| index : archiso32 | |
| Archlinux32 iso tools | gitolite user |
| summaryrefslogtreecommitdiff |
| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2023-12-07 | Ensured the correct CA key and CA certificate is used during signing ↵ | Anton Hvornum | |
| process. It's been working based on default assumptions from the openssl configuration, but it's worth being explicit when doing these operations. Also removed a redundant -sha256 | |||
| 2023-12-07 | .gitlab/ci/build_archiso.sh: do not use "default" as the gpg Key-Type | nl6720 | |
| GnuPG changed their default from RSA to ECC, so Key-Length not a thing it supports. Instead it asks for the Key-Curve. Avoid using the default and hardcode ed25519 (which is the current GnuPG default). | |||
| 2023-08-02 | .gitlab/ci/build_archiso.sh: create a valid code signing certificate | nl6720 | |
| Make sure the certificate has a extendedKeyUsage section with codeSigning per the iPXE requirements. Fixes #195 | |||
| 2023-08-02 | .gitlab/ci/build_archiso.sh: improve CI codesigning certificate | nl6720 | |
| Adjust subject name to more closely match what's used in create_ephemeral_pgp_key. Reduce the certificate validity to two days. These are just temporary certificates, they will not be used anywhere. Fixes #196 | |||
| 2023-06-15 | Fix optional shellcheck warnings | nl6720 | |
| Additionally fix a few code style issues found with shfmt. | |||
| 2022-09-25 | Add the ability to generate rootfs signatures using openssl CMS module if ↵ | Anton Hvornum | |
| ``-c`` is given. (gitlab ci) Added a CA structure to the codesigning certificates. This to test the functionality of optional CA being in the signing message. (mkarchiso) Removed the ``sign_netboot_artifacts`` variable and instead we'll now rely on ``if [[ -v cert_list ]]; then``. Added ``ARCHISO_TLS_FD`` and ``ARCHISO_TLSCA_FD`` environment variables to override the certificates used. This is so that third party CA's can be used during building in a meaningful way without distrupting the CA trust that is shipped by default. _cms_sign_artifact() was added which signs the rootfs using OpenSSL CMS. The files will be saved as "${artifact}.cms.sig". That would be for instance "${isofs_dir}/${install_dir}/${arch}/airootfs.sfs.cms.sig". | |||
| 2021-08-25 | .gitlab/ci/build_archiso.sh: use mkarchiso's -G option | nl6720 | |
| Set gpg's --sender. | |||
| 2021-07-01 | ci: Provide artifacts in top-level output dir | David Runge | |
| .gitlab/ci/build-inside-vm.sh: Change the build script to provide the build artifacts and metrics in the top-level output directory. This goes in line with the soon to be used ci-scripts, allowing code sharing amongst several projects. | |||
| 2021-07-01 | Rename build script | David Runge | |
| .gitlab/ci/build_archiso.sh: Rename .gitlab/ci/build-inside-vm.sh to .gitlab/ci/build_archiso.sh. .gitlab-ci.yml: Rename BUILD_SCRIPT to build_archiso.sh. | |||