Add an empty list of hashes for the Ubuntu build

so they'll get an empty dbs list rather than breaking the build
author: Steve McIntyre <93sam@debian.org> 2019-05-07 11:05:48 +0100
committer: Steve McIntyre <93sam@debian.org> 2019-05-07 11:05:48 +0100
commit: 28e8f71ef2a18134ef2f11bd5ec237c7a4833707 (patch)
tree: 413efe4d2e118df1ede9d22537d6ed6972faf042
parent: 81dc204854926aff62f67edc53567e177e2e82bf (diff)
download: efi-boot-shim-28e8f71ef2a18134ef2f11bd5ec237c7a4833707.tar.gz
efi-boot-shim-28e8f71ef2a18134ef2f11bd5ec237c7a4833707.zip
1 files changed, 17 insertions, 0 deletions
diff --git a/debian/ubuntu-dbx.hashes b/debian/ubuntu-dbx.hashes
new file mode 100644
index 00000000..b33fc101
--- /dev/null
+++ b/debian/ubuntu-dbx.hashes
@@ -0,0 +1,17 @@
+# ubuntu-dbx.hashes
+#
+# This file contains the sha256 sums of the binaries that we want to
+# blacklist directly in our signed shim. Add entries below, with comments
+# to explain each entry (where possible).
+#
+# Format of this file: put hex-encoded sha256 checksums on lines on
+# their own. I'm using shell-style comments just for clarity.
+#
+# The hashes are generated using:
+#
+#     pesign --hash -in <binary>
+#
+# on *either* the signed or unsigned binary, pesign doesn't care
+# which.
+
+# ... This file intentionally left blank for now ...
author	Steve McIntyre <93sam@debian.org>	2019-05-07 11:05:48 +0100
committer	Steve McIntyre <93sam@debian.org>	2019-05-07 11:05:48 +0100
commit	28e8f71ef2a18134ef2f11bd5ec237c7a4833707 (patch)
tree	413efe4d2e118df1ede9d22537d6ed6972faf042
parent	81dc204854926aff62f67edc53567e177e2e82bf (diff)
download	efi-boot-shim-28e8f71ef2a18134ef2f11bd5ec237c7a4833707.tar.gz efi-boot-shim-28e8f71ef2a18134ef2f11bd5ec237c7a4833707.zip