diff options
| author | Anton Hvornum <torxed@archlinux.org> | 2023-12-06 22:48:46 +0100 |
|---|---|---|
| committer | Anton Hvornum <anton@hvornum.se> | 2023-12-07 12:00:47 +0100 |
| commit | 28becbfc03f626c108584b5f23a2cba5d134eac3 (patch) | |
| tree | 9a35678120b251e2ce03152854bf9dc51d424ffe | |
| parent | 60a38f0890cca3483f34948ed9b758b26e5d8b21 (diff) | |
| download | archiso-28becbfc03f626c108584b5f23a2cba5d134eac3.tar.gz archiso-28becbfc03f626c108584b5f23a2cba5d134eac3.tar.bz2 | |
Ensured the correct CA key and CA certificate is used during signing process. It's been working based on default assumptions from the openssl configuration, but it's worth being explicit when doing these operations. Also removed a redundant -sha256
| -rwxr-xr-x | .gitlab/ci/build_archiso.sh | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/.gitlab/ci/build_archiso.sh b/.gitlab/ci/build_archiso.sh index d11d1fc..eec8d75 100755 --- a/.gitlab/ci/build_archiso.sh +++ b/.gitlab/ci/build_archiso.sh @@ -241,7 +241,6 @@ create_ephemeral_codesigning_keys() { # Create the Certificate Authority openssl req \ -newkey rsa:4096 \ - -sha256 \ -nodes \ -x509 \ -new \ @@ -280,6 +279,8 @@ EOF -days 2 \ -notext \ -md sha256 \ + -keyfile "${ca_key}" \ + -cert "${ca_cert}" \ -in "${codesigning_cert}.csr" \ -out "${codesigning_cert}" |