summaryrefslogtreecommitdiff
path: root/scripts/package-build/linux-kernel/build-openvpn-dco.sh
AgeCommit message (Collapse)Author
2024-09-25T861: sign all Kernel modules with an ephemeral keyChristian Breunig
The shim review board (which is the secure boot base loader) recommends using ephemeral keys when signing the Linux Kernel. This commit enables the Kernel build system to generate a one-time ephemeral key that is used to: * sign all build-in Kernel modules * sign all other out-of-tree Kernel modules The key lives in /tmp and is destroyed after the build container exits and is named: "VyOS build time autogenerated kernel key". In addition the Kernel now uses CONFIG_MODULE_SIG_FORCE. This now makes it unable to load any Kernel Module to the image that is NOT signed by the ephemeral key.
2024-08-29T6674: Add build-scrips for packages without JenkinsViacheslav Hletenko
Add build scripts for .deb packages without Jenkins. To exclude Jenkins we need some place where we can put new builds-scripts to run in parallel (old/new) during meantime We will deprecate old Jenkins package builds in the future.