Unknown module key warnings

[Josh Boyer]

On Wed, Nov 14, 2012 at 01:26:06PM -0600, Bruno Wolff III wrote:
> On Wed, Nov 14, 2012 at 14:16:59 -0500,
>   Josh Boyer <jwboyer at redhat.com> wrote:
> >
> >Are you loading modules from one kernel build into a different kernel
> >build?  That is basically saying "the key this module is signed with
> >isn't in the kernel's keyring".  But that specific key looks like the
> >one that should be built into the kernel during build, so it should be
> >there.  Or you're doing what I asked earlier, which would be odd.
> 
> I don't belive so. I create a new package for the dahdi-linux
> package for each kernel version. I also get multiple warnings each
> boot and dahdi-linux is the only module I build locally.
> 
> >Post dmesg output please.
> 
> Attached.

> [    0.000000] Initializing cgroup subsys cpuset
> [    0.000000] Initializing cgroup subsys cpu
> [    0.000000] Linux version 3.7.0-0.rc5.git0.2.fc19.i686.PAE (mockbuild@) (gcc version 4.7.2 20121109 (Red Hat 4.7.2-8) (GCC) ) #1 SMP Mon Nov 12 00:08:40 UTC 2012

You rebuilt your kernel?  Or where did you get this?  That build isn't
in koji.

> [    1.585098] Loading module verification certificates
> [    1.591334] MODSIGN: Loaded cert 'Fedora kernel signing key: 0f1c4e72b9f2048a386af55c6c935cbd11d4be3c'

This is the key that is built into the kernel you have, and it's
successfully loaded.

> [   37.820234] Request for unknown module key 'Fedora kernel signing key: 2f230f4662d4290a932538bd964f802eaa42f49a' err -11

That is the key the modules you have are signed with.  Clearly not the
same key.

So either something is resigning all the modules you have for this
kernel, or you have modules from a different kernel in this kernel's
location, or something similarly weird.

I don't see any similar issues using the latest rawhide build in a VM,
so this is very curious.  Is the dahdi-linux rebuild doing signing?

josh