diff mbox series

wireless-regdb: Makefile: Reproducible signatures

Message ID 20231116221828.301564-1-briannorris@chromium.org
State New
Headers show
Series wireless-regdb: Makefile: Reproducible signatures | expand

Commit Message

Brian Norris Nov. 16, 2023, 10:18 p.m. UTC
Per openssl-mime(1):

       -noattr
	   Normally when a message is signed a set of attributes are
	   included which include the signing time and supported
	   symmetric algorithms. With this option they are not included.

The signing time hurts reproducibility, even if the same database, key,
and certificate are used.

So, drop the extra attributes from the smime command.

Signed-off-by: Brian Norris <briannorris@chromium.org>
---

 Makefile | 1 +
 1 file changed, 1 insertion(+)

Comments

Chen-Yu Tsai Dec. 5, 2023, 8:59 a.m. UTC | #1
On Thu, 16 Nov 2023 14:18:16 -0800, Brian Norris wrote:
> Per openssl-mime(1):
> 
>        -noattr
> 	   Normally when a message is signed a set of attributes are
> 	   included which include the signing time and supported
> 	   symmetric algorithms. With this option they are not included.
> 
> [...]

Applied, thanks!

[1/1] wireless-regdb: Makefile: Reproducible signatures
      commit: 9e0aee64cd2347b45d6d29a65105c2926c0b8dbc

Best regards,
diff mbox series

Patch

diff --git a/Makefile b/Makefile
index 02176ec7b717..ecd23309efb6 100644
--- a/Makefile
+++ b/Makefile
@@ -69,6 +69,7 @@  regulatory.db.p7s: regulatory.db $(REGDB_PRIVKEY) $(REGDB_PUBCERT)
 		-signer $(REGDB_PUBCERT) \
 		-inkey $(REGDB_PRIVKEY) \
 		-in $< -nosmimecap -binary \
+		-noattr \
 		-outform DER -out $@
 
 sha1sum.txt: db.txt