UBUNTU: [Packaging] Expose built-in trusted and revoked certificates

BugLink: https://bugs.launchpad.net/bugs/1996892 Kernels have a set of builtin trusted and revoked certificates as a bundle. It is not very easy to access them, one needs to either download linux kernel package source code; or boot the kernel to look up builtin hashes; and then find certificates externally. It would be more convenient for inspection to expose these in the buildinfo package, which already exposes auxiliary kernel information. Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com> Acked-by: Tim Gardner <tim.gardner@canonical.com> Acked-by: Cory Todd <cory.todd@canonical.com> Signed-off-by: Stefan Bader <stefan.bader@canonical.com> Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
mariux64 · Feb 10, 2023 · fe71d27 · fe71d27
1 parent 641d3e3
commit fe71d27
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/debian/rules.d/2-binary-arch.mk b/debian/rules.d/2-binary-arch.mk
@@ -512,6 +512,8 @@ endif
 		$(pkgdir_bldinfo)/usr/lib/linux/$(abi_release)-$*/retpoline
 	install -m644 $(abidir)/$*.compiler \
 		$(pkgdir_bldinfo)/usr/lib/linux/$(abi_release)-$*/compiler
+	install -m644 $(DROOT)/canonical-certs.pem $(pkgdir_bldinfo)/usr/lib/linux/$(abi_release)-$*/canonical-certs.pem
+	install -m644 $(DROOT)/canonical-revoked-certs.pem $(pkgdir_bldinfo)/usr/lib/linux/$(abi_release)-$*/canonical-revoked-certs.pem
 
 ifneq ($(full_build),false)
 	# Clean out this flavours build directory.