From: Ben Hutchings <ben@decadent.org.uk>
Date: Mon, 27 Jun 2016 21:34:36 +0000 (+0200)
Subject: Add byhand script to perform code signing
X-Git-Url: https://git.decadent.org.uk/gitweb/?a=commitdiff_plain;h=9cc55bf99db30be35f70e19058e4fe5dbdb17ede;hp=9cc55bf99db30be35f70e19058e4fe5dbdb17ede;p=dak.git

Add byhand script to perform code signing

It takes a tarball of code objects and generates a tarball of
corresponding detached PKCS#7 signatures (with '.sig' suffixes).

It will sign:
- EFI binaries (*.efi, vmlinuz-*) using pesign
- Linux kernel modules (*.ko) using sign-file from linux-kbuild-<version>

Currently it should work with private key files and certificates.  It
may be able to sign kernel modules with a key on a PKCS#11 device.
It definitely can't sign EFI binaries using a PKCS#11 device yet.
---