执行脚本如下
sign.sh.txt
[16:47 t ~]$ cd 下载/
[16:47 t ~/下载]$ ls
module-signing.txt VirtualBox-4.3-4.3.36_105129_fedora18-1.x86_64.rpm
Oracle_VM_VirtualBox_Extension_Pack-4.3.36-105129.vbox-extpack VirtualBox-5.0-5.0.18_106667_fedora22-1.x86_64.rpm
Oracle_VM_VirtualBox_Extension_Pack-5.0.18-106667.vbox-extpack wine-qqintl.zip
scrt-7.3.7.1034.rhel6-64.tar.gz yEd-3.15.0.2_64-bit_setup.sh
[16:47 t ~/下载]$ sudo dnf install VirtualBox-5.0-5.0.18_106667_fedora22-1.x86_64.rpm
上次元数据过期检查:1:17:21 前,执行于 Wed Apr 20 15:30:30 2016。
依赖关系解决。
========================================================================================================================
Package 架构 版本 仓库 大小
========================================================================================================================
安装:
VirtualBox-5.0 x86_64 5.0.18_106667_fedora22-1 @commandline 67 M
compat-libvpx1 x86_64 1.3.0-3.fc23 fedora 497 k
事务概要
========================================================================================================================
安装 2 软件包
总计:67 M
总下载:497 k
安装大小:151 M
确定吗?[y/N]: y
下载软件包:
compat-libvpx1-1.3.0-3.fc23.x86_64.rpm 1.4 MB/s | 497 kB 00:00
------------------------------------------------------------------------------------------------------------------------
总计 178 kB/s | 497 kB 00:02
运行事务检查
事务检查成功。
运行事务测试
事务测试成功。
运行事务
安装: compat-libvpx1-1.3.0-3.fc23.x86_64 1/2
安装: VirtualBox-5.0-5.0.18_106667_fedora22-1.x86_64 2/2
Creating group 'vboxusers'. VM users must be member of that group!
No precompiled module for this kernel found -- trying to build one. Messages
emitted during module compilation will be logged to /var/log/vbox-install.log.
Stopping VirtualBox kernel modules [ 确定 ]
Uninstalling old VirtualBox DKMS kernel modules [ 确定 ]
Trying to register the VirtualBox kernel modules using DKMS [ 确定 ]
Starting VirtualBox kernel modules [失败]
(modprobe vboxdrv failed. Please use 'dmesg' to find out why)
验证: VirtualBox-5.0-5.0.18_106667_fedora22-1.x86_64 1/2
验证: compat-libvpx1-1.3.0-3.fc23.x86_64 2/2
已安装:
VirtualBox-5.0.x86_64 5.0.18_106667_fedora22-1 compat-libvpx1.x86_64 1.3.0-3.fc23
完毕!
[16:58 t ~]$ mkdir -p ~/vbox/x509
[16:58 t ~]$ cd vbox/x509/
[16:58 t ~/vbox/x509]$ cat << EOF > configuration_file.config
[ req ]
default_bits = 4096
distinguished_name = req_distinguished_name
prompt = no
string_mask = utf8only
x509_extensions = myexts
[ req_distinguished_name ]
O = Organization #这里修改成自己的信息,也可以不修改
CN = Organization signing key #这里修改成自己的信息,也可以不修改
emailAddress = E-mail address #这里修改成自己的信息,也可以不修改
[ myexts ]
basicConstraints=critical,CA:FALSE
keyUsage=digitalSignature
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid
EOF
[16:58 t ~/vbox/x509]$ openssl req -x509 -new -nodes -utf8 -sha256 -days 36500 -batch -config configuration_file.config -outform DER -out public_key.der -keyout private_key.priv
[16:58 t ~/vbox/x509]$ sudo keyctl list %:.system_keyring #下面是我当前系统默认的7个证书
[sudo] t 的密码:
8 keys in keyring:
1041839568: ---lswrv 0 0 asymmetric: ASUSTeK MotherBoard SW Key Certificate: da83b990422ebc8c441f8d8b039a65a2
55985921: ---lswrv 0 0 asymmetric: Fedora kernel signing key: 06621e12aa0ce1e3da1b2f45a9e29ccb25e22ccb
200044575: ---lswrv 0 0 asymmetric: Fedora Secure Boot CA: fde32599c2d61db1bf5807335d7b20e4cd963b42
862159181: ---lswrv 0 0 asymmetric: Canonical Ltd. Master Certificate Authority: ad91990bc22ab1f517048c23b6655a268e345a63
947543670: ---lswrv 0 0 asymmetric: Microsoft Windows Production PCA 2011: a92902398e16c49778cd90f99e4f9ae17c55af53
1038841390: ---lswrv 0 0 asymmetric: Microsoft Corporation UEFI CA 2011: 13adbf4309bd82709c8cd54f316ed522988a1bd4
469056896: ---lswrv 0 0 asymmetric: ASUSTeK Notebook SW Key Certificate: b8e581e4df77a5bb4282d5ccfc00c071
[16:58 t ~/vbox/x509]$ sudo mokutil --import public_key.der
#输入key密钥,等会重启后导入时会输入这个密码。
[16:58 t ~/vbox/x509]$ mokutil --list-new #这里显示要添加的key。
[key 1]
SHA1 Fingerprint: 01:cd:51:f6:de:3d:db:45:a6:f8:19:bd:a6:b5:e5:de:09:01:f8:84
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16061672967481245458 (0xdee686772d36bf12)
Signature Algorithm: sha256WithRSAEncryption
Issuer: O=Organization, CN=Organization signing key/emailAddress=E-mail address
Validity
Not Before: Apr 20 02:59:41 2016 GMT
Not After : Mar 27 02:59:41 2116 GMT
Subject: O=Organization, CN=Organization signing key/emailAddress=E-mail address
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:db:61:be:e0:b0:e6:59:31:75:64:66:b1:05:da:
76:2c:38:6e:a7:9f:93:a5:2c:5e:79:8b:02:f1:f6:
5f:ed:cb:f0:37:f2:01:ec:32:7c:39:06:6b:1e:c4:
c7:97:83:ef:90:40:a1:c4:f6:ec:40:d5:dd:d7:bb:
67:8a:c4:7d:46:1d:fd:c1:ea:f3:d3:7c:8c:5f:c5:
51:5c:17:57:bf:c8:fb:1d:c8:e2:9f:60:d5:dd:0c:
fd:34:bc:40:f4:46:91:a2:58:f7:9c:e4:7f:0c:03:
ba:fb:85:a0:77:a6:ce:cb:40:29:29:fb:78:7a:71:
4a:de:57:19:d3:5d:33:fb:87:f1:97:dd:ce:2c:08:
62:a7:e3:bb:18:29:54:ee:ce:66:18:e2:1e:c0:f4:
46:97:a2:89:09:84:0d:4c:c1:35:23:bb:af:73:14:
7c:25:af:25:be:b6:dd:33:3b:ad:9e:68:f1:9d:d0:
7c:e0:f2:3d:1d:4b:8c:3c:6f:7a:28:a0:71:6c:bc:
31:ad:15:e8:00:65:6a:ad:cf:2c:a8:3d:25:b2:f1:
09:4e:6d:20:45:3e:ed:92:51:1d:75:f9:28:2c:14:
08:f6:9a:22:1b:a3:6f:f3:56:77:87:a6:06:30:e6:
f5:d4:2e:1d:db:e8:20:1d:a0:e0:a1:25:69:62:11:
c4:5b:3c:23:ab:4d:2a:19:bc:b7:3d:de:d4:75:ab:
84:8f:c6:8c:2c:49:d7:fb:28:6e:17:b4:81:88:19:
8e:c9:c4:08:f8:9c:e4:89:b4:4b:fe:8d:17:ad:e2:
77:4a:fe:3f:66:13:80:98:0e:bf:b2:70:6b:a3:e3:
67:82:0e:e4:cd:fe:9b:a4:e1:e7:31:8c:bc:66:a6:
7d:d1:b2:4b:dc:54:75:5a:24:43:f0:e1:b3:22:ea:
88:c3:8e:23:89:be:f0:0b:83:a8:eb:cf:70:a9:cd:
f9:2e:b5:4a:30:95:b5:7a:49:b1:d0:32:63:00:07:
41:af:c9:b2:c5:b0:fb:35:3b:04:59:79:17:2e:9b:
12:9b:ee:3a:56:63:23:b7:71:f6:66:4f:29:5b:2b:
08:97:4e:c9:2a:93:f4:a2:65:ec:3b:94:b6:88:67:
89:fd:6b:9a:76:f7:e5:ca:3c:d5:a3:bd:c2:8d:83:
8b:df:a1:09:ec:cc:ff:83:a4:b9:10:2f:81:1a:1e:
d8:e5:9b:4f:6b:19:ca:9f:15:11:a7:1c:0e:7e:75:
03:a2:bb:26:7c:71:1d:69:69:ba:d9:5f:ba:ec:c1:
55:e9:51:9e:83:f8:1a:8e:23:f7:7b:4b:bc:a0:df:
e8:f0:e3:51:25:9f:b0:4c:f2:85:e9:83:d6:cb:96:
0c:a9:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Key Usage:
Digital Signature
X509v3 Subject Key Identifier:
53:97:63:77:75:3F:4D:CF:D6:68:77:D5:3F:7A:97:36:A9:BE:C7:64
X509v3 Authority Key Identifier:
keyid:53:97:63:77:75:3F:4D:CF:D6:68:77:D5:3F:7A:97:36:A9:BE:C7:64
Signature Algorithm: sha256WithRSAEncryption
54:7f:3d:6a:5b:09:4a:ff:36:c6:2b:e0:07:5b:6d:3f:16:f9:
a7:ad:b0:a7:89:36:41:40:10:66:8a:51:51:7c:44:2c:9c:9d:
46:9d:7c:06:d9:65:0d:21:46:96:10:f4:87:dd:e4:8b:05:cc:
ca:57:9d:a7:e5:11:2f:aa:2a:f0:c3:d0:7a:9d:cd:33:0d:a3:
c9:8d:ff:11:43:5f:3b:5f:32:ca:9f:0f:54:d4:2f:79:4c:f9:
d7:bd:2f:f7:9c:34:7b:87:6a:72:c2:64:13:8d:92:cd:02:13:
81:3a:18:da:83:3b:87:a3:bb:f0:39:94:6a:0a:04:f5:b3:40:
37:17:c4:66:c8:73:21:c1:fa:ec:c6:ca:f0:af:ee:ad:ec:75:
3f:44:87:bf:dd:fb:ac:f8:72:44:38:93:2c:22:01:09:a6:81:
c9:da:59:ff:5e:c7:93:b9:7f:0e:88:2b:4b:a0:55:2c:5f:ba:
e7:53:83:e8:70:a0:09:37:75:63:64:47:e2:cc:7d:85:2b:1f:
57:b7:27:10:18:49:45:68:c2:4b:c7:43:47:33:7e:86:d5:61:
86:55:9f:2b:5b:82:0b:e5:09:5c:44:c5:1e:f0:a5:6f:4c:ad:
c9:d9:36:aa:e0:58:ea:70:6d:a3:1c:cb:71:2d:cc:37:69:1e:
16:b2:be:76:0a:89:d2:45:63:7d:c0:e2:d6:a1:c3:f3:2a:4d:
5c:fb:27:ae:60:78:ac:a4:8d:f9:ce:30:89:98:61:66:be:1f:
b6:2e:64:87:33:4b:a2:d5:fa:03:7c:c7:a9:e2:5b:3f:5f:e1:
b4:5e:b0:8f:bf:88:7b:0d:53:fd:9e:58:4d:ae:ee:77:9c:68:
3a:f4:eb:56:8c:37:10:4e:01:c5:fb:ab:46:09:c2:9b:2e:02:
08:24:22:a9:10:29:16:93:d7:9b:36:46:94:8b:d8:53:d9:f9:
ca:d0:be:44:c9:22:f0:ef:ae:fd:24:99:f0:9c:a9:63:ef:b4:
ba:c1:cc:c4:4f:95:0c:5b:61:fb:2e:2a:8a:7c:c6:61:7c:80:
fb:74:29:00:6b:bf:55:78:76:0e:a7:99:91:14:f6:4b:8e:7c:
fc:f0:11:03:e8:e6:88:e7:52:a4:b8:51:5c:dd:65:8e:4d:1b:
1d:4d:92:8c:63:d5:21:42:1e:91:62:c5:ab:5b:cc:63:9b:c5:
ab:69:a3:ef:13:f3:d1:a5:c4:0f:f9:74:73:4b:74:1c:3c:ac:
ee:cd:e7:af:dd:3a:26:77:03:d6:38:5b:f4:07:0d:7a:81:12:
5b:40:aa:c5:91:6d:f4:f2:9d:34:58:c6:51:12:37:9c:ff:45:
58:aa:27:7d:ad:84:db:e0
[17:17 t ~/vbox/x509]$ reboot
重启服务器后不要按任何键,启动后按照显示使用键盘上下键选择一步步导入证书。
[17:26 t ~/vbox/x509]$ sudo keyctl list %:.system_keyring
[sudo] t 的密码:
8 keys in keyring:
1041839568: ---lswrv 0 0 asymmetric: ASUSTeK MotherBoard SW Key Certificate: da83b990422ebc8c441f8d8b039a65a2
55985921: ---lswrv 0 0 asymmetric: Fedora kernel signing key: 06621e12aa0ce1e3da1b2f45a9e29ccb25e22ccb
200044575: ---lswrv 0 0 asymmetric: Fedora Secure Boot CA: fde32599c2d61db1bf5807335d7b20e4cd963b42
188041295: ---lswrv 0 0 asymmetric: Organization signing key: 53976377753f4dcfd66877d53f7a9736a9bec764 #这个是我们添加的证书
862159181: ---lswrv 0 0 asymmetric: Canonical Ltd. Master Certificate Authority: ad91990bc22ab1f517048c23b6655a268e345a63
947543670: ---lswrv 0 0 asymmetric: Microsoft Windows Production PCA 2011: a92902398e16c49778cd90f99e4f9ae17c55af53
1038841390: ---lswrv 0 0 asymmetric: Microsoft Corporation UEFI CA 2011: 13adbf4309bd82709c8cd54f316ed522988a1bd4
469056896: ---lswrv 0 0 asymmetric: ASUSTeK Notebook SW Key Certificate: b8e581e4df77a5bb4282d5ccfc00c071
[17:20 t ~/vbox/x509]$ uname -a
Linux localhost.localdomain 4.4.6-301.fc23.x86_64 #1 SMP Wed Mar 30 16:43:58 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
[17:20 t ~/vbox/x509]$ for mod in vboxpci vboxnetadp vboxnetflt vboxdrv;do sudo /usr/src/kernels/$(uname -r)/scripts/sign-file sha512 private_key.priv public_key.der `modinfo -n $mod`;done
[17:22 t ~/vbox/x509]$ hexdump -C $(modinfo -n vboxdrv) |tail -n5
000845b0 2d c3 66 78 53 d8 e6 ff e9 00 00 02 00 00 00 00 |-.fxS...........|
000845c0 00 00 00 02 c9 7e 4d 6f 64 75 6c 65 20 73 69 67 |.....~Module sig|
000845d0 6e 61 74 75 72 65 20 61 70 70 65 6e 64 65 64 7e |nature appended~|
000845e0 0a |.|
000845e1
签证信息会附加到模块的最后,之前一直使用modinfo vboxdrv查看签证信息,在fedora23上这个已经不行了,签证完成后显示的信息与之前没有任何区别,所以走了不少弯路。
[17:25 t ~/vbox/x509]$ modprobe vboxdrv
阅读(4256) | 评论(0) | 转发(0) |