radon/ksigner
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

remove most config options

Browse Source
This commit is contained in:
radon 2025-09-24 10:22:50 -05:00
parent 8120057e3f
commit 1236dd5660
4 changed files with 11 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
README.md
View File

@ -90,21 +90,6 @@ sudo ksigner status
Edit `/etc/ksigner/ksigner.conf` to customize behavior
```conf
# Key lifetime in days (default: 100 years)
KEY_LIFETIME_DAYS=$((365 * 100))
# Directory paths for keys
KEY_PUB_DIR="/etc/pki/sbsign/certs/"
KEY_PRIV_DIR="/etc/pki/sbsign/private/"
# Key filenames
KEY_PUB="MOK.pem"
KEY_PRIV="MOK.priv"
KEY_DER="MOK.der"
# Log file
LOG_FILE="/var/log/ksigner.log"
# Automatically sign kernels when they are installed
# AUTO_SIGN=true
```

9
docs/ksigner.8.in
View File

@ -67,11 +67,6 @@ Kernel update hook script for automatic signing.
.SH CONFIGURATION
The behavior of ksigner can be customized through the configuration file
.IR /etc/ksigner/ksigner.conf .
Key configuration options include:
.TP
.B KEY_LIFETIME_DAYS
Number of days the signing keys should remain valid (default: 36500, approximately 100 years).
.TP
.B AUTO_SIGN
@ -114,10 +109,6 @@ through a post-transaction hook. This feature is controlled by the
.B AUTO_SIGN
setting in the configuration file.
When automatic signing is enabled, kernels are signed immediately after installation
via the package manager. All signing operations are logged to
.IR /var/log/ksigner.log .
Note: Automatic signing requires that signing keys have been set up previously using
.B ksigner setup
and that the MOK has been enrolled.

15
src/ksigner.conf
View File

@ -1,21 +1,6 @@
# Configuration file for ksigner
# This file is sourced by the ksigner script
# Key lifetime in days (default: 100 years)
KEY_LIFETIME_DAYS=$((365 * 100))
# Directory paths for keys
KEY_PUB_DIR="/etc/pki/sbsign/certs/"
KEY_PRIV_DIR="/etc/pki/sbsign/private/"
# Key filenames
KEY_PUB="MOK.pem"
KEY_PRIV="MOK.priv"
KEY_DER="MOK.der"
# Log file
LOG_FILE="/var/log/ksigner.log"
# Automatic kernel signing via DNF post-transaction hook
# Uncomment the following line to enable
# AUTO_SIGN=true

18
src/ksigner.in
View File

@ -9,13 +9,17 @@ if [[ -f "$CONFIG_FILE" ]]; then
source "$CONFIG_FILE"
fi
# Default configuration values (can be overridden in config file)
KEY_LIFETIME_DAYS=${KEY_LIFETIME_DAYS:-$((365 * 100))}
KEY_PUB_DIR=${KEY_PUB_DIR:-/etc/pki/sbsign/certs/}
KEY_PUB=${KEY_PUB:-MOK.pem}
KEY_PRIV_DIR=${KEY_PRIV_DIR:-/etc/pki/sbsign/private/}
KEY_PRIV=${KEY_PRIV:-MOK.priv}
KEY_DER=${KEY_DER:-MOK.der}
# Key lifetime in days (default: 100 years)
KEY_LIFETIME_DAYS=$((365 * 100))
# Directory paths for keys
KEY_PUB_DIR="/etc/pki/sbsign/certs/"
KEY_PRIV_DIR="/etc/pki/sbsign/private/"
# Key filenames
KEY_PUB="MOK.pem"
KEY_PRIV="MOK.priv"
KEY_DER="MOK.der"
REQUIRED_BINARIES=(
"openssl"