From a21dd5b5403e855226377865bba7a37ddc05023b Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Mon, 10 Aug 2020 17:03:55 -0400
Subject: [PATCH] Attempt to enable dual-signing in f31

Signed-off-by: Peter Jones <pjones@redhat.com>
---
 grub.macros | 9 +++++++--
 grub2.spec  | 3 +++
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/grub.macros b/grub.macros
index 6b9c005..c8f7b76 100644
--- a/grub.macros
+++ b/grub.macros
@@ -373,8 +373,13 @@ done								\
 	-p /EFI/%{efi_vendor} -d grub-core ${GRUB_MODULES}	\
 %{4}./grub-mkimage -O %{1} -o %{3}.orig				\\\
 	-p /EFI/BOOT -d grub-core ${GRUB_MODULES}		\
-%{expand:%%{pesign -s -i %%{2}.orig -o %%{2} -a %%{5} -c %%{6} -n %%{7}}}	\
-%{expand:%%{pesign -s -i %%{3}.orig -o %%{3} -a %%{5} -c %%{6} -n %%{7}}}	\
+%{expand:%%define ___pesign_client_cert %{?___pesign_client_cert}%{!?___pesign_client_cert:%{__pesign_client_cert}}} \
+%{?__pesign_client_cert:%{expand:%%define __pesign_client_cert %{___pesign_client_cert}}} \
+%{expand:%%{pesign -s -i %%{2}.orig -o %%{2}.onesig -a %%{5} -c %%{6} -n %%{7}}}	\
+%{expand:%%{pesign -s -i %%{3}.orig -o %%{3}.onesig -a %%{5} -c %%{6} -n %%{7}}}	\
+%{expand:%%define __pesign_client_cert grub2-signer} \
+%{expand:%%{pesign -s -i %%{2}.onesig -o %%{2} -a %%{5} -c %%{6} -n %%{7}}}	\
+%{expand:%%{pesign -s -i %%{3}.onesig -o %%{3} -a %%{5} -c %%{6} -n %%{7}}}	\
 %{nil}
 %else
 %define mkimage()						\
diff --git a/grub2.spec b/grub2.spec
index 05f3994..fe3ae5e 100644
--- a/grub2.spec
+++ b/grub2.spec
@@ -518,6 +518,9 @@ rm -r /boot/grub2.tmp/ || :
 %endif
 
 %changelog
+* Mon Aug 10 2020 Peter Jones <pjones@redhat.com> - 2.02-110
+- Attempt to enable dual-signing in f31
+
 * Wed Jul 29 2020 Peter Jones <pjones@redhat.com> - 2.02-110
 - "Minor" bug fixes
   CVE-2020-10713