From 123aa50363ee8e25d7affa94ad24a6e3386f5a83 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Thu, 16 Jul 2020 15:00:40 -0400
Subject: [PATCH] Try naming the cert differently

Signed-off-by: Peter Jones <pjones@redhat.com>
---
 pesign-test-app.spec | 22 +++++++++++++++++-----
 1 file changed, 17 insertions(+), 5 deletions(-)

diff --git a/pesign-test-app.spec b/pesign-test-app.spec
index 926c81e..e36bd08 100644
--- a/pesign-test-app.spec
+++ b/pesign-test-app.spec
@@ -1,7 +1,7 @@
 Summary: Simple pesign test target
 Name: pesign-test-app
 Version: 5
-Release: 23%{?dist}
+Release: 24%{?dist}
 License: GPLv2
 URL: https://github.com/vathpela/pesign-test-app
 BuildRequires: gcc
@@ -49,10 +49,19 @@ getfacl /run/pesign || :
 ls -l /run/pesign/socket || :
 getfacl /run/pesign/socket || :
 
-cp %{name}-unsigned.efi %{name}-unsigned.0.efi
-%pesign -s -i %{name}-unsigned.0.efi -o %{name}-signed.0.efi
-%define pe_signing_cert fwupd-signer
-%pesign -s -i %{name}-signed.0.efi -o %{name}-signed.efi -n "fwupd-signer"
+#%%define pe_signing_cert Fedora Secure Boot Signer
+if true ; then
+	cp %{name}-unsigned.efi bzImage.signed
+	%pesign -s -i bzImage.signed -o bzImage.signed -a redhatsecurebootca1.cer -c redhatsecureboot301.cer -n redhatsecureboot301
+	%define pe_signing_cert /CN=Fedora Secure Boot Signer
+	%pesign -s -i bzImage.signed -o bzImage.signed -a redhatsecurebootca5.cer -c redhatsecureboot501.cer -n redhatsecureboot501
+	mv bzImage.signed %{name}-signed.efi
+else
+	cp %{name}-unsigned.efi %{name}-unsigned.0.efi
+	%pesign -s -i %{name}-unsigned.0.efi -o %{name}.tmp.efi -a redhatsecurebootca5.cer -c redhatsecureboot501.cer -n redhatsecureboot501
+	%define pe_signing_cert fwupd-signer
+	%pesign -s -i %{name}.tmp.efi -o %{name}-signed.efi -a redhatsecurebootca1.cer -c redhatsecureboot301.cer -n redhatsecureboot301
+fi
 
 %install
 rm -rf %{buildroot}
@@ -81,6 +90,9 @@ done
 %{_datadir}/%{name}-%{version}/%{name}-signed*.efi
 
 %changelog
+* Thu Jul 16 2020 Peter Jones <pjones@redhat.com> - 5-24
+- Try naming the cert differently
+
 * Mon Jul 13 2020 Peter Jones <pjones@redhat.com> - 5-23
 - Test builders again again