From 356f4f93a9d0b29c0878111f7c3eee194f6571e5 Mon Sep 17 00:00:00 2001
From: Ben Hutchings <ben@decadent.org.uk>
Date: Mon, 27 Jun 2016 23:43:01 +0200
Subject: [PATCH] Add (incomplete) configuration for signing code for linux

---
 config/debian-security/byhand-code-sign.conf |  8 ++++++++
 config/debian-security/dak.conf              | 10 ++++++++++
 config/debian/byhand-code-sign.conf          |  8 ++++++++
 config/debian/dak.conf                       |  7 +++++++
 4 files changed, 33 insertions(+)
 create mode 100644 config/debian-security/byhand-code-sign.conf
 create mode 100644 config/debian/byhand-code-sign.conf

diff --git a/config/debian-security/byhand-code-sign.conf b/config/debian-security/byhand-code-sign.conf
new file mode 100644
index 00000000..c9dcc946
--- /dev/null
+++ b/config/debian-security/byhand-code-sign.conf
@@ -0,0 +1,8 @@
+# Configuration for byhand-sign shell script
+
+EFI_IMAGE_PRIVKEY=
+EFI_IMAGE_CERT=
+
+LINUX_SIGNFILE=/usr/lib/linux-kbuild-4.6/scripts/sign-file
+LINUX_MODULES_PRIVKEY=
+LINUX_MODULES_CERT=
diff --git a/config/debian-security/dak.conf b/config/debian-security/dak.conf
index 2bcfbbee..c4a932a0 100644
--- a/config/debian-security/dak.conf
+++ b/config/debian-security/dak.conf
@@ -124,6 +124,16 @@ SuiteMappings
   "reject oldoldstable";
 };
 
+AutomaticByHandPackages
+{
+  "linux-code-sign" {
+    Source "linux";
+    Section "byhand";
+    Extension "tar.xz";
+    Script "/srv/security-master.debian.org/dak/scripts/debian/byhand-code-sign";
+  };
+};
+
 Dir
 {
   Base "/srv/security-master.debian.org/";
diff --git a/config/debian/byhand-code-sign.conf b/config/debian/byhand-code-sign.conf
new file mode 100644
index 00000000..e26c5a4d
--- /dev/null
+++ b/config/debian/byhand-code-sign.conf
@@ -0,0 +1,8 @@
+# Configuration for byhand-code-sign shell script
+
+EFI_BINARY_PRIVKEY=
+EFI_BINARY_CERT=
+
+LINUX_SIGNFILE=/usr/lib/linux-kbuild-4.6/scripts/sign-file
+LINUX_MODULE_PRIVKEY=
+LINUX_MODULE_CERT=
diff --git a/config/debian/dak.conf b/config/debian/dak.conf
index a7e34cba..d5858da3 100644
--- a/config/debian/dak.conf
+++ b/config/debian/dak.conf
@@ -185,6 +185,13 @@ AutomaticByHandPackages {
     Script "/srv/ftp-master.debian.org/dak/scripts/debian/byhand-di";
   };
 
+  "linux-code-sign" {
+    Source "linux";
+    Section "byhand";
+    Extension "tar.xz";
+    Script "/srv/ftp-master.debian.org/dak/scripts/debian/byhand-code-sign";
+  };
+
   "tag-overrides" {
     Source "tag-overrides";
     Section "byhand";
-- 
2.39.2