@@ -44,6 +44,18 @@ abi_check()
fi
}
+if [ -d debian/certs ]; then
+ if ! grep -q '^CONFIG_SYSTEM_TRUSTED_KEYS="debian/canonical-certs.pem"$' $debian/config/config.common.ubuntu; then
+ failure "'CONFIG_SYSTEM_TRUSTED_KEYS="debian/canonical-certs.pem"' is required"
+ fi
+fi
+
+if [ -d debian/revoked-certs ]; then
+ if ! grep -q '^CONFIG_SYSTEM_REVOCATION_KEYS="debian/canonical-revoked-certs.pem"$' $debian/config/config.common.ubuntu; then
+ failure "'CONFIG_SYSTEM_REVOCATION_KEYS="debian/canonical-revoked-certs.pem"' is required"
+ fi
+fi
+
for arch in $archs
do
if [ ! -f "$debian/rules.d/$arch.mk" ]; then
If certificates are packaged, the config keys to use them must be enabled otherwise boot testing will fail. This check ensures early detection of incorrect configuration when rebasing derivative kernels. Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com> --- debian/scripts/misc/final-checks | 12 ++++++++++++ 1 file changed, 12 insertions(+)