From: Michał Zegan <webczat@outlook.com>
Date: Wed, 26 Oct 2022 16:10:38 +0000 (+0200)
Subject: fix(modsign): load keys to correct keyring
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b7ef1302715bead649625666f92eff434082de1f;p=thirdparty%2Fdracut.git

fix(modsign): load keys to correct keyring

Until now, 03modsign module was loading keys from /lib/modules/keys/* into the
current session keyring.
This change makes it add keys to the secondary trusted keyring. This works
only as long as added certificate is signed by key from the same keyring.
---

diff --git a/modules.d/03modsign/load-modsign-keys.sh b/modules.d/03modsign/load-modsign-keys.sh
index a042c08aa..a489067cb 100755
--- a/modules.d/03modsign/load-modsign-keys.sh
+++ b/modules.d/03modsign/load-modsign-keys.sh
@@ -7,5 +7,5 @@
 
 for x in /lib/modules/keys/*; do
     [ "${x}" = "/lib/modules/keys/*" ] && break
-    keyctl padd asymmetric "" @s < "${x}"
+    keyctl padd asymmetric "" %:.secondary_trusted_keys < "${x}"
 done