forks/archiso - Fork of the official archiso scripts repository

	Commit message (Collapse)	Author	Age	Files	Lines
*	mkarchiso: do not place the pkglist.x86_64.txt file inside the bootstrap ↵	nl6720	2024-05-09	1	-1/+1
\| \| \| \| \| \| \|	tarball's root.x86_64 directory Keep it inside the archive, but separate from the `root.x86_64` directory to avoid polluting it.
*	Ensured the correct CA key and CA certificate is used during signing ↵	Anton Hvornum	2023-12-07	1	-1/+2
\| \| \| \|	process. It's been working based on default assumptions from the openssl configuration, but it's worth being explicit when doing these operations. Also removed a redundant -sha256
*	.gitlab/ci/build_archiso.sh: do not use "default" as the gpg Key-Type	nl6720	2023-12-07	1	-2/+2
\| \| \| \| \| \| \| \|	GnuPG changed their default from RSA to ECC, so Key-Length not a thing it supports. Instead it asks for the Key-Curve. Avoid using the default and hardcode ed25519 (which is the current GnuPG default).
*	.gitlab/ci/build_archiso.sh: create a valid code signing certificate	nl6720	2023-08-02	1	-15/+6
\| \| \| \| \| \| \|	Make sure the certificate has a extendedKeyUsage section with codeSigning per the iPXE requirements. Fixes #195
*	.gitlab/ci/build_archiso.sh: improve CI codesigning certificate	nl6720	2023-08-02	1	-3/+4
\| \| \| \| \| \| \| \| \|	Adjust subject name to more closely match what's used in create_ephemeral_pgp_key. Reduce the certificate validity to two days. These are just temporary certificates, they will not be used anywhere. Fixes #196
*	Fix optional shellcheck warnings	nl6720	2023-06-15	1	-199/+200
\| \| \| \|	Additionally fix a few code style issues found with shfmt.
*	Add the ability to generate rootfs signatures using openssl CMS module if ↵	Anton Hvornum	2022-09-25	1	-9/+71
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	``-c`` is given. (gitlab ci) Added a CA structure to the codesigning certificates. This to test the functionality of optional CA being in the signing message. (mkarchiso) Removed the ``sign_netboot_artifacts`` variable and instead we'll now rely on ``if [[ -v cert_list ]]; then``. Added ``ARCHISO_TLS_FD`` and ``ARCHISO_TLSCA_FD`` environment variables to override the certificates used. This is so that third party CA's can be used during building in a meaningful way without distrupting the CA trust that is shipped by default. _cms_sign_artifact() was added which signs the rootfs using OpenSSL CMS. The files will be saved as "${artifact}.cms.sig". That would be for instance "${isofs_dir}/${install_dir}/${arch}/airootfs.sfs.cms.sig".
*	.gitlab/ci/build_archiso.sh: use mkarchiso's -G option	nl6720	2021-08-25	1	-0/+3
\| \| \| \|	Set gpg's --sender.
*	ci: Provide artifacts in top-level output dir	David Runge	2021-07-01	1	-17/+17
\| \| \| \| \| \|	.gitlab/ci/build-inside-vm.sh: Change the build script to provide the build artifacts and metrics in the top-level output directory. This goes in line with the soon to be used ci-scripts, allowing code sharing amongst several projects.
*	Rename build script	David Runge	2021-07-01	1	-0/+270
	.gitlab/ci/build_archiso.sh: Rename .gitlab/ci/build-inside-vm.sh to .gitlab/ci/build_archiso.sh. .gitlab-ci.yml: Rename BUILD_SCRIPT to build_archiso.sh.