git.proxmox.com Git - pve-kernel.git/commit

build: add proxmox-kernel-X.Y-pve-signed-template

the signed template together with the binary package(s) containing the unsigned
files form the input to our secure boot signing service.

the signed template consists of
- files.json (specifying which files are signed how and by which key)
- packaging template used to build the signed package(s)

the signing service
- extracts and checks the signed-template binary package
- extracts the unsigned package(s)
- signs the needed files
- packs up the signatures + the template contained in the signed-template
package into the signed source package

the signed source package can then be built in the regular fashion (in case of
the kernel packages, it will copy the kernel image, modules and some helper
files from the unsigned package, attach the signature created by the signing
service, and re-pack the result as signed-kernel package).

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>

author	Fabian Grünbichler <f.gruenbichler@proxmox.com>
	Thu, 16 Mar 2023 09:40:02 +0000 (10:40 +0100)
committer	Fabian Grünbichler <f.gruenbichler@proxmox.com>
	Mon, 20 Nov 2023 11:28:56 +0000 (12:28 +0100)
commit	2b3d5a2269d644ebb31bd94dafe97b744c0b7f94
tree	2d6d92bfb56501ee3f67f0240f71a1db4e9bc732	tree
parent	03c65664fc3538b05b44f067c3814feb9368539c	commit \| diff

debian/control.in		diff \| blob \| blame \| history
debian/rules		diff \| blob \| blame \| history
debian/signing-template/control.in	[new file with mode: 0644]	blob
debian/signing-template/files.json.in	[new file with mode: 0644]	blob
debian/signing-template/rules.in	[new file with mode: 0644]	blob
debian/signing-template/source/format	[new file with mode: 0644]	blob