[wireless-regdb] [PATCH] wireless-regdb: Makefile: Reproducible signatures
Brian Norris
briannorris at chromium.org
Thu Nov 16 14:18:16 PST 2023
Per openssl-mime(1):
-noattr
Normally when a message is signed a set of attributes are
included which include the signing time and supported
symmetric algorithms. With this option they are not included.
The signing time hurts reproducibility, even if the same database, key,
and certificate are used.
So, drop the extra attributes from the smime command.
Signed-off-by: Brian Norris <briannorris at chromium.org>
---
Makefile | 1 +
1 file changed, 1 insertion(+)
diff --git a/Makefile b/Makefile
index 02176ec7b717..ecd23309efb6 100644
--- a/Makefile
+++ b/Makefile
@@ -69,6 +69,7 @@ regulatory.db.p7s: regulatory.db $(REGDB_PRIVKEY) $(REGDB_PUBCERT)
-signer $(REGDB_PUBCERT) \
-inkey $(REGDB_PRIVKEY) \
-in $< -nosmimecap -binary \
+ -noattr \
-outform DER -out $@
sha1sum.txt: db.txt
--
2.43.0.rc0.421.g78406f8d94-goog
More information about the wireless-regdb
mailing list