limepotato/archiso
1
0
Fork 0
mirror of https://github.com/archlinux/archiso.git synced 2024-09-19 11:40:19 -06:00
Code Issues Projects Releases Packages Wiki Activity Actions

Ensured the correct CA key and CA certificate is used during signing process. It's been working based on default assumptions from the openssl configuration, but it's worth being explicit when doing these operations. Also removed a redundant -sha256

Browse source
This commit is contained in:
Anton Hvornum 2023-12-06 22:48:46 +01:00 committed by Anton Hvornum
parent 60a38f0890
commit 28becbfc03
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
.gitlab/ci/build_archiso.sh
View file

@ -241,7 +241,6 @@ create_ephemeral_codesigning_keys() {
# Create the Certificate Authority # Create the Certificate Authority
openssl req \ openssl req \
-newkey rsa:4096 \ -newkey rsa:4096 \
-sha256 \
-nodes \ -nodes \
-x509 \ -x509 \
-new \ -new \
@ -280,6 +279,8 @@ EOF
-days 2 \ -days 2 \
-notext \ -notext \
-md sha256 \ -md sha256 \
-keyfile "${ca_key}" \
-cert "${ca_cert}" \
-in "${codesigning_cert}.csr" \ -in "${codesigning_cert}.csr" \
-out "${codesigning_cert}" -out "${codesigning_cert}"