On Fri, 2019-10-25 at 10:22 +0200, Ansgar Burchardt wrote: > Ben Hutchings writes: > > The code signing service logs every file it signs, along with a hash of > > the detached signature, but I don't know where the logs are so I can't > > comapre with that. > > I checked the audit log, but I don't think it will help much. It > currently records that: > > - 2019-10-21 07:20:03.898781: > decided to sign > linux-image-5.3.0-1-amd64-unsigned_5.3.7-1_amd64/[...]/snd-hda-codec-hdmi.ko > with sha256sum > 3fe77a308b28825f0d18717e073b411246aea9bb753f76f6071b3fc4e60c6005 > > - 2019-10-21 07:20:04.175379: > signature for the file logged > with sha256sum > c2a36f35867ae92b8664f4bd2193e70370eb3b92013ea53f3573d2508d3da4cb > (which matches snd-hda-codec-hdmi.ko.sig in src:linux-signed-amd64)
Thanks. > So linux' sign-file likely produced a truncated file for some reason; > note that ftp-master still uses linux-kbuild-4.9/4.9.189-3+deb9u1. sign-file has only changed very slightly since then, and the changes don't affect its use of OpenSSL. So this version should still be fine. Ben. -- Ben Hutchings Humans are not rational beings; they are rationalising beings.
signature.asc
Description: This is a digitally signed message part