[B][SRU][PATCH] UBUNTU: [Packaging] Expose built-in trusted and revoked certificates
Dimitri John Ledkov
dimitri.ledkov at canonical.com
Thu Nov 17 16:38:19 UTC 2022
BugLink: https://bugs.launchpad.net/bugs/1996892
Kernels have a set of builtin trusted and revoked certificates as a
bundle.
It is not very easy to access them, one needs to either download linux
kernel package source code; or boot the kernel to look up builtin hashes;
and then find certificates externally.
It would be more convenient for inspection to expose these in the
buildinfo package, which already exposes auxiliary kernel information.
Signed-off-by: Dimitri John Ledkov <dimitri.ledkov at canonical.com>
---
debian/rules.d/2-binary-arch.mk | 2 ++
1 file changed, 2 insertions(+)
diff --git a/debian/rules.d/2-binary-arch.mk b/debian/rules.d/2-binary-arch.mk
index db990d5bee..2ec1ac0962 100644
--- a/debian/rules.d/2-binary-arch.mk
+++ b/debian/rules.d/2-binary-arch.mk
@@ -480,6 +480,8 @@ endif
$(pkgdir_bldinfo)/usr/lib/linux/$(abi_release)-$*/retpoline
install -m644 $(abidir)/$*.compiler \
$(pkgdir_bldinfo)/usr/lib/linux/$(abi_release)-$*/compiler
+ install -m644 $(DROOT)/canonical-certs.pem $(pkgdir_bldinfo)/usr/lib/linux/$(abi_release)-$*/canonical-certs.pem
+ install -m644 $(DROOT)/canonical-revoked-certs.pem $(pkgdir_bldinfo)/usr/lib/linux/$(abi_release)-$*/canonical-revoked-certs.pem
ifeq ($(fit_signed),true)
install -d $(signingv)
--
2.34.1
More information about the kernel-team
mailing list