Try naming the cert differently

Signed-off-by: Peter Jones <pjones@redhat.com>

pesign-test-app.spec

@@ -1,7 +1,7 @@
 Summary: Simple pesign test target
 Name: pesign-test-app
 Version: 5
-Release: 23%{?dist}
+Release: 24%{?dist}
 License: GPLv2
 URL: https://github.com/vathpela/pesign-test-app
 BuildRequires: gcc
@@ -49,10 +49,19 @@ getfacl /run/pesign || :
 ls -l /run/pesign/socket || :
 getfacl /run/pesign/socket || :
 
-cp %{name}-unsigned.efi %{name}-unsigned.0.efi
+#%%define pe_signing_cert Fedora Secure Boot Signer
-%pesign -s -i %{name}-unsigned.0.efi -o %{name}-signed.0.efi
+if true ; then
-%define pe_signing_cert fwupd-signer
+	cp %{name}-unsigned.efi bzImage.signed
-%pesign -s -i %{name}-signed.0.efi -o %{name}-signed.efi -n "fwupd-signer"
+	%pesign -s -i bzImage.signed -o bzImage.signed -a redhatsecurebootca1.cer -c redhatsecureboot301.cer -n redhatsecureboot301
+	%define pe_signing_cert /CN=Fedora Secure Boot Signer
+	%pesign -s -i bzImage.signed -o bzImage.signed -a redhatsecurebootca5.cer -c redhatsecureboot501.cer -n redhatsecureboot501
+	mv bzImage.signed %{name}-signed.efi
+else
+	cp %{name}-unsigned.efi %{name}-unsigned.0.efi
+	%pesign -s -i %{name}-unsigned.0.efi -o %{name}.tmp.efi -a redhatsecurebootca5.cer -c redhatsecureboot501.cer -n redhatsecureboot501
+	%define pe_signing_cert fwupd-signer
+	%pesign -s -i %{name}.tmp.efi -o %{name}-signed.efi -a redhatsecurebootca1.cer -c redhatsecureboot301.cer -n redhatsecureboot301
+fi
 
 %install
 rm -rf %{buildroot}
@@ -81,6 +90,9 @@ done
 %{_datadir}/%{name}-%{version}/%{name}-signed*.efi
 
 %changelog
+* Thu Jul 16 2020 Peter Jones <pjones@redhat.com> - 5-24
+- Try naming the cert differently
+
 * Mon Jul 13 2020 Peter Jones <pjones@redhat.com> - 5-23
 - Test builders again again