From 326cfed7cc59af487cdae1d1a75e1e3a8f84cb67 Mon Sep 17 00:00:00 2001
From: Anton Hvornum <anton@hvornum.se>
Date: Wed, 18 May 2022 16:42:28 +0200
Subject: Add the ability to generate rootfs signatures using openssl CMS
 module if ``-c`` is given.

(gitlab ci)

Added a CA structure to the codesigning certificates.
This to test the functionality of optional CA being in the signing message.

(mkarchiso)
Removed the ``sign_netboot_artifacts`` variable and instead
we'll now rely on ``if [[ -v cert_list ]]; then``.

Added ``ARCHISO_TLS_FD`` and ``ARCHISO_TLSCA_FD`` environment variables
to override the certificates used. This is so that third party CA's can
be used during building in a meaningful way without distrupting the
CA trust that is shipped by default.

_cms_sign_artifact() was added which signs the rootfs using OpenSSL CMS.
The files will be saved as "${artifact}.cms.sig". That would be for instance
"${isofs_dir}/${install_dir}/${arch}/airootfs.sfs.cms.sig".
---
 AUTHORS.rst | 1 +
 1 file changed, 1 insertion(+)

(limited to 'AUTHORS.rst')

diff --git a/AUTHORS.rst b/AUTHORS.rst
index b03b91e..18207eb 100644
--- a/AUTHORS.rst
+++ b/AUTHORS.rst
@@ -36,3 +36,4 @@ Archiso Authors
 * Øyvind Heggstad <heggstad@gmail.com>
 * plain linen <bcdedit@hotmail.com>
 * Pellegrino Prevete <pellegrinoprevete@gmail.com>
+* Anton Hvornum <anton@hvornum.se>
-- 
cgit v1.2.3-54-g00ecf