From dedfe0364cd665a12bb7a4d6fdb3b978d02026ab Mon Sep 17 00:00:00 2001
From: nl6720 <nl6720@gmail.com>
Date: Wed, 7 Dec 2022 08:46:59 +0200
Subject: configs/releng/syslinux/archiso_pxe-linux.cfg: replace checksum and
 verify with cms_verify=y

Specify `cms_verify=y` in SYSLINUX/PXELINUX configuration to use OpenSSL
CMS based method for verifying the root file system image against the
code signing certificates in the initramfs.

`checksum` and `verify` are removed since they essentially serve the same
purpose and performing all the checks just needlessly delays boot.
Additionally, the removal of `verify` allows to build the ISO without gpg,
i.e. without using `mkarchiso`'s `-g` and `-G` options.

Fixes #200
---
 configs/releng/syslinux/archiso_pxe-linux.cfg | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/configs/releng/syslinux/archiso_pxe-linux.cfg b/configs/releng/syslinux/archiso_pxe-linux.cfg
index d812402..0eb1705 100644
--- a/configs/releng/syslinux/archiso_pxe-linux.cfg
+++ b/configs/releng/syslinux/archiso_pxe-linux.cfg
@@ -6,7 +6,7 @@ ENDTEXT
 MENU LABEL Arch Linux install medium (x86_64, NBD)
 LINUX ::/%INSTALL_DIR%/boot/x86_64/vmlinuz-linux
 INITRD ::/%INSTALL_DIR%/boot/intel-ucode.img,::/%INSTALL_DIR%/boot/amd-ucode.img,::/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img
-APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% archiso_nbd_srv=${pxeserver} checksum verify
+APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% archiso_nbd_srv=${pxeserver} cms_verify=y
 SYSAPPEND 3
 
 LABEL arch64_nfs
@@ -17,7 +17,7 @@ ENDTEXT
 MENU LABEL Arch Linux install medium (x86_64, NFS)
 LINUX ::/%INSTALL_DIR%/boot/x86_64/vmlinuz-linux
 INITRD ::/%INSTALL_DIR%/boot/intel-ucode.img,::/%INSTALL_DIR%/boot/amd-ucode.img,::/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img
-APPEND archisobasedir=%INSTALL_DIR% archiso_nfs_srv=${pxeserver}:/run/archiso/bootmnt checksum verify
+APPEND archisobasedir=%INSTALL_DIR% archiso_nfs_srv=${pxeserver}:/run/archiso/bootmnt cms_verify=y
 SYSAPPEND 3
 
 LABEL arch64_http
@@ -28,5 +28,5 @@ ENDTEXT
 MENU LABEL Arch Linux install medium (x86_64, HTTP)
 LINUX ::/%INSTALL_DIR%/boot/x86_64/vmlinuz-linux
 INITRD ::/%INSTALL_DIR%/boot/intel-ucode.img,::/%INSTALL_DIR%/boot/amd-ucode.img,::/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img
-APPEND archisobasedir=%INSTALL_DIR% archiso_http_srv=http://${pxeserver}/ checksum verify
+APPEND archisobasedir=%INSTALL_DIR% archiso_http_srv=http://${pxeserver}/ cms_verify=y
 SYSAPPEND 3
-- 
cgit v1.2.3-54-g00ecf