signing logs with esl and metadata would be helpful
Bug #1916632 reported by
Dimitri John Ledkov
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Launchpad itself |
New
|
Undecided
|
Unassigned |
Bug Description
for a custom uefi signing upload it would be useful to generate metadata and signature log
i.e. generate ESL AUTHENTICODE hash for every signed path and keep it together with signing tarball name and path inside it, and the AUTHENTICODE hash of the signing certificate. I wonder if it can be like settings on the packageupload database table. (or something like that).
Also it would be useful to have reproducible signatures. I.e. to use the signing tarball timestamp when performing pesign.
But that needs signing-tarballs submitted for signing to be reproducible too, which will require packaging changes.
This is wishlist item.
description: | updated |
description: | updated |
description: | updated |
To post a comment you must log in.