Am 03.03.21 um 14:00 schrieb Dominik 'Rathann' Mierzejewski:
On Wednesday, 03 March 2021 at 13:53, Julian Sikorski wrote:
[...]
Now that the kernels have built successfully I have another question: is
there an easy way of signing them so that secureboot can stay enabled? I
have generated a key/certificate pair as described in the docs [1] but I was
not able to figure out how to feed these to rpmbuild/mock. The kernel spec
uses two .cer files instead of .priv/.der pair, and the docs [2] are out of
date as %{pe_signing_cert} are nowhere to be found in the spec.
There seems to be some documentation on the wiki:
https://fedoraproject.org/wiki/BuildingUpstreamKernel#Sign_the_kernel_for_Secure_Boot
Regards,
Dominik
This explains how to sign a kernel build locally with make, not how to
make mock & rpbmbuild use a self-signed certificate for the RPM package.
Best regards,
Julian
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
