@@ -504,6 +504,8 @@ endif
$(pkgdir_bldinfo)/usr/lib/linux/$(abi_release)-$*/retpoline
install -m644 $(abidir)/$*.compiler \
$(pkgdir_bldinfo)/usr/lib/linux/$(abi_release)-$*/compiler
+ install -m644 $(DROOT)/canonical-certs.pem $(pkgdir_bldinfo)/usr/lib/linux/$(abi_release)-$*/canonical-certs.pem
+ install -m644 $(DROOT)/canonical-revoked-certs.pem $(pkgdir_bldinfo)/usr/lib/linux/$(abi_release)-$*/canonical-revoked-certs.pem
headers_tmp := $(CURDIR)/debian/tmp-headers
headers_dir := $(CURDIR)/debian/linux-libc-dev
BugLink: https://bugs.launchpad.net/bugs/1996892 Kernels have a set of builtin trusted and revoked certificates as a bundle. It is not very easy to access them, one needs to either download linux kernel package source code; or boot the kernel to look up builtin hashes; and then find certificates externally. It would be more convenient for inspection to expose these in the buildinfo package, which already exposes auxiliary kernel information. Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com> --- debian/rules.d/2-binary-arch.mk | 2 ++ 1 file changed, 2 insertions(+)