Message ID | 20221117163819.972405-4-dimitri.ledkov@canonical.com |
---|---|
State | New |
Headers | show |
Series | [B,SRU] UBUNTU: [Packaging] Expose built-in trusted and revoked certificates | expand |
diff --git a/debian/rules.d/2-binary-arch.mk b/debian/rules.d/2-binary-arch.mk index db990d5bee..2ec1ac0962 100644 --- a/debian/rules.d/2-binary-arch.mk +++ b/debian/rules.d/2-binary-arch.mk @@ -480,6 +480,8 @@ endif $(pkgdir_bldinfo)/usr/lib/linux/$(abi_release)-$*/retpoline install -m644 $(abidir)/$*.compiler \ $(pkgdir_bldinfo)/usr/lib/linux/$(abi_release)-$*/compiler + install -m644 $(DROOT)/canonical-certs.pem $(pkgdir_bldinfo)/usr/lib/linux/$(abi_release)-$*/canonical-certs.pem + install -m644 $(DROOT)/canonical-revoked-certs.pem $(pkgdir_bldinfo)/usr/lib/linux/$(abi_release)-$*/canonical-revoked-certs.pem ifeq ($(fit_signed),true) install -d $(signingv)
BugLink: https://bugs.launchpad.net/bugs/1996892 Kernels have a set of builtin trusted and revoked certificates as a bundle. It is not very easy to access them, one needs to either download linux kernel package source code; or boot the kernel to look up builtin hashes; and then find certificates externally. It would be more convenient for inspection to expose these in the buildinfo package, which already exposes auxiliary kernel information. Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com> --- debian/rules.d/2-binary-arch.mk | 2 ++ 1 file changed, 2 insertions(+)