From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Sun, 1 Dec 2024 11:00:10 +0000 (+0100)
Subject: Only run systemd-keyutil if secure boot key and cert exist
X-Git-Tag: v25~131
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7abaed33bd4ccad27d2e7b47ca16884cde85c6c8;p=thirdparty%2Fmkosi.git

Only run systemd-keyutil if secure boot key and cert exist
---

diff --git a/mkosi/__init__.py b/mkosi/__init__.py
index 56cb876ed..83d1355de 100644
--- a/mkosi/__init__.py
+++ b/mkosi/__init__.py
@@ -4265,7 +4265,12 @@ def validate_certificates_and_keys(config: Config) -> None:
             stdout=subprocess.DEVNULL,
         )
 
-    if config.bootable != ConfigFeature.disabled and config.secure_boot:
+    if (
+        config.bootable != ConfigFeature.disabled
+        and config.secure_boot
+        and config.secure_boot_certificate
+        and config.secure_boot_key
+    ):
         run_systemd_sign_tool(
             config,
             cmdline=[keyutil, "validate"],