Add (incomplete) configuration for signing code for linux

author Ben Hutchings <ben@decadent.org.uk>

Mon, 27 Jun 2016 21:43:01 +0000 (23:43 +0200)

committer Ben Hutchings <ben@decadent.org.uk>

Thu, 30 Jun 2016 19:39:56 +0000 (21:39 +0200)
author Ben Hutchings <ben@decadent.org.uk>
Mon, 27 Jun 2016 21:43:01 +0000 (23:43 +0200)
committer Ben Hutchings <ben@decadent.org.uk>
Thu, 30 Jun 2016 19:39:56 +0000 (21:39 +0200)
diff --git a/config/debian-security/byhand-code-sign.conf b/config/debian-security/byhand-code-sign.conf

new file mode 100644 (file)

index 0000000..c9dcc94
--- /dev/null
+++ b/config/debian-security/byhand-code-sign.conf
@@ -0,0 +1,8 @@
+# Configuration for byhand-sign shell script
+
+EFI_IMAGE_PRIVKEY=
+EFI_IMAGE_CERT=
+
+LINUX_SIGNFILE=/usr/lib/linux-kbuild-4.6/scripts/sign-file
+LINUX_MODULES_PRIVKEY=
+LINUX_MODULES_CERT=
diff --git a/config/debian-security/dak.conf b/config/debian-security/dak.conf

index 2bcfbbee4ed754252127624801a2ce559a970606..c4a932a0cd1ac23255f5e18756c925e7ae0ad53f 100644 (file)
--- a/config/debian-security/dak.conf
+++ b/config/debian-security/dak.conf
@@ -124,6 +124,16 @@ SuiteMappings
    "reject oldoldstable";
  };
  
+AutomaticByHandPackages
+{
+  "linux-code-sign" {
+    Source "linux";
+    Section "byhand";
+    Extension "tar.xz";
+    Script "/srv/security-master.debian.org/dak/scripts/debian/byhand-code-sign";
+  };
+};
+
  Dir
  {
    Base "/srv/security-master.debian.org/";
diff --git a/config/debian/byhand-code-sign.conf b/config/debian/byhand-code-sign.conf

new file mode 100644 (file)

index 0000000..e26c5a4
--- /dev/null
+++ b/config/debian/byhand-code-sign.conf
@@ -0,0 +1,8 @@
+# Configuration for byhand-code-sign shell script
+
+EFI_BINARY_PRIVKEY=
+EFI_BINARY_CERT=
+
+LINUX_SIGNFILE=/usr/lib/linux-kbuild-4.6/scripts/sign-file
+LINUX_MODULE_PRIVKEY=
+LINUX_MODULE_CERT=
diff --git a/config/debian/dak.conf b/config/debian/dak.conf

index a7e34cba14ff6a7b343a76a0e28bf2c2f9544dcf..d5858da3a86af34090349e956dd08d35bd714b94 100644 (file)
--- a/config/debian/dak.conf
+++ b/config/debian/dak.conf
@@ -185,6 +185,13 @@ AutomaticByHandPackages {
      Script "/srv/ftp-master.debian.org/dak/scripts/debian/byhand-di";
    };
  
+  "linux-code-sign" {
+    Source "linux";
+    Section "byhand";
+    Extension "tar.xz";
+    Script "/srv/ftp-master.debian.org/dak/scripts/debian/byhand-code-sign";
+  };
+
    "tag-overrides" {
      Source "tag-overrides";
      Section "byhand";
author	Ben Hutchings <ben@decadent.org.uk>
	Mon, 27 Jun 2016 21:43:01 +0000 (23:43 +0200)
committer	Ben Hutchings <ben@decadent.org.uk>
	Thu, 30 Jun 2016 19:39:56 +0000 (21:39 +0200)
config/debian-security/byhand-code-sign.conf	[new file with mode: 0644]	patch \| blob
config/debian-security/dak.conf		patch \| blob \| history
config/debian/byhand-code-sign.conf	[new file with mode: 0644]	patch \| blob
config/debian/dak.conf		patch \| blob \| history