diff --git a/debian/certs/benh@debian.org.cert.pem b/debian/certs/benh@debian.org.cert.pem new file mode 100644 index 000000000..8d49875e5 --- /dev/null +++ b/debian/certs/benh@debian.org.cert.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDYDCCAkgCCQCKAY3KgJMmMDANBgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJH +QjESMBAGA1UEBwwJQ2FtYnJpZGdlMRcwFQYDVQQKDA5EZWJpYW4gUHJvamVjdDEW +MBQGA1UEAwwNQmVuIEh1dGNoaW5nczEeMBwGCSqGSIb3DQEJARYPYmVuaEBkZWJp +YW4ub3JnMB4XDTE2MDQwMzIyNTg1NVoXDTE2MDUwMzIyNTg1NVowcjELMAkGA1UE +BhMCR0IxEjAQBgNVBAcMCUNhbWJyaWRnZTEXMBUGA1UECgwORGViaWFuIFByb2pl +Y3QxFjAUBgNVBAMMDUJlbiBIdXRjaGluZ3MxHjAcBgkqhkiG9w0BCQEWD2JlbmhA +ZGViaWFuLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMPYUchZ +x/VmCn4klnuqyym6gehD/sUnjqAbDdVtAVMYBHTxxpujW2GDtCsyiqyeDlSlbd6X +piXAko7u2UaBfY5SpKcw1KDDrCgzQ3y9O0QCe0DzI/7YKvE3A7FPluJ1ZhIhHIIZ +ce6oln0WfW/H5SY6BQWE3kzxXFUXXFPvTdLQtjOBxVWeOeMTZ5CAJqG/6uHIlJms +RTJiiiHjrI3yAfLS1wcGutmu9q9YQF1ND+lbdIT4OeyIMVGe03dVrDxWjNUL+G5h +nBRwFAwkb5qxpDNayvA8eIlNwWJE/uu+4crlL+PdM9i2TduoG5gRE39KPTrxrUyN +QiDe+09lJF12wQECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAieMLuk4Ky2FmMnzF +ryaJbbRXN163bXHPrDFd0NkvWQFa+3253QXxlLwEoS4v4OFbYb0tDxcn8qkpNLCb +DLtNUcl99slPbmBUi/RFTy/aAWc6LB4XxjbFcIlY27/c/W5bbr6/XmlVtElRW3gZ +y3JWFjgym+6lXywbr6RVKYioM3N+LlGf794Kf/pY9y7i8PqDM8WbhurGXwoaPxjv +/XsVTpuMCkorUya2n7Ap9Hatlref/IccdxnIOxItH3Jvze0vfygL82Mee77KN5U/ +jsvtswp6P3K08sLjtFGiAhkjim67H+nJrrhhczXjtUnLZUQuHpkzOghyKFDMpn3R +8lchpg== +-----END CERTIFICATE----- diff --git a/debian/changelog b/debian/changelog index b1e0e618a..f8b146d6f 100644 --- a/debian/changelog +++ b/debian/changelog @@ -13,8 +13,8 @@ linux (4.5-1~exp2) UNRELEASED; urgency=medium * modules: Enable MODULE_SIG and MODULE_SIG_SHA256, but not MODULE_SIG_ALL as signatures will be packaged separately - debian/control: Add build-dependencies on libssl-dev, openssl - * certs: Set SYSTEM_TRUSTED_KEYS to my own personal key to support initial - testing of signed modules + * certs: Set SYSTEM_TRUSTED_KEYS to my own personal certificate to support + initial testing of signed modules -- Ben Hutchings Fri, 25 Mar 2016 13:43:57 +0000 diff --git a/debian/config/config b/debian/config/config index 924625a28..1081c39fc 100644 --- a/debian/config/config +++ b/debian/config/config @@ -59,8 +59,9 @@ CONFIG_EFI_PARTITION=y ## file: certs/Kconfig ## #. Signatures are added in linux-signed -CONFIG_MODULE_SIG_KEY= -CONFIG_SYSTEM_TRUSTED_KEYS=debian/pubkeys/benh@debian.org.key.pub.pem +CONFIG_MODULE_SIG_KEY="" +#. Actually a list of X.509 certificates, not keys +CONFIG_SYSTEM_TRUSTED_KEYS="debian/certs/benh@debian.org.cert.pem" ## ## file: crypto/Kconfig diff --git a/debian/pubkeys/benh@debian.org.key.pub.pem b/debian/pubkeys/benh@debian.org.key.pub.pem deleted file mode 100644 index d5ba07dbf..000000000 --- a/debian/pubkeys/benh@debian.org.key.pub.pem +++ /dev/null @@ -1,9 +0,0 @@ ------BEGIN PUBLIC KEY----- -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw9hRyFnH9WYKfiSWe6rL -KbqB6EP+xSeOoBsN1W0BUxgEdPHGm6NbYYO0KzKKrJ4OVKVt3pemJcCSju7ZRoF9 -jlKkpzDUoMOsKDNDfL07RAJ7QPMj/tgq8TcDsU+W4nVmEiEcghlx7qiWfRZ9b8fl -JjoFBYTeTPFcVRdcU+9N0tC2M4HFVZ454xNnkIAmob/q4ciUmaxFMmKKIeOsjfIB -8tLXBwa62a72r1hAXU0P6Vt0hPg57IgxUZ7Td1WsPFaM1Qv4bmGcFHAUDCRvmrGk -M1rK8Dx4iU3BYkT+677hyuUv490z2LZN26gbmBETf0o9OvGtTI1CIN77T2UkXXbB -AQIDAQAB ------END PUBLIC KEY-----