Merge remote-tracking branch 'origin/merge-requests/353'

By Anton Hvornum * origin/merge-requests/353: Ensured the correct CA key and CA certificate is used during signing process. It's been working based on default assumptions from the openssl configuration, but it's worth being explicit when doing these operations. Also removed a redundant -sha256 See merge request archlinux/archiso!353

Merge remote-tracking branch 'origin/merge-requests/353'
977e0b0f · nl6720 · 60a38f08 · 28becbfc · 977e0b0f
Unverified Commit 977e0b0f authored 1 year ago by nl6720
--- a/.gitlab/ci/build_archiso.sh
+++ b/.gitlab/ci/build_archiso.sh
@@ -241,7 +241,6 @@ create_ephemeral_codesigning_keys() {
    # Create the Certificate Authority
    openssl req \
        -newkey rsa:4096 \
-        -sha256 \
        -nodes \
        -x509 \
        -new \
@@ -280,6 +279,8 @@ EOF
        -days 2 \
        -notext \
        -md sha256 \
+        -keyfile "${ca_key}" \
+        -cert "${ca_cert}" \
        -in "${codesigning_cert}.csr" \
        -out "${codesigning_cert}"