This repository has been archived by the owner on Jan 6, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 17
Signature creation
Patrick McCarty edited this page Nov 30, 2016
·
2 revisions
If swupd-client is built with the --enable-signature-verification
configure option set, it will download a Manifest.MoM.sig
file for the relevant version, which is a detached PKCS7 signature of the Manifest.MoM
for the same version, and perform a verification of that signature.
However, swupd-server does not ship with support to create the detached signature. Instead, the signature must be created separately. One option is to use the mixer-tools as part of your DevOps flow, which supports creating the signature using a configurable path to a certificate. See the sign_manifest_mom()
function in the helpers file.