From 28becbfc03f626c108584b5f23a2cba5d134eac3 Mon Sep 17 00:00:00 2001 From: Anton Hvornum Date: Wed, 6 Dec 2023 22:48:46 +0100 Subject: Ensured the correct CA key and CA certificate is used during signing process. It's been working based on default assumptions from the openssl configuration, but it's worth being explicit when doing these operations. Also removed a redundant -sha256 --- .gitlab/ci/build_archiso.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitlab/ci/build_archiso.sh b/.gitlab/ci/build_archiso.sh index d11d1fc..eec8d75 100755 --- a/.gitlab/ci/build_archiso.sh +++ b/.gitlab/ci/build_archiso.sh @@ -241,7 +241,6 @@ create_ephemeral_codesigning_keys() { # Create the Certificate Authority openssl req \ -newkey rsa:4096 \ - -sha256 \ -nodes \ -x509 \ -new \ @@ -280,6 +279,8 @@ EOF -days 2 \ -notext \ -md sha256 \ + -keyfile "${ca_key}" \ + -cert "${ca_cert}" \ -in "${codesigning_cert}.csr" \ -out "${codesigning_cert}" -- cgit v1.2.3-70-g09d2