Skip to content
Snippets Groups Projects
Verified Commit 15cd6d89 authored by nl6720's avatar nl6720
Browse files

mkarchiso: sign the ISO and bootstrap tarball with the codesigning certificate

Use `openssl cms` to sign the ISO and bootstrap tarball after they
are built.
Unlike the signature of the root file system image (airootfs.*.cms.sig),
the signature file will contain the signing certificate. This allows
verifing the signature without needing to provide the certificate
unless it is a self-signed certificate. Only the ISO or tarball, its
signature and CA certificate are needed. For example:

    $ openssl cms -verify -binary -noattr -purpose any -in archlinux-2023.11.21-x86_64.iso.cms.sig -content archlinux-2023.11.21-x86_64.iso -inform DER -out /dev/null -CAfile cacert.pem
parent 654e834f
No related branches found
Tags 4.0.0-1
Loading
Checking pipeline status
Loading
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment