Send patches - preferably formatted by git format-patch - to patches at archlinux32 dot org.
summaryrefslogtreecommitdiff
path: root/.gitlab/ci
diff options
context:
space:
mode:
authorAnton Hvornum <torxed@archlinux.org>2023-12-06 22:48:46 +0100
committerAnton Hvornum <anton@hvornum.se>2023-12-07 12:00:47 +0100
commit28becbfc03f626c108584b5f23a2cba5d134eac3 (patch)
tree9a35678120b251e2ce03152854bf9dc51d424ffe /.gitlab/ci
parent60a38f0890cca3483f34948ed9b758b26e5d8b21 (diff)
Ensured the correct CA key and CA certificate is used during signing process. It's been working based on default assumptions from the openssl configuration, but it's worth being explicit when doing these operations. Also removed a redundant -sha256
Diffstat (limited to '.gitlab/ci')
-rwxr-xr-x.gitlab/ci/build_archiso.sh3
1 files changed, 2 insertions, 1 deletions
diff --git a/.gitlab/ci/build_archiso.sh b/.gitlab/ci/build_archiso.sh
index d11d1fc..eec8d75 100755
--- a/.gitlab/ci/build_archiso.sh
+++ b/.gitlab/ci/build_archiso.sh
@@ -241,7 +241,6 @@ create_ephemeral_codesigning_keys() {
# Create the Certificate Authority
openssl req \
-newkey rsa:4096 \
- -sha256 \
-nodes \
-x509 \
-new \
@@ -280,6 +279,8 @@ EOF
-days 2 \
-notext \
-md sha256 \
+ -keyfile "${ca_key}" \
+ -cert "${ca_cert}" \
-in "${codesigning_cert}.csr" \
-out "${codesigning_cert}"

Copyright © 2002-2022 Judd Vinet and Aaron Griffin. Copyright © 2022 Erich Eckner.
The Arch Linux name and logo are recognized trademarks. Some rights reserved. The registered trademark Linux® is used pursuant to a sublicense from LMI, the exclusive licensee of Linus Torvalds, owner of the mark on a world-wide basis.