Send patches - preferably formatted by git format-patch - to patches at archlinux32 dot org.
summaryrefslogtreecommitdiff
path: root/.gitlab/ci/build_archiso.sh
diff options
context:
space:
mode:
authornl6720 <nl6720@gmail.com>2023-12-07 15:53:27 +0200
committernl6720 <nl6720@gmail.com>2023-12-07 15:53:27 +0200
commit977e0b0fd4acf32fefc872977694aa9e041fa255 (patch)
tree9a35678120b251e2ce03152854bf9dc51d424ffe /.gitlab/ci/build_archiso.sh
parent60a38f0890cca3483f34948ed9b758b26e5d8b21 (diff)
parent28becbfc03f626c108584b5f23a2cba5d134eac3 (diff)
Merge remote-tracking branch 'origin/merge-requests/353'
By Anton Hvornum * origin/merge-requests/353: Ensured the correct CA key and CA certificate is used during signing process. It's been working based on default assumptions from the openssl configuration, but it's worth being explicit when doing these operations. Also removed a redundant -sha256 See merge request https://gitlab.archlinux.org/archlinux/archiso/-/merge_requests/353
Diffstat (limited to '.gitlab/ci/build_archiso.sh')
-rwxr-xr-x.gitlab/ci/build_archiso.sh3
1 files changed, 2 insertions, 1 deletions
diff --git a/.gitlab/ci/build_archiso.sh b/.gitlab/ci/build_archiso.sh
index d11d1fc..eec8d75 100755
--- a/.gitlab/ci/build_archiso.sh
+++ b/.gitlab/ci/build_archiso.sh
@@ -241,7 +241,6 @@ create_ephemeral_codesigning_keys() {
# Create the Certificate Authority
openssl req \
-newkey rsa:4096 \
- -sha256 \
-nodes \
-x509 \
-new \
@@ -280,6 +279,8 @@ EOF
-days 2 \
-notext \
-md sha256 \
+ -keyfile "${ca_key}" \
+ -cert "${ca_cert}" \
-in "${codesigning_cert}.csr" \
-out "${codesigning_cert}"