UBUNTU: [Packaging] Expose built-in trusted and revoked certificates

BugLink: https://bugs.launchpad.net/bugs/1996892

Kernels have a set of builtin trusted and revoked certificates as a
bundle.

It is not very easy to access them, one needs to either download linux
kernel package source code; or boot the kernel to look up builtin hashes;
and then find certificates externally.

It would be more convenient for inspection to expose these in the
buildinfo package, which already exposes auxiliary kernel information.

Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
Acked-by: Cory Todd <cory.todd@canonical.com>
Acked-by: Tim Gardner <tim.gardner@canonical.com>
Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
This commit is contained in:
Dimitri John Ledkov
2022-11-17 16:38:17 +00:00
committed by Paolo Pisati
parent d778032fc9
commit 64af9f0325
+2
View File
@@ -541,6 +541,8 @@ endif
install -m644 $(abidir)/$*.fwinfo.builtin \
$(pkgdir_bldinfo)/usr/lib/linux/$(abi_release)-$*/fwinfo.builtin; \
fi
install -m644 $(DROOT)/canonical-certs.pem $(pkgdir_bldinfo)/usr/lib/linux/$(abi_release)-$*/canonical-certs.pem
install -m644 $(DROOT)/canonical-revoked-certs.pem $(pkgdir_bldinfo)/usr/lib/linux/$(abi_release)-$*/canonical-revoked-certs.pem
ifneq ($(full_build),false)
# Clean out this flavours build directory.