2b3d5a2269
the signed template together with the binary package(s) containing the unsigned files form the input to our secure boot signing service. the signed template consists of - files.json (specifying which files are signed how and by which key) - packaging template used to build the signed package(s) the signing service - extracts and checks the signed-template binary package - extracts the unsigned package(s) - signs the needed files - packs up the signatures + the template contained in the signed-template package into the signed source package the signed source package can then be built in the regular fashion (in case of the kernel packages, it will copy the kernel image, modules and some helper files from the unsigned package, attach the signature created by the signing service, and re-pack the result as signed-kernel package). Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> |
||
|---|---|---|
| .. | ||
| source | ||
| control.in | ||
| files.json.in | ||
| rules.in | ||