mkosi-obs: also allow enrolling additional certs in KEK

author Luca Boccassi <luca.boccassi@gmail.com>

Sun, 15 Jun 2025 22:52:01 +0000 (23:52 +0100)

committer Luca Boccassi <luca.boccassi@gmail.com>

Mon, 16 Jun 2025 08:42:43 +0000 (09:42 +0100)
author Luca Boccassi <luca.boccassi@gmail.com>
Sun, 15 Jun 2025 22:52:01 +0000 (23:52 +0100)
committer Luca Boccassi <luca.boccassi@gmail.com>
Mon, 16 Jun 2025 08:42:43 +0000 (09:42 +0100)
diff --git a/mkosi/resources/mkosi-obs/mkosi.postoutput b/mkosi/resources/mkosi-obs/mkosi.postoutput

index 9f9aa9dc2f327e2e9c906a3505d17c2b5ffb47e8..1693a8a552f57e5b903d358f79c5b414e737e7c5 100755 (executable)
--- a/mkosi/resources/mkosi-obs/mkosi.postoutput
+++ b/mkosi/resources/mkosi-obs/mkosi.postoutput
@@ -118,6 +118,12 @@ if ((${#DDIS[@]} > 0)); then
          cat tmp.esl >>db.esl
          rm -f tmp.esl
      done
+    for cert in /usr/src/packages/SOURCES/*/mkosi.uefi.KEK/*.crt; do
+        test -f "$cert" || continue
+        cert-to-efi-sig-list -g "$guid" "$cert" tmp.esl
+        cat tmp.esl >>KEK.esl
+        rm -f tmp.esl
+    done
  
      for i in *.esl; do
          sign-efi-sig-list -o -g "$guid" -t "$(date -d "@${SOURCE_DATE_EPOCH:-0}" "+%Y-%m-%d %H:%M:%S")" "${i%.esl}" "$i" "${i%.esl}.auth"
author	Luca Boccassi <luca.boccassi@gmail.com>
	Sun, 15 Jun 2025 22:52:01 +0000 (23:52 +0100)
committer	Luca Boccassi <luca.boccassi@gmail.com>
	Mon, 16 Jun 2025 08:42:43 +0000 (09:42 +0100)