litmus-rt.git/scripts/x509keyid, branch master The LITMUS^RT kernel. MODSIGN: perlify sign-file and merge in x509keyid 2012-10-19T23:11:21+00:00 David Howells dhowells@redhat.com 2012-10-19T22:56:37+00:00 b37d1bfb55d4b8a7d234fad0a84dca3336cee50b Turn sign-file into perl and merge in x509keyid. The latter doesn't need to be a separate script as it doesn't actually need to work out the SHA1 sum of the X.509 certificate itself, since it can get that from the X.509 certificate. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 
Turn sign-file into perl and merge in x509keyid.  The latter doesn't
need to be a separate script as it doesn't actually need to work out the
SHA1 sum of the X.509 certificate itself, since it can get that from the
X.509 certificate.

Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
kbuild: sign the modules at install time 2012-10-19T15:27:43+00:00 Rusty Russell rusty@rustcorp.com.au 2012-10-19T01:23:15+00:00 e2a666d52b4825c26c857cada211f3baac26a600 Linus deleted the old code and put signing on the install command, I fixed it to extract the keyid and signer-name within sign-file and cleaned up that script now it always signs in-place. Some enthusiast should convert sign-key to perl and pull x509keyid into it. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 
Linus deleted the old code and put signing on the install command,
I fixed it to extract the keyid and signer-name within sign-file
and cleaned up that script now it always signs in-place.

Some enthusiast should convert sign-key to perl and pull
x509keyid into it.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
MODSIGN: Provide a script for generating a key ID from an X.509 cert 2012-10-10T09:36:33+00:00 David Howells dhowells@redhat.com 2012-09-26T09:11:06+00:00 85ecac79457e30b19802bbfaeba1856ad00945b0 Provide a script to parse an X.509 certificate and certain pieces of information from it in order to generate a key identifier to be included within a module signature. The script takes the Subject Name and extracts (if present) the organizationName (O), the commonName (CN) and the emailAddress and fabricates the signer's name from them: (1) If both O and CN exist, then the name will be "O: CN", unless: (a) CN is prefixed by O, in which case only CN is used. (b) CN and O share at least the first 7 characters, in which case only CN is used. (2) Otherwise, CN is used if present. (3) Otherwise, O is used if present. (4) Otherwise the emailAddress is used, if present. (5) Otherwise a blank name is used. The script emits a binary encoded identifier in the following form: - 2 BE bytes indicating the length of the signer's name. - 2 BE bytes indicating the length of the subject key identifier. - The characters of the signer's name. - The bytes of the subject key identifier. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 
Provide a script to parse an X.509 certificate and certain pieces of
information from it in order to generate a key identifier to be included within
a module signature.

The script takes the Subject Name and extracts (if present) the
organizationName (O), the commonName (CN) and the emailAddress and fabricates
the signer's name from them:

 (1) If both O and CN exist, then the name will be "O: CN", unless:

     (a) CN is prefixed by O, in which case only CN is used.

     (b) CN and O share at least the first 7 characters, in which case only CN
     	 is used.

 (2) Otherwise, CN is used if present.

 (3) Otherwise, O is used if present.

 (4) Otherwise the emailAddress is used, if present.

 (5) Otherwise a blank name is used.

The script emits a binary encoded identifier in the following form:

 - 2 BE bytes indicating the length of the signer's name.

 - 2 BE bytes indicating the length of the subject key identifier.

 - The characters of the signer's name.

 - The bytes of the subject key identifier.

Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>