- Mar 31, 2020
-
-
Simon McVittie authored
Signed-off-by: Simon McVittie <smcv@debian.org>
-
Simon McVittie authored
Closes: #955259 Signed-off-by: Simon McVittie <smcv@debian.org>
-
Simon McVittie authored
Patch cherry-picked from upstream.
-
Simon McVittie authored
Signed-off-by: Simon McVittie <smcv@debian.org>
-
- Mar 30, 2020
-
-
Mario Limonciello authored
Fix -dev dependencies See merge request efi-team/libjcat!2
-
Mario Limonciello authored
Fix FTBFS See merge request !1
-
- Mar 28, 2020
-
-
Simon McVittie authored
Otherwise ${gir:Depends} won't be generated. Signed-off-by: Simon McVittie <smcv@debian.org>
-
Simon McVittie authored
Signed-off-by: Simon McVittie <smcv@debian.org>
-
Simon McVittie authored
Without these, building a trivial program against libjcat fails with errors like: + pkg-config --cflags --libs jcat Package gio-2.0 was not found in the pkg-config search path. Signed-off-by: Simon McVittie <smcv@debian.org>
-
Simon McVittie authored
Signed-off-by: Simon McVittie <smcv@debian.org>
-
Simon McVittie authored
The autobuilders use a minimal chroot that doesn't necessarily have a machine ID, but base-files gives us /etc/os-release. Signed-off-by: Simon McVittie <smcv@debian.org> Closes: #955234
-
Simon McVittie authored
Signed-off-by: Simon McVittie <smcv@debian.org>
-
- Mar 24, 2020
-
-
Steve McIntyre authored
-
- Mar 23, 2020
-
-
Mario Limonciello authored
-
Mario Limonciello authored
Release libjcat 0.1.0
-
Richard Hughes authored
-
- Mar 10, 2020
-
-
Mario Limonciello authored
-
- Mar 06, 2020
-
-
Richard Hughes authored
It's quite a useful thing for end users now.
-
Richard Hughes authored
-
Richard Hughes authored
This means we can verify using just the CA certificate which is what we want to encourage. This is also what the LVFS already does.
-
Richard Hughes authored
-
- Mar 05, 2020
-
-
Richard Hughes authored
This allows us to use other self-signed certificate stores, for instance using the one generated by fwupd.
-
Richard Hughes authored
It may be partially broken, but some projects generate SHA-1 checksums still. Also, if SHA256 is every broken it's very unlikely to have an attack where the SHA1 hash is also valid...
-
Mario Limonciello authored
-
Mario Limonciello authored
-
Richard Hughes authored
Trying to combine both things into one API call was causing confusion; a per-client self-signed signature is a very different thing than a signature that uses a corporate issued certificate (with private key) and splitting these out allows us to make the CHECKSUM mode less fragile at the same time. This also allows us to create vendor signatures using jcat-tool rather than relying on external commands and then importing them manually.
-
Richard Hughes authored
-
Richard Hughes authored
This allows us to import signatures without overwriting the ones from the LVFS.
-
Richard Hughes authored
It doesn't logically make sense; what are we signing with if not using the client cert? If we're using the client cert, then only one engine can possibly be supported if we're returning just one thing. This also forces us to return the JcatBlob from the signing operation, which is logically also correct; only the specific engine knows the correct flags to use when exporting, e.g. `JCAT_BLOB_FLAG_IS_UTF8`.
-
Richard Hughes authored
-
Richard Hughes authored
This means we can create properly namespaced helper files, e.g. `jcat-pkcs7-common.c` or `jcat-pkcs7-cert.h` in the future
-
Richard Hughes authored
This fixes a longstanding issue where we could only load _directories_ of public keys, rather than a specific key.
-
Richard Hughes authored
-
- Mar 04, 2020
-
-
Richard Hughes authored
Wip/hughsie/readme
-
Richard Hughes authored
-
Richard Hughes authored
-
Richard Hughes authored
Wip/hughsie/win32
-
Richard Hughes authored
-
Richard Hughes authored
-
Richard Hughes authored
-