[linux-signed] 04/05: Implement image signing
debian-kernel at lists.debian.org
debian-kernel at lists.debian.org
Mon Apr 4 18:39:11 UTC 2016
This is an automated email from the git hooks/post-receive script.
benh pushed a commit to branch master
in repository linux-signed.
commit e1c3b01ddb3553872322399f30be11fe2b42431a
Author: Ben Hutchings <ben at decadent.org.uk>
Date: Mon Apr 4 02:47:26 2016 +0100
Implement image signing
---
debian/bin/sign.py | 10 ++++++++--
debian/certs/linux-image-benh at debian.org.cert.pem | 21 +++++++++++++++++++++
2 files changed, 29 insertions(+), 2 deletions(-)
diff --git a/debian/bin/sign.py b/debian/bin/sign.py
index d25f600..deb3afc 100755
--- a/debian/bin/sign.py
+++ b/debian/bin/sign.py
@@ -66,8 +66,14 @@ def sign_modules(kbuild_dir, modules_dir, signature_dir, privkey_name,
privkey_name, cert_name)
def sign_image_efi(image_name, signature_name, privkey_name, cert_name):
- print('Should sign image %s with %s/%s and detach signature as %s' %
- (image_name, privkey_name, cert_name, signature_name))
+ print('I: Signing image %s' % image_name)
+ print('I: Storing detached signature as %s' % signature_name)
+ os.makedirs(os.path.dirname(signature_name), exist_ok=True)
+ if (os.system('sbsign --key %s --cert %s --detached --output %s %s' %
+ (privkey_name, cert_name, signature_name, image_name)) or
+ # Work around bug #819987
+ not os.path.isfile(signature_name)):
+ raise Exception('sbsign failed')
def sign(config_name, imageversion_str, modules_privkey_name, modules_cert_name,
image_privkey_name, image_cert_name):
diff --git a/debian/certs/linux-image-benh at debian.org.cert.pem b/debian/certs/linux-image-benh at debian.org.cert.pem
new file mode 100644
index 0000000..3275537
--- /dev/null
+++ b/debian/certs/linux-image-benh at debian.org.cert.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDYDCCAkgCCQCuSUAFgUedojANBgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJH
+QjESMBAGA1UEBwwJQ2FtYnJpZGdlMRcwFQYDVQQKDA5EZWJpYW4gUHJvamVjdDEW
+MBQGA1UEAwwNQmVuIEh1dGNoaW5nczEeMBwGCSqGSIb3DQEJARYPYmVuaEBkZWJp
+YW4ub3JnMB4XDTE2MDQwNDAxNDUyMVoXDTE2MDUwNDAxNDUyMVowcjELMAkGA1UE
+BhMCR0IxEjAQBgNVBAcMCUNhbWJyaWRnZTEXMBUGA1UECgwORGViaWFuIFByb2pl
+Y3QxFjAUBgNVBAMMDUJlbiBIdXRjaGluZ3MxHjAcBgkqhkiG9w0BCQEWD2JlbmhA
+ZGViaWFuLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMArfUvM
+wM1WHxxitzAjY5L4dOfJEwu1k1WQpqTs0PATILBfgbhb1ndf/htUeKrG1NDISG+q
+xTuifjmW/bphpnVbL8N4qzRmdGj6L0/40gBP4K/m9k4TUoRpsuNJBGVWM2LLKffz
+QAjvoSgyVacJl9E2sTco7ORYaxebG+jBtvUGcJTECazU/3Wi7zOPGiEaAnXOhy5W
+Hi+3iFbVU8anXvOrlfnyGhhunAilUjdFAmdmlGweSpxe4HxrKBGRnU9xlsBmsgDs
+DHE/bawd1S6LBCaJ0wgEt6VrymhLn5QanbnyS4tQF2iYd0VrtC6qKNDrF6D4FT6u
++NDHZsuyszkxCO8CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAucFFUzMpm4IMl5TU
+IfUHMRRiFukqCsLSr7Mxloz0s9I75ryn7wB2J9/3QB2FTiJcrIbqH56a31W2nQ06
+KYcUNimxlg7WNU7XrhhV/r6uaP4gJS000mXrvb59N2Ia4DDBHnDem+/kNW1/KUcX
+szAKFpbYVZUWKO6n57j77b8EbXnW08OVQKysySgS733cH9C8RTSdlwgRLAW5mo7x
+W47OuEMizGBcvJgOG//EoTGwGzaMdsWQCECRzo0RNe4ECk2ChGR89UTVazM+fLHG
+ySVQ8ukyoftchUgjyQpIE773iJJoHE4hewJ+hnRR+uFnCs2V7iyv1KCPd95Q6Q9z
+c8DO/A==
+-----END CERTIFICATE-----
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux-signed.git
More information about the Kernel-svn-changes
mailing list