radon/ksigner
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

remove most config options

Browse Source
This commit is contained in:
radon 2025-09-24 10:22:50 -05:00
parent 8120057e3f
commit 1236dd5660
4 changed files with 11 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
README.md
View File

@ -90,21 +90,6 @@ sudo ksigner status
Edit `/etc/ksigner/ksigner.conf` to customize behavior Edit `/etc/ksigner/ksigner.conf` to customize behavior
```conf ```conf
# Key lifetime in days (default: 100 years)
KEY_LIFETIME_DAYS=$((365 * 100))
# Directory paths for keys
KEY_PUB_DIR="/etc/pki/sbsign/certs/"
KEY_PRIV_DIR="/etc/pki/sbsign/private/"
# Key filenames
KEY_PUB="MOK.pem"
KEY_PRIV="MOK.priv"
KEY_DER="MOK.der"
# Log file
LOG_FILE="/var/log/ksigner.log"
# Automatically sign kernels when they are installed # Automatically sign kernels when they are installed
# AUTO_SIGN=true # AUTO_SIGN=true
``` ```

9
docs/ksigner.8.in
View File

@ -67,11 +67,6 @@ Kernel update hook script for automatic signing.
.SH CONFIGURATION .SH CONFIGURATION
The behavior of ksigner can be customized through the configuration file The behavior of ksigner can be customized through the configuration file
.IR /etc/ksigner/ksigner.conf . .IR /etc/ksigner/ksigner.conf .
Key configuration options include:
.TP
.B KEY_LIFETIME_DAYS
Number of days the signing keys should remain valid (default: 36500, approximately 100 years).
.TP .TP
.B AUTO_SIGN .B AUTO_SIGN
@ -114,10 +109,6 @@ through a post-transaction hook. This feature is controlled by the
.B AUTO_SIGN .B AUTO_SIGN
setting in the configuration file. setting in the configuration file.
When automatic signing is enabled, kernels are signed immediately after installation
via the package manager. All signing operations are logged to
.IR /var/log/ksigner.log .
Note: Automatic signing requires that signing keys have been set up previously using Note: Automatic signing requires that signing keys have been set up previously using
.B ksigner setup .B ksigner setup
and that the MOK has been enrolled. and that the MOK has been enrolled.

15
src/ksigner.conf
View File

@ -1,21 +1,6 @@
# Configuration file for ksigner # Configuration file for ksigner
# This file is sourced by the ksigner script # This file is sourced by the ksigner script
# Key lifetime in days (default: 100 years)
KEY_LIFETIME_DAYS=$((365 * 100))
# Directory paths for keys
KEY_PUB_DIR="/etc/pki/sbsign/certs/"
KEY_PRIV_DIR="/etc/pki/sbsign/private/"
# Key filenames
KEY_PUB="MOK.pem"
KEY_PRIV="MOK.priv"
KEY_DER="MOK.der"
# Log file
LOG_FILE="/var/log/ksigner.log"
# Automatic kernel signing via DNF post-transaction hook # Automatic kernel signing via DNF post-transaction hook
# Uncomment the following line to enable # Uncomment the following line to enable
# AUTO_SIGN=true # AUTO_SIGN=true

18
src/ksigner.in
View File

@ -9,13 +9,17 @@ if [[ -f "$CONFIG_FILE" ]]; then
source "$CONFIG_FILE" source "$CONFIG_FILE"
fi fi
# Default configuration values (can be overridden in config file) # Key lifetime in days (default: 100 years)
KEY_LIFETIME_DAYS=${KEY_LIFETIME_DAYS:-$((365 * 100))} KEY_LIFETIME_DAYS=$((365 * 100))
KEY_PUB_DIR=${KEY_PUB_DIR:-/etc/pki/sbsign/certs/}
KEY_PUB=${KEY_PUB:-MOK.pem} # Directory paths for keys
KEY_PRIV_DIR=${KEY_PRIV_DIR:-/etc/pki/sbsign/private/} KEY_PUB_DIR="/etc/pki/sbsign/certs/"
KEY_PRIV=${KEY_PRIV:-MOK.priv} KEY_PRIV_DIR="/etc/pki/sbsign/private/"
KEY_DER=${KEY_DER:-MOK.der}
# Key filenames
KEY_PUB="MOK.pem"
KEY_PRIV="MOK.priv"
KEY_DER="MOK.der"
REQUIRED_BINARIES=( REQUIRED_BINARIES=(
"openssl" "openssl"