[opensuse-buildservice] what does "needssslcertforbuild" do?
Hi, Background: I'm testing a kernel patch, which will make UTF-8 characters shown good in tty. I wanna see if it works for myself, find a few testers on forum from UTF-8 communities whose ttys were "口口口口口", then try to submit that patch to our kernel team. So I linked kernel-desktop from Kernel:openSUSE-12.3 to home:MargueriteSu:kernel kernel-desktop But it can't build. The error was: could not retrieve ssl certificate: 400 remote error: /usr/local/sbin/bssign 256 And I found # norootforbuild # This makes the OBS store the project cert as %_sourcedir/_projectcert.crt # needssslcertforbuild in kernel-desktop.spec Question: 1. How can I find/get the correct key (permission to build kernel)? As I guess, such keys only issue to qualified people and qualified project that can make change and won't mess things up, right? 2. Can I just remove that line to build? A cert is used for unique signature or security reasons, is it because our openSUSE specific patches or something that do not allow for change, or I just think too much? Thanks Marguerite -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org
On Wed, Apr 24, 2013 at 04:23:09AM +0800, Marguerite Su wrote:
Hi,
Background: I'm testing a kernel patch, which will make UTF-8 characters shown good in tty. I wanna see if it works for myself, find a few testers on forum from UTF-8 communities whose ttys were "口口口口口", then try to submit that patch to our kernel team.
So I linked kernel-desktop from Kernel:openSUSE-12.3 to home:MargueriteSu:kernel kernel-desktop
But it can't build. The error was:
could not retrieve ssl certificate: 400 remote error: /usr/local/sbin/bssign 256
And I found
# norootforbuild # This makes the OBS store the project cert as %_sourcedir/_projectcert.crt # needssslcertforbuild
in kernel-desktop.spec
Question:
1. How can I find/get the correct key (permission to build kernel)? As I guess, such keys only issue to qualified people and qualified project that can make change and won't mess things up, right?
2. Can I just remove that line to build? A cert is used for unique signature or security reasons, is it because our openSUSE specific patches or something that do not allow for change, or I just think too much?
You are seeing the artefacts of UEFI secure boot signing. To enable the magic to work for you, run: osc signkey --create home:MargueriteSu:kernel to update your own signing key to a compatible one inside. (It will be signed with this key, not with the SUSE / openSUSE certified key.) Ciao, Marcus -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org
On Tue, Apr 23, 2013 at 10:36:12PM +0200, Marcus Meissner wrote:
You are seeing the artefacts of UEFI secure boot signing.
To enable the magic to work for you, run:
osc signkey --create home:MargueriteSu:kernel
to update your own signing key to a compatible one inside.
(It will be signed with this key, not with the SUSE / openSUSE certified key.)
Running 'osc signkey --create home:MargueriteSu' is probably the better way to do it if you don't mind having the key for home:MargueriteSu changed. Cheers, Michael. -- Michael Schroeder mls@suse.de SUSE LINUX Products GmbH, GF Jeff Hawn, HRB 16746 AG Nuernberg main(_){while(_=~getchar())putchar(~_-1/(~(_|32)/13*2-11)*13);} -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org
participants (3)
-
Marcus Meissner
-
Marguerite Su
-
Michael Schroeder