| 2021-02-23 16:52:41 |
Dimitri John Ledkov |
bug |
|
|
added bug |
| 2021-02-23 16:53:00 |
Dimitri John Ledkov |
description |
for a custom uefi signing upload it would be useful to generate metadata and signature log
i.e. generate ESL AUTHENTICODE hash for every signed path and keep it together with signing tarball name and path inside it, and the AUTHENTICODE hash of the signing certificate.
Also it would be useful to have reproducible signatures. I.e. to use the signing tarball timestamp when performing pesign.
But that needs signing-tarballs submitted for signing to be reproducible too, which will require packaging changes. |
for a custom uefi signing upload it would be useful to generate metadata and signature log
i.e. generate ESL AUTHENTICODE hash for every signed path and keep it together with signing tarball name and path inside it, and the AUTHENTICODE hash of the signing certificate.
Also it would be useful to have reproducible signatures. I.e. to use the signing tarball timestamp when performing pesign.
But that needs signing-tarballs submitted for signing to be reproducible too, which will require packaging changes.
This is wishlist item. |
|
| 2021-02-23 16:53:19 |
Dimitri John Ledkov |
description |
for a custom uefi signing upload it would be useful to generate metadata and signature log
i.e. generate ESL AUTHENTICODE hash for every signed path and keep it together with signing tarball name and path inside it, and the AUTHENTICODE hash of the signing certificate.
Also it would be useful to have reproducible signatures. I.e. to use the signing tarball timestamp when performing pesign.
But that needs signing-tarballs submitted for signing to be reproducible too, which will require packaging changes.
This is wishlist item. |
for a custom uefi signing upload it would be useful to generate metadata and signature log
i.e. generate ESL AUTHENTICODE hash for every signed path and keep it together with signing tarball name and path inside it, and the AUTHENTICODE hash of the signing certificate. I wonder if it can be like settings on the packageupload database table.
Also it would be useful to have reproducible signatures. I.e. to use the signing tarball timestamp when performing pesign.
But that needs signing-tarballs submitted for signing to be reproducible too, which will require packaging changes.
This is wishlist item. |
|
| 2021-02-23 16:53:30 |
Dimitri John Ledkov |
description |
for a custom uefi signing upload it would be useful to generate metadata and signature log
i.e. generate ESL AUTHENTICODE hash for every signed path and keep it together with signing tarball name and path inside it, and the AUTHENTICODE hash of the signing certificate. I wonder if it can be like settings on the packageupload database table.
Also it would be useful to have reproducible signatures. I.e. to use the signing tarball timestamp when performing pesign.
But that needs signing-tarballs submitted for signing to be reproducible too, which will require packaging changes.
This is wishlist item. |
for a custom uefi signing upload it would be useful to generate metadata and signature log
i.e. generate ESL AUTHENTICODE hash for every signed path and keep it together with signing tarball name and path inside it, and the AUTHENTICODE hash of the signing certificate. I wonder if it can be like settings on the packageupload database table. (or something like that).
Also it would be useful to have reproducible signatures. I.e. to use the signing tarball timestamp when performing pesign.
But that needs signing-tarballs submitted for signing to be reproducible too, which will require packaging changes.
This is wishlist item. |
|
