Attempt to enable dual-signing in f31

Signed-off-by: Peter Jones <pjones@redhat.com>
2024-11-24 06:22:43 +00:00 · 2020-08-10 17:03:55 -04:00 · 2020-08-10 17:03:55 -04:00 · a21dd5b540
commit a21dd5b540
parent 124a375986
2 changed files with 10 additions and 2 deletions
--- a/grub.macros
+++ b/grub.macros
@ -373,8 +373,13 @@ done								\
 	-p /EFI/%{efi_vendor} -d grub-core ${GRUB_MODULES}	\
 %{4}./grub-mkimage -O %{1} -o %{3}.orig				\\\
 	-p /EFI/BOOT -d grub-core ${GRUB_MODULES}		\
-%{expand:%%{pesign -s -i %%{2}.orig -o %%{2} -a %%{5} -c %%{6} -n %%{7}}}	\
+%{expand:%%define ___pesign_client_cert %{?___pesign_client_cert}%{!?___pesign_client_cert:%{__pesign_client_cert}}} \
-%{expand:%%{pesign -s -i %%{3}.orig -o %%{3} -a %%{5} -c %%{6} -n %%{7}}}	\
+%{?__pesign_client_cert:%{expand:%%define __pesign_client_cert %{___pesign_client_cert}}} \
 %{expand:%%{pesign -s -i %%{2}.orig -o %%{2}.onesig -a %%{5} -c %%{6} -n %%{7}}}	\
 %{expand:%%{pesign -s -i %%{3}.orig -o %%{3}.onesig -a %%{5} -c %%{6} -n %%{7}}}	\
 %{expand:%%define __pesign_client_cert grub2-signer} \
 %{expand:%%{pesign -s -i %%{2}.onesig -o %%{2} -a %%{5} -c %%{6} -n %%{7}}}	\
 %{expand:%%{pesign -s -i %%{3}.onesig -o %%{3} -a %%{5} -c %%{6} -n %%{7}}}	\
 %{nil}
 %else
 %define mkimage()						\
--- a/grub2.spec
+++ b/grub2.spec
@ -518,6 +518,9 @@ rm -r /boot/grub2.tmp/ || :
 %endif
 %changelog
 * Mon Aug 10 2020 Peter Jones <pjones@redhat.com> - 2.02-110
 - Attempt to enable dual-signing in f31
 * Wed Jul 29 2020 Peter Jones <pjones@redhat.com> - 2.02-110
 - "Minor" bug fixes
  CVE-2020-10713