diff mbox series

[F,SRU] UBUNTU: [Packaging] Expose built-in trusted and revoked certificates

Message ID 20221117163819.972405-3-dimitri.ledkov@canonical.com
State New
Headers show
Series [F,SRU] UBUNTU: [Packaging] Expose built-in trusted and revoked certificates | expand

Commit Message

Dimitri John Ledkov Nov. 17, 2022, 4:38 p.m. UTC 
BugLink: https://bugs.launchpad.net/bugs/1996892

Kernels have a set of builtin trusted and revoked certificates as a
bundle.

It is not very easy to access them, one needs to either download linux
kernel package source code; or boot the kernel to look up builtin hashes;
and then find certificates externally.

It would be more convenient for inspection to expose these in the
buildinfo package, which already exposes auxiliary kernel information.

Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
---
 debian/rules.d/2-binary-arch.mk | 2 ++
 1 file changed, 2 insertions(+)
diff mbox series

Patch

diff --git a/debian/rules.d/2-binary-arch.mk b/debian/rules.d/2-binary-arch.mk
index 0542c12a70..747cc9992e 100644
--- a/debian/rules.d/2-binary-arch.mk
+++ b/debian/rules.d/2-binary-arch.mk
@@ -504,6 +504,8 @@  endif
 		$(pkgdir_bldinfo)/usr/lib/linux/$(abi_release)-$*/retpoline
 	install -m644 $(abidir)/$*.compiler \
 		$(pkgdir_bldinfo)/usr/lib/linux/$(abi_release)-$*/compiler
+	install -m644 $(DROOT)/canonical-certs.pem $(pkgdir_bldinfo)/usr/lib/linux/$(abi_release)-$*/canonical-certs.pem
+	install -m644 $(DROOT)/canonical-revoked-certs.pem $(pkgdir_bldinfo)/usr/lib/linux/$(abi_release)-$*/canonical-revoked-certs.pem
 
 headers_tmp := $(CURDIR)/debian/tmp-headers
 headers_dir := $(CURDIR)/debian/linux-libc-dev