On Wed, 3 Mar 2021 14:27:16 +0100 Julian Sikorski <belegdol@xxxxxxxxx> wrote: > Am 03.03.21 um 14:00 schrieb Dominik 'Rathann' Mierzejewski: > > > > There seems to be some documentation on the wiki: > > https://fedoraproject.org/wiki/BuildingUpstreamKernel#Sign_the_kernel_for_Secure_Boot > > > > Regards, > > Dominik > > > This explains how to sign a kernel build locally with make, not how > to make mock & rpbmbuild use a self-signed certificate for the RPM > package. I build a custom kernel tuned for my system from Fedora src.rpms locally using rpmbuild (older technique without mock). I then install it using dnf -C and sign it using a method similar to the above (pesign instead of sbsign). What do you gain by having the rpms signed? My thought is, if a person has the authority to run dnf to install local packages on the system, secure boot is meaningless as protection. Is it that you want the build process to sign the kernel in the rpm package with your local keys so you don't have to go through the process of signing the kernel after it is installed? If that is what you want, and you get it working, would you post the technique here. _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
