Merge remote-tracking branch 'origin/merge-requests/353'

By Anton Hvornum * origin/merge-requests/353: Ensured the correct CA key and CA certificate is used during signing process. It's been working based on default assumptions from the openssl configuration, but it's worth being explicit when doing these operations. Also removed a redundant -sha256 See merge request https://gitlab.archlinux.org/archlinux/archiso/-/merge_requests/353
2023-12-07 15:53:27 +02:00 · 2023-12-07 15:53:27 +02:00 · 977e0b0fd4
commit 977e0b0fd4
parent 60a38f0890 28becbfc03
1 changed files with 2 additions and 1 deletions
--- a/.gitlab/ci/build_archiso.sh
+++ b/.gitlab/ci/build_archiso.sh
@ -241,7 +241,6 @@ create_ephemeral_codesigning_keys() {
    # Create the Certificate Authority
    openssl req \
        -newkey rsa:4096 \
-        -sha256 \
        -nodes \
        -x509 \
        -new \
@ -280,6 +279,8 @@ EOF
        -days 2 \
        -notext \
        -md sha256 \
+        -keyfile "${ca_key}" \
+        -cert "${ca_cert}" \
        -in "${codesigning_cert}.csr" \
        -out "${codesigning_cert}"