Message ID | 20231116221828.301564-1-briannorris@chromium.org |
---|---|
State | New |
Headers | show |
Series | wireless-regdb: Makefile: Reproducible signatures | expand |
On Thu, 16 Nov 2023 14:18:16 -0800, Brian Norris wrote: > Per openssl-mime(1): > > -noattr > Normally when a message is signed a set of attributes are > included which include the signing time and supported > symmetric algorithms. With this option they are not included. > > [...] Applied, thanks! [1/1] wireless-regdb: Makefile: Reproducible signatures commit: 9e0aee64cd2347b45d6d29a65105c2926c0b8dbc Best regards,
diff --git a/Makefile b/Makefile index 02176ec7b717..ecd23309efb6 100644 --- a/Makefile +++ b/Makefile @@ -69,6 +69,7 @@ regulatory.db.p7s: regulatory.db $(REGDB_PRIVKEY) $(REGDB_PUBCERT) -signer $(REGDB_PUBCERT) \ -inkey $(REGDB_PRIVKEY) \ -in $< -nosmimecap -binary \ + -noattr \ -outform DER -out $@ sha1sum.txt: db.txt
Per openssl-mime(1): -noattr Normally when a message is signed a set of attributes are included which include the signing time and supported symmetric algorithms. With this option they are not included. The signing time hurts reproducibility, even if the same database, key, and certificate are used. So, drop the extra attributes from the smime command. Signed-off-by: Brian Norris <briannorris@chromium.org> --- Makefile | 1 + 1 file changed, 1 insertion(+)