 'Needs information' state without activity for the last 15 days.