Add (incomplete) configuration for signing code for linux
authorBen Hutchings <ben@decadent.org.uk>
Mon, 27 Jun 2016 21:43:01 +0000 (23:43 +0200)
committerBen Hutchings <ben@decadent.org.uk>
Thu, 30 Jun 2016 19:39:56 +0000 (21:39 +0200)
config/debian-security/byhand-code-sign.conf [new file with mode: 0644]
config/debian-security/dak.conf
config/debian/byhand-code-sign.conf [new file with mode: 0644]
config/debian/dak.conf

diff --git a/config/debian-security/byhand-code-sign.conf b/config/debian-security/byhand-code-sign.conf
new file mode 100644 (file)
index 0000000..c9dcc94
--- /dev/null
@@ -0,0 +1,8 @@
+# Configuration for byhand-sign shell script
+
+EFI_IMAGE_PRIVKEY=
+EFI_IMAGE_CERT=
+
+LINUX_SIGNFILE=/usr/lib/linux-kbuild-4.6/scripts/sign-file
+LINUX_MODULES_PRIVKEY=
+LINUX_MODULES_CERT=
index 2bcfbbe..c4a932a 100644 (file)
@@ -124,6 +124,16 @@ SuiteMappings
   "reject oldoldstable";
 };
 
+AutomaticByHandPackages
+{
+  "linux-code-sign" {
+    Source "linux";
+    Section "byhand";
+    Extension "tar.xz";
+    Script "/srv/security-master.debian.org/dak/scripts/debian/byhand-code-sign";
+  };
+};
+
 Dir
 {
   Base "/srv/security-master.debian.org/";
diff --git a/config/debian/byhand-code-sign.conf b/config/debian/byhand-code-sign.conf
new file mode 100644 (file)
index 0000000..e26c5a4
--- /dev/null
@@ -0,0 +1,8 @@
+# Configuration for byhand-code-sign shell script
+
+EFI_BINARY_PRIVKEY=
+EFI_BINARY_CERT=
+
+LINUX_SIGNFILE=/usr/lib/linux-kbuild-4.6/scripts/sign-file
+LINUX_MODULE_PRIVKEY=
+LINUX_MODULE_CERT=
index a7e34cb..d5858da 100644 (file)
@@ -185,6 +185,13 @@ AutomaticByHandPackages {
     Script "/srv/ftp-master.debian.org/dak/scripts/debian/byhand-di";
   };
 
+  "linux-code-sign" {
+    Source "linux";
+    Section "byhand";
+    Extension "tar.xz";
+    Script "/srv/ftp-master.debian.org/dak/scripts/debian/byhand-code-sign";
+  };
+
   "tag-overrides" {
     Source "tag-overrides";
     Section "byhand";