hooks/archiso: do not use certificates embedded in the signature during openssl cms verification (!29) · Merge requests · Arch Linux / Mkinitcpio / mkinitcpio-archiso

nl6720 requested to merge nl6720/mkinitcpio-archiso:openssl-cms-nointern into master Oct 01, 2022

The signer's certificate is included in the initramfs, so there is no need to pay attention to any certificates that may be embedded in the signature file. This matches the behaviour of gpg which defaults to --no-auto-key-import.

Admin message

hooks/archiso: do not use certificates embedded in the signature during openssl cms verification

Merge request reports