@@ -44,6 +44,18 @@ abi_check()
fi
}
+if [ -d debian/certs ]; then
+ if ! grep -q '^CONFIG_SYSTEM_TRUSTED_KEYS="debian/canonical-certs.pem"$' $debian/config/config.common.ubuntu; then
+ failure "'CONFIG_SYSTEM_TRUSTED_KEYS="debian/canonical-certs.pem"' is required"
+ fi
+fi
+
+if [ -d debian/revoked-certs ]; then
+ if ! grep -q '^CONFIG_SYSTEM_REVOCATION_KEYS="debian/canonical-revoked-certs.pem"$' $debian/config/config.common.ubuntu; then
+ failure "'CONFIG_SYSTEM_REVOCATION_KEYS="debian/canonical-revoked-certs.pem"' is required"
+ fi
+fi
+
for arch in $archs
do
image_pkg=$(awk -F '\\s*=\\s*' '$1 == "do_flavour_image_package" { print $2 }' $debian/rules.d/$arch.mk)
If certificates are packaged, the config keys to use them must be enabled otherwise boot testing will fail. This check ensures early detection of incorrect configuration when rebasing derivative kernels. Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com> --- debian/scripts/misc/final-checks | 12 ++++++++++++ 1 file changed, 12 insertions(+)