Message ID | 20221117163819.972405-2-dimitri.ledkov@canonical.com |
---|---|
State | New |
Headers | show |
Series | [J,K,L,SRU] UBUNTU: [Packaging] Expose built-in trusted and revoked certificates | expand |
diff --git a/debian/rules.d/2-binary-arch.mk b/debian/rules.d/2-binary-arch.mk index eb3acba7d7..60513c43b9 100644 --- a/debian/rules.d/2-binary-arch.mk +++ b/debian/rules.d/2-binary-arch.mk @@ -530,6 +530,8 @@ endif install -m644 $(abidir)/$*.fwinfo.builtin \ $(pkgdir_bldinfo)/usr/lib/linux/$(abi_release)-$*/fwinfo.builtin; \ fi + install -m644 $(DROOT)/canonical-certs.pem $(pkgdir_bldinfo)/usr/lib/linux/$(abi_release)-$*/canonical-certs.pem + install -m644 $(DROOT)/canonical-revoked-certs.pem $(pkgdir_bldinfo)/usr/lib/linux/$(abi_release)-$*/canonical-revoked-certs.pem ifneq ($(full_build),false) # Clean out this flavours build directory.
BugLink: https://bugs.launchpad.net/bugs/1996892 Kernels have a set of builtin trusted and revoked certificates as a bundle. It is not very easy to access them, one needs to either download linux kernel package source code; or boot the kernel to look up builtin hashes; and then find certificates externally. It would be more convenient for inspection to expose these in the buildinfo package, which already exposes auxiliary kernel information. Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com> --- debian/rules.d/2-binary-arch.mk | 2 ++ 1 file changed, 2 insertions(+)