summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSteve McIntyre <steve@einval.com>2026-05-06 23:58:34 +0100
committerSteve McIntyre <steve@einval.com>2026-05-13 23:06:06 +0100
commitd26ca79bcb7a6e2c59f7b6f9292c28b7189d431a (patch)
treeb38cbc7e90fb3227244d3c9626a1a2e9034c1b08
parent06be276481fa3481cbdb3fa24ce8a1114d1bcdbd (diff)
downloadshim-signed-d26ca79bcb7a6e2c59f7b6f9292c28b7189d431a.tar.gz
shim-signed-d26ca79bcb7a6e2c59f7b6f9292c28b7189d431a.zip
Fix up cert filenames and explicitly sort them before use
-rw-r--r--0010-snakeoil.crt (renamed from 1000-snakeoil.crt)0
-rw-r--r--0020-wrong.crt (renamed from 2000-wrong.crt)0
-rwxr-xr-xverify_combine_sigs6
3 files changed, 3 insertions, 3 deletions
diff --git a/1000-snakeoil.crt b/0010-snakeoil.crt
index dd02a82..dd02a82 100644
--- a/1000-snakeoil.crt
+++ b/0010-snakeoil.crt
diff --git a/2000-wrong.crt b/0020-wrong.crt
index a9039db..a9039db 100644
--- a/2000-wrong.crt
+++ b/0020-wrong.crt
diff --git a/verify_combine_sigs b/verify_combine_sigs
index 438f125..c8dd9ce 100755
--- a/verify_combine_sigs
+++ b/verify_combine_sigs
@@ -174,7 +174,7 @@ def main():
print("Loading details of all the expected certificates")
print("==========")
known_certs = {}
- for check_cert in glob.glob(SIGN_CERTS):
+ for check_cert in sorted(glob.glob(SIGN_CERTS)):
subject, sha256 = grab_cert_details(check_cert)
known_certs[subject] = {"sha256": sha256, "filename": check_cert}
print("")
@@ -194,7 +194,7 @@ def main():
# Verify that the image is signed and valid
print("Looking for any valid checksum and signature")
try:
- verify_signature(signed, glob.glob(SIGN_CERTS))
+ verify_signature(signed, sorted(glob.glob(SIGN_CERTS)))
except Exception as exc:
print(f"Invalid signature on {signed}: {exc}")
sys.exit(1)
@@ -281,7 +281,7 @@ def main():
unsigned,
)
- for sig in glob.glob(f"{build}/detached-*"):
+ for sig in sorted(glob.glob(f"{build}/detached-*")):
print(f"Adding signature {sig}")
attach_sig(sig, unsigned)