debian-packaging
/
linux
8
0
Fork 0
Code Releases Activity

Fix config for module signing 

Replace my pubkey with an X.509 (PEM encoded) certificate as actually
required.  Add quotes around the filenames in kconfig.
This commit is contained in:
Ben Hutchings 2016-04-04 00:03:07 +01:00
parent a6aaaeb263
commit f880a7ff25
4 changed files with 26 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
debian/certs/benh@debian.org.cert.pem vendored Normal file
View File

@ -0,0 +1,21 @@
-----BEGIN CERTIFICATE-----
MIIDYDCCAkgCCQCKAY3KgJMmMDANBgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJH
QjESMBAGA1UEBwwJQ2FtYnJpZGdlMRcwFQYDVQQKDA5EZWJpYW4gUHJvamVjdDEW
MBQGA1UEAwwNQmVuIEh1dGNoaW5nczEeMBwGCSqGSIb3DQEJARYPYmVuaEBkZWJp
YW4ub3JnMB4XDTE2MDQwMzIyNTg1NVoXDTE2MDUwMzIyNTg1NVowcjELMAkGA1UE
BhMCR0IxEjAQBgNVBAcMCUNhbWJyaWRnZTEXMBUGA1UECgwORGViaWFuIFByb2pl
Y3QxFjAUBgNVBAMMDUJlbiBIdXRjaGluZ3MxHjAcBgkqhkiG9w0BCQEWD2JlbmhA
ZGViaWFuLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMPYUchZ
x/VmCn4klnuqyym6gehD/sUnjqAbDdVtAVMYBHTxxpujW2GDtCsyiqyeDlSlbd6X
piXAko7u2UaBfY5SpKcw1KDDrCgzQ3y9O0QCe0DzI/7YKvE3A7FPluJ1ZhIhHIIZ
ce6oln0WfW/H5SY6BQWE3kzxXFUXXFPvTdLQtjOBxVWeOeMTZ5CAJqG/6uHIlJms
RTJiiiHjrI3yAfLS1wcGutmu9q9YQF1ND+lbdIT4OeyIMVGe03dVrDxWjNUL+G5h
nBRwFAwkb5qxpDNayvA8eIlNwWJE/uu+4crlL+PdM9i2TduoG5gRE39KPTrxrUyN
QiDe+09lJF12wQECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAieMLuk4Ky2FmMnzF
ryaJbbRXN163bXHPrDFd0NkvWQFa+3253QXxlLwEoS4v4OFbYb0tDxcn8qkpNLCb
DLtNUcl99slPbmBUi/RFTy/aAWc6LB4XxjbFcIlY27/c/W5bbr6/XmlVtElRW3gZ
y3JWFjgym+6lXywbr6RVKYioM3N+LlGf794Kf/pY9y7i8PqDM8WbhurGXwoaPxjv
/XsVTpuMCkorUya2n7Ap9Hatlref/IccdxnIOxItH3Jvze0vfygL82Mee77KN5U/
jsvtswp6P3K08sLjtFGiAhkjim67H+nJrrhhczXjtUnLZUQuHpkzOghyKFDMpn3R
8lchpg==
-----END CERTIFICATE-----

4
debian/changelog vendored
View File

@ -13,8 +13,8 @@ linux (4.5-1~exp2) UNRELEASED; urgency=medium
* modules: Enable MODULE_SIG and MODULE_SIG_SHA256, but not MODULE_SIG_ALL
as signatures will be packaged separately
- debian/control: Add build-dependencies on libssl-dev, openssl
* certs: Set SYSTEM_TRUSTED_KEYS to my own personal key to support initial
testing of signed modules
* certs: Set SYSTEM_TRUSTED_KEYS to my own personal certificate to support
initial testing of signed modules
-- Ben Hutchings <ben@decadent.org.uk> Fri, 25 Mar 2016 13:43:57 +0000

5
debian/config/config vendored
View File

@ -59,8 +59,9 @@ CONFIG_EFI_PARTITION=y
## file: certs/Kconfig
##
#. Signatures are added in linux-signed
CONFIG_MODULE_SIG_KEY=
CONFIG_SYSTEM_TRUSTED_KEYS=debian/pubkeys/benh@debian.org.key.pub.pem
CONFIG_MODULE_SIG_KEY=""
#. Actually a list of X.509 certificates, not keys
CONFIG_SYSTEM_TRUSTED_KEYS="debian/certs/benh@debian.org.cert.pem"
##
## file: crypto/Kconfig

9
debian/pubkeys/benh@debian.org.key.pub.pem vendored
View File

@ -1,9 +0,0 @@
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw9hRyFnH9WYKfiSWe6rL
KbqB6EP+xSeOoBsN1W0BUxgEdPHGm6NbYYO0KzKKrJ4OVKVt3pemJcCSju7ZRoF9
jlKkpzDUoMOsKDNDfL07RAJ7QPMj/tgq8TcDsU+W4nVmEiEcghlx7qiWfRZ9b8fl
JjoFBYTeTPFcVRdcU+9N0tC2M4HFVZ454xNnkIAmob/q4ciUmaxFMmKKIeOsjfIB
8tLXBwa62a72r1hAXU0P6Vt0hPg57IgxUZ7Td1WsPFaM1Qv4bmGcFHAUDCRvmrGk
M1rK8Dx4iU3BYkT+677hyuUv490z2LZN26gbmBETf0o9OvGtTI1CIN77T2UkXXbB
AQIDAQAB
-----END PUBLIC KEY-----