lp:~apw/launchpad/signing-kmod-extended-key-usage

Created by Andy Whitcroft on 2018-08-03 and last modified on 2018-08-03
Get this branch:
bzr branch lp:~apw/launchpad/signing-kmod-extended-key-usage
Only Andy Whitcroft can upload to this branch. If you are Andy Whitcroft please log in for upload directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Andy Whitcroft
Project:
Launchpad itself
Status:
Merged

Recent revisions

18747. By Andy Whitcroft on 2018-08-03

signing: tests -- standardise substring assertion

Signed-off-by: Andy Whitcroft <email address hidden>

18746. By Andy Whitcroft on 2018-08-03

sigining: dedent initial definitions of openssl configuration fragments

Signed-off-by: Andy Whitcroft <email address hidden>

18745. By Andy Whitcroft on 2018-08-03

signing: fix brown paper bag moving openssl configuration body

Signed-off-by: Andy Whitcroft <email address hidden>

18744. By Andy Whitcroft on 2018-08-03

signing: add extendedKeyUsage = codeSigning,1.3.6.1.4.1.2312.16.1.2 to kmod keys

In order to prevent kernel module signing keys from also
being usable to sign kernels add the extendedKeyUsage of
codeSigning,1.3.6.1.4.1.2312.16.1.2 to the OpenSSL configuration
when generating these keys.

Take this opportunity to pull out the OpenSSL configuration
generation so that it can be validated during testing.

Signed-off-by: Andy Whitcroft <email address hidden>

18743. By Launchpad PQM Bot on 2018-08-03

[r=maxiberta][bug=1780411] Weaken type of key_text in
 person.deleteSSHKeysFromSSO so that more existing keys can be deleted.

18742. By Launchpad PQM Bot on 2018-07-31

[r=wgrant][no-qa] Adjust request-daily-builds DB permissions to
 handle recent changes in how snap builds are requested.

18741. By Launchpad PQM Bot on 2018-07-30

[testfix][r=cjwatson][no-qa] Fix various problems exposed by the
 request_daily_builds script test.

18740. By Launchpad PQM Bot on 2018-07-30

[r=wgrant][bug=1770400][incr] Make automatic builds of snaps honour
 build-on architectures.

18739. By Launchpad PQM Bot on 2018-07-30

[r=wgrant][bug=1783315] Clean up with_timeout worker thread upon
 receiving SoftTimeLimitExceeded from celery.

18738. By Launchpad PQM Bot on 2018-07-27

[r=wgrant][bug=1667725] Add Archive.getSigningKeyData,
 currently just proxying through to the keyserver.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:launchpad
This branch contains Public information 
Everyone can see this information.

Subscribers