|
|
|
@ -50,9 +50,9 @@ getfacl /run/pesign/socket || :
|
|
|
|
|
|
|
|
|
|
cp %{name}-unsigned.efi %{name}-unsigned.0.efi
|
|
|
|
|
%pesign -s -i %{name}-unsigned.0.efi -o %{name}-signed.0.efi
|
|
|
|
|
%define pe_signing_cert fwupd-signer
|
|
|
|
|
cp %{name}-unsigned.efi %{name}-unsigned.1.efi
|
|
|
|
|
%pesign -s -i %{name}-unsigned.1.efi -o %{name}-signed.1.efi -n "/CN=fwupd-signer"
|
|
|
|
|
#%%define pe_signing_cert fwupd-signer
|
|
|
|
|
# cp %%{name}-unsigned.efi %%{name}-unsigned.1.efi
|
|
|
|
|
#%% %%pesign -s -i %%{name}-unsigned.1.efi -o %%{name}-signed.1.efi -n "/CN=fwupd-signer"
|
|
|
|
|
|
|
|
|
|
%install
|
|
|
|
|
rm -rf %{buildroot}
|
|
|
|
@ -65,10 +65,11 @@ mv %{name}-signed*.efi %{buildroot}/%{_datadir}/%{name}-%{version}/
|
|
|
|
|
ls -la /var/run/pesign || :
|
|
|
|
|
%ifarch %{x86}
|
|
|
|
|
# for display in the build log
|
|
|
|
|
pesign -l -i %{buildroot}/%{_datadir}/%{name}-%{version}/%{name}-signed.efi
|
|
|
|
|
# to test the actual output
|
|
|
|
|
pesign -l -i %{buildroot}/%{_datadir}/%{name}-%{version}/%{name}-signed.efi | grep -c -q "^Signing time: $(date +%%a\ %%b\ %%d,\ %%Y)$"
|
|
|
|
|
pesign -l -i %{buildroot}/%{_datadir}/%{name}-%{version}/%{name}-signed.efi | grep -c -q '^The signer.s common name is Fedora Secure Boot Signer$'
|
|
|
|
|
for x in %{buildroot}/%{_datadir}/%{name}-%{version}/%{name}-signed.* ; do
|
|
|
|
|
pesign -l -i "${x}"
|
|
|
|
|
# to test the actual output
|
|
|
|
|
pesign -l -i "${x}" | grep -c -q "^Signing time: $(date +%%a\ %%b\ %%d,\ %%Y)$"
|
|
|
|
|
pesign -l -i "${x}" | grep -c -q '^The signer.s common name is Fedora Secure Boot Signer$'
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
%files
|
|
|
|
|