[mantic:linux-signed][PATCH 0/5] Implement kernel.efi in linux-generate

[Dimitri John Ledkov]

This patchset add automatic generation of kernel.efi as suitable for
creating kernel snaps. This will eliminate need to have a derivative
kernel jammy:linux-uc22 (linux-uc22/linux-signed-uc22 source packages)
for every EFI kernel that desires to have a kernel snap. This is also
implemented in such a way that one can choose to only sign a
kernel.efi if classic boot is not needed at all. Also straight away
support is added to support FIPS kernel snaps with HMAC files.

Currently targetting this for mantic as we have pressing needs to have
Mantic based kernel snaps already. But I also want to soon roll this
out to jammy signed packages that have snaps attached to them, as this
will significantly reduce workload there.

I am sending these patches for review, but likely will apply them in
mantic and do a signed respin straight away to demonstrate how it all
works.

After this lands, will send out further patches for meta &
kernel-series.yaml to migrate to to this signing on per-kernel basis.

Dimitri John Ledkov (5):
  UBUNTU: Automatically generate sbsigntool depends
  UBUNTU: Use openssl for HMAC calculation
  UBUNTU: Install snapd-info file if available
  UBUNTU: Implement support for signed kernel.efi
  UBUNTU: Enable UCI signing for generic

 .../linux-generate/debian/scripts/gen-rules   |  2 ++
 debian/control.stub                           |  1 -
 debian/package.config                         |  3 +++
 debian/rules                                  | 24 ++++++++++++++++---
 debian/scripts/config.py                      |  3 +++
 debian/scripts/generate-control               | 22 +++++++++++++++++
 6 files changed, 51 insertions(+), 4 deletions(-)

-- 
2.34.1