From: David Howells <dhowells@redhat.com>
Date: Wed, 26 Sep 2012 09:11:06 +0000 (+0100)
Subject: MODSIGN: Provide a script for generating a key ID from an X.509 cert
X-Git-Tag: v3.7-rc1~2^2~8
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=85ecac79457e30b19802bbfaeba1856ad00945b0;p=pandora-kernel.git

MODSIGN: Provide a script for generating a key ID from an X.509 cert

Provide a script to parse an X.509 certificate and certain pieces of
information from it in order to generate a key identifier to be included within
a module signature.

The script takes the Subject Name and extracts (if present) the
organizationName (O), the commonName (CN) and the emailAddress and fabricates
the signer's name from them:

 (1) If both O and CN exist, then the name will be "O: CN", unless:

     (a) CN is prefixed by O, in which case only CN is used.

     (b) CN and O share at least the first 7 characters, in which case only CN
     	 is used.

 (2) Otherwise, CN is used if present.

 (3) Otherwise, O is used if present.

 (4) Otherwise the emailAddress is used, if present.

 (5) Otherwise a blank name is used.

The script emits a binary encoded identifier in the following form:

 - 2 BE bytes indicating the length of the signer's name.

 - 2 BE bytes indicating the length of the subject key identifier.

 - The characters of the signer's name.

 - The bytes of the subject key identifier.

Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
---

Reading git-diff-tree failed