[linux] 02/07: Fix config for module signing
debian-kernel at lists.debian.org
debian-kernel at lists.debian.org
Mon Apr 4 18:29:53 UTC 2016
This is an automated email from the git hooks/post-receive script.
benh pushed a commit to branch benh/secure-boot
in repository linux.
commit f880a7ff251c126e79d68e2939b3fb128a7ed9b2
Author: Ben Hutchings <ben at decadent.org.uk>
Date: Mon Apr 4 00:03:07 2016 +0100
Fix config for module signing
Replace my pubkey with an X.509 (PEM encoded) certificate as actually
required. Add quotes around the filenames in kconfig.
---
debian/certs/benh at debian.org.cert.pem | 21 +++++++++++++++++++++
debian/changelog | 4 ++--
debian/config/config | 5 +++--
debian/pubkeys/benh at debian.org.key.pub.pem | 9 ---------
4 files changed, 26 insertions(+), 13 deletions(-)
diff --git a/debian/certs/benh at debian.org.cert.pem b/debian/certs/benh at debian.org.cert.pem
new file mode 100644
index 0000000..8d49875
--- /dev/null
+++ b/debian/certs/benh at debian.org.cert.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDYDCCAkgCCQCKAY3KgJMmMDANBgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJH
+QjESMBAGA1UEBwwJQ2FtYnJpZGdlMRcwFQYDVQQKDA5EZWJpYW4gUHJvamVjdDEW
+MBQGA1UEAwwNQmVuIEh1dGNoaW5nczEeMBwGCSqGSIb3DQEJARYPYmVuaEBkZWJp
+YW4ub3JnMB4XDTE2MDQwMzIyNTg1NVoXDTE2MDUwMzIyNTg1NVowcjELMAkGA1UE
+BhMCR0IxEjAQBgNVBAcMCUNhbWJyaWRnZTEXMBUGA1UECgwORGViaWFuIFByb2pl
+Y3QxFjAUBgNVBAMMDUJlbiBIdXRjaGluZ3MxHjAcBgkqhkiG9w0BCQEWD2JlbmhA
+ZGViaWFuLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMPYUchZ
+x/VmCn4klnuqyym6gehD/sUnjqAbDdVtAVMYBHTxxpujW2GDtCsyiqyeDlSlbd6X
+piXAko7u2UaBfY5SpKcw1KDDrCgzQ3y9O0QCe0DzI/7YKvE3A7FPluJ1ZhIhHIIZ
+ce6oln0WfW/H5SY6BQWE3kzxXFUXXFPvTdLQtjOBxVWeOeMTZ5CAJqG/6uHIlJms
+RTJiiiHjrI3yAfLS1wcGutmu9q9YQF1ND+lbdIT4OeyIMVGe03dVrDxWjNUL+G5h
+nBRwFAwkb5qxpDNayvA8eIlNwWJE/uu+4crlL+PdM9i2TduoG5gRE39KPTrxrUyN
+QiDe+09lJF12wQECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAieMLuk4Ky2FmMnzF
+ryaJbbRXN163bXHPrDFd0NkvWQFa+3253QXxlLwEoS4v4OFbYb0tDxcn8qkpNLCb
+DLtNUcl99slPbmBUi/RFTy/aAWc6LB4XxjbFcIlY27/c/W5bbr6/XmlVtElRW3gZ
+y3JWFjgym+6lXywbr6RVKYioM3N+LlGf794Kf/pY9y7i8PqDM8WbhurGXwoaPxjv
+/XsVTpuMCkorUya2n7Ap9Hatlref/IccdxnIOxItH3Jvze0vfygL82Mee77KN5U/
+jsvtswp6P3K08sLjtFGiAhkjim67H+nJrrhhczXjtUnLZUQuHpkzOghyKFDMpn3R
+8lchpg==
+-----END CERTIFICATE-----
diff --git a/debian/changelog b/debian/changelog
index b1e0e61..f8b146d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -13,8 +13,8 @@ linux (4.5-1~exp2) UNRELEASED; urgency=medium
* modules: Enable MODULE_SIG and MODULE_SIG_SHA256, but not MODULE_SIG_ALL
as signatures will be packaged separately
- debian/control: Add build-dependencies on libssl-dev, openssl
- * certs: Set SYSTEM_TRUSTED_KEYS to my own personal key to support initial
- testing of signed modules
+ * certs: Set SYSTEM_TRUSTED_KEYS to my own personal certificate to support
+ initial testing of signed modules
-- Ben Hutchings <ben at decadent.org.uk> Fri, 25 Mar 2016 13:43:57 +0000
diff --git a/debian/config/config b/debian/config/config
index 924625a..1081c39 100644
--- a/debian/config/config
+++ b/debian/config/config
@@ -59,8 +59,9 @@ CONFIG_EFI_PARTITION=y
## file: certs/Kconfig
##
#. Signatures are added in linux-signed
-CONFIG_MODULE_SIG_KEY=
-CONFIG_SYSTEM_TRUSTED_KEYS=debian/pubkeys/benh at debian.org.key.pub.pem
+CONFIG_MODULE_SIG_KEY=""
+#. Actually a list of X.509 certificates, not keys
+CONFIG_SYSTEM_TRUSTED_KEYS="debian/certs/benh at debian.org.cert.pem"
##
## file: crypto/Kconfig
diff --git a/debian/pubkeys/benh at debian.org.key.pub.pem b/debian/pubkeys/benh at debian.org.key.pub.pem
deleted file mode 100644
index d5ba07d..0000000
--- a/debian/pubkeys/benh at debian.org.key.pub.pem
+++ /dev/null
@@ -1,9 +0,0 @@
------BEGIN PUBLIC KEY-----
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw9hRyFnH9WYKfiSWe6rL
-KbqB6EP+xSeOoBsN1W0BUxgEdPHGm6NbYYO0KzKKrJ4OVKVt3pemJcCSju7ZRoF9
-jlKkpzDUoMOsKDNDfL07RAJ7QPMj/tgq8TcDsU+W4nVmEiEcghlx7qiWfRZ9b8fl
-JjoFBYTeTPFcVRdcU+9N0tC2M4HFVZ454xNnkIAmob/q4ciUmaxFMmKKIeOsjfIB
-8tLXBwa62a72r1hAXU0P6Vt0hPg57IgxUZ7Td1WsPFaM1Qv4bmGcFHAUDCRvmrGk
-M1rK8Dx4iU3BYkT+677hyuUv490z2LZN26gbmBETf0o9OvGtTI1CIN77T2UkXXbB
-AQIDAQAB
------END PUBLIC KEY-----
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git
More information about the Kernel-svn-changes
mailing list