]> git.ipfire.org Git - thirdparty/dracut.git/commitdiff
projects / thirdparty / dracut.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 179e1a9)
fix(modsign): load keys to correct keyring
authorMichał Zegan <webczat@outlook.com>
Wed, 26 Oct 2022 16:10:38 +0000 (18:10 +0200)
committerLaszlo Gombos <laszlo.gombos@gmail.com>
Wed, 28 Jun 2023 11:53:14 +0000 (07:53 -0400)
Until now, 03modsign module was loading keys from /lib/modules/keys/* into the
current session keyring.
This change makes it add keys to the secondary trusted keyring. This works
only as long as added certificate is signed by key from the same keyring.

modules.d/03modsign/load-modsign-keys.sh patch | blob | blame | history

diff --git a/modules.d/03modsign/load-modsign-keys.sh b/modules.d/03modsign/load-modsign-keys.sh
index a042c08aa2776a9ca24eb49d48277e0f22954297..a489067cbceb89aa39ce68bd6c06886288a0e714 100755 (executable)
--- a/modules.d/03modsign/load-modsign-keys.sh
+++ b/modules.d/03modsign/load-modsign-keys.sh
@@ -7,5 +7,5 @@
 
 for x in /lib/modules/keys/*; do
     [ "${x}" = "/lib/modules/keys/*" ] && break
-    keyctl padd asymmetric "" @s < "${x}"
+    keyctl padd asymmetric "" %:.secondary_trusted_keys < "${x}"
 done
Unnamed repository; edit this file 'description' to name the repository.