Merge remote-tracking branch 'origin/merge-requests/353'

By Anton Hvornum * origin/merge-requests/353: Ensured the correct CA key and CA certificate is used during signing process. It's been working based on default assumptions from the openssl configuration, but it's worth being explicit when doing these operations. Also removed a redundant -sha256 See merge request https://gitlab.archlinux.org/archlinux/archiso/-/merge_requests/353
author: nl6720 <nl6720@gmail.com> 2023-12-07 15:53:27 +0200
committer: nl6720 <nl6720@gmail.com> 2023-12-07 15:53:27 +0200
commit: 977e0b0fd4acf32fefc872977694aa9e041fa255 (patch)
tree: 9a35678120b251e2ce03152854bf9dc51d424ffe
parent: 60a38f0890cca3483f34948ed9b758b26e5d8b21 (diff)
parent: 28becbfc03f626c108584b5f23a2cba5d134eac3 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/.gitlab/ci/build_archiso.sh b/.gitlab/ci/build_archiso.sh
index d11d1fc..eec8d75 100755
--- a/.gitlab/ci/build_archiso.sh
+++ b/.gitlab/ci/build_archiso.sh
@@ -241,7 +241,6 @@ create_ephemeral_codesigning_keys() {
     # Create the Certificate Authority
     openssl req \
         -newkey rsa:4096 \
-        -sha256 \
         -nodes \
         -x509 \
         -new \
@@ -280,6 +279,8 @@ EOF
         -days 2 \
         -notext \
         -md sha256 \
+        -keyfile "${ca_key}" \
+        -cert "${ca_cert}" \
         -in "${codesigning_cert}.csr" \
         -out "${codesigning_cert}"
author	nl6720 <nl6720@gmail.com>	2023-12-07 15:53:27 +0200
committer	nl6720 <nl6720@gmail.com>	2023-12-07 15:53:27 +0200
commit	977e0b0fd4acf32fefc872977694aa9e041fa255 (patch)
tree	9a35678120b251e2ce03152854bf9dc51d424ffe
parent	60a38f0890cca3483f34948ed9b758b26e5d8b21 (diff)
parent	28becbfc03f626c108584b5f23a2cba5d134eac3 (diff)