Sign netboot artifacts

For the release of netboot artifacts, we need to sign them using a code signing certificate.

The accompanying CA cert needs to be added as a secret variable, while the signer CER is published alongside the client-side ipxe tooling (currently this is still added to archweb as static data).

We can rely on using archiso (archiso#128 (closed)) to generate the artifacts in the pipelines of this repository. ~~However, until #6 (closed) is not resolved (with a signing enclave) we will have to revert to reusing the build artifacts from archlinux/archiso and do codesigning manually.~~

For additionally codesigning the target iPXE script (#9) we need a custom function, that allows us to do that, after generating the script from a template.

Edited May 15, 2021 by David Runge

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

Admin message

Sign netboot artifacts