From 326cfed7cc59af487cdae1d1a75e1e3a8f84cb67 Mon Sep 17 00:00:00 2001
From: Anton Hvornum <anton@hvornum.se>
Date: Wed, 18 May 2022 16:42:28 +0200
Subject: Add the ability to generate rootfs signatures using openssl CMS
 module if ``-c`` is given.

(gitlab ci)

Added a CA structure to the codesigning certificates.
This to test the functionality of optional CA being in the signing message.

(mkarchiso)
Removed the ``sign_netboot_artifacts`` variable and instead
we'll now rely on ``if [[ -v cert_list ]]; then``.

Added ``ARCHISO_TLS_FD`` and ``ARCHISO_TLSCA_FD`` environment variables
to override the certificates used. This is so that third party CA's can
be used during building in a meaningful way without distrupting the
CA trust that is shipped by default.

_cms_sign_artifact() was added which signs the rootfs using OpenSSL CMS.
The files will be saved as "${artifact}.cms.sig". That would be for instance
"${isofs_dir}/${install_dir}/${arch}/airootfs.sfs.cms.sig".
---
 CHANGELOG.rst | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'CHANGELOG.rst')

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 687b413..1d9eeea 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -8,6 +8,8 @@ Changelog
 Added
 -----
 
+- The ability to generate rootfs signatures using openssl CMS module if ``-c`` is given.
+
 Changed
 -------
 
-- 
cgit v1.2.3-54-g00ecf