--- This assumes linux-kbuild-4.6 (available from jessie-backports) is installed on ftp-master/security-master, and that the module signature format is stable. Ben. config/debian-security/byhand-code-sign.conf | 8 ++++++++ config/debian-security/dak.conf | 10 ++++++++++ config/debian/byhand-code-sign.conf | 8 ++++++++ config/debian/dak.conf | 7 +++++++ 4 files changed, 33 insertions(+) create mode 100644 config/debian-security/byhand-code-sign.conf create mode 100644 config/debian/byhand-code-sign.conf diff --git a/config/debian-security/byhand-code-sign.conf b/config/debian-security/byhand-code-sign.conf new file mode 100644 index 000000000000..c9dcc946da50 --- /dev/null +++ b/config/debian-security/byhand-code-sign.conf @@ -0,0 +1,8 @@ +# Configuration for byhand-sign shell script + +EFI_IMAGE_PRIVKEY= +EFI_IMAGE_CERT= + +LINUX_SIGNFILE=/usr/lib/linux-kbuild-4.6/scripts/sign-file +LINUX_MODULES_PRIVKEY= +LINUX_MODULES_CERT= diff --git a/config/debian-security/dak.conf b/config/debian-security/dak.conf index 2bcfbbee4ed7..c4a932a0cd1a 100644 --- a/config/debian-security/dak.conf +++ b/config/debian-security/dak.conf @@ -124,6 +124,16 @@ SuiteMappings "reject oldoldstable"; }; +AutomaticByHandPackages +{ + "linux-code-sign" { + Source "linux"; + Section "byhand"; + Extension "tar.xz"; + Script "/srv/security-master.debian.org/dak/scripts/debian/byhand-code-sign"; + }; +}; + Dir { Base "/srv/security-master.debian.org/"; diff --git a/config/debian/byhand-code-sign.conf b/config/debian/byhand-code-sign.conf new file mode 100644 index 000000000000..e26c5a4d2527 --- /dev/null +++ b/config/debian/byhand-code-sign.conf @@ -0,0 +1,8 @@ +# Configuration for byhand-code-sign shell script + +EFI_BINARY_PRIVKEY= +EFI_BINARY_CERT= + +LINUX_SIGNFILE=/usr/lib/linux-kbuild-4.6/scripts/sign-file +LINUX_MODULE_PRIVKEY= +LINUX_MODULE_CERT= diff --git a/config/debian/dak.conf b/config/debian/dak.conf index a7e34cba14ff..d5858da3a86a 100644 --- a/config/debian/dak.conf +++ b/config/debian/dak.conf @@ -185,6 +185,13 @@ AutomaticByHandPackages { Script "/srv/ftp-master.debian.org/dak/scripts/debian/byhand-di"; }; + "linux-code-sign" { + Source "linux"; + Section "byhand"; + Extension "tar.xz"; + Script "/srv/ftp-master.debian.org/dak/scripts/debian/byhand-code-sign"; + }; + "tag-overrides" { Source "tag-overrides"; Section "byhand";
Attachment:
signature.asc
Description: Digital signature