Linus deleted the old code and put signing on the install command,
I fixed it to extract the keyid and signer-name within sign-file
and cleaned up that script now it always signs in-place.
Some enthusiast should convert sign-key to perl and pull
x509keyid into it.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Provide a script to parse an X.509 certificate and certain pieces of
information from it in order to generate a key identifier to be included within
a module signature.
The script takes the Subject Name and extracts (if present) the
organizationName (O), the commonName (CN) and the emailAddress and fabricates
the signer's name from them:
(1) If both O and CN exist, then the name will be "O: CN", unless:
(a) CN is prefixed by O, in which case only CN is used.
(b) CN and O share at least the first 7 characters, in which case only CN
is used.
(2) Otherwise, CN is used if present.
(3) Otherwise, O is used if present.
(4) Otherwise the emailAddress is used, if present.
(5) Otherwise a blank name is used.
The script emits a binary encoded identifier in the following form:
- 2 BE bytes indicating the length of the signer's name.
- 2 BE bytes indicating the length of the subject key identifier.
- The characters of the signer's name.
- The bytes of the subject key identifier.
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
