Hello,
I tried building a signed 6.3 kernel today after a while (6.1
timeframe). Unfortunately, it appears that I am hitting some issues with
pesign:
+ /usr/bin/pesign --certdir /etc/pki/pesign -t 'NSS Certificate DB' -c
'Julians Secure Boot signing key - Julian Sikorski' -s -i
arch/x86/boot/bzImage -o vmlinuz.tmp
pesign: Could not open NSS database ("security library: bad database."):
Permission denied
I have updated to F38 since but everything is still in place:
- pesign is running unlocked:
$ sudo pesign-client -q
token "NSS Certificate DB" is unlocked
- I run mock with hosts's pesign folders exposed:
$ sudo cat /etc/mock/site-defaults.cfg | grep bind
config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/var/run/pesign',
'/var/run/pesign'))
- I run mock with --isolation=simple
Summing up, I am still following the same guide as before [1]. Were
there any changes in the recent months which could influence this
workflow? Thanks!
Best regards,
Julian
[1] https://gist.github.com/chenxiaolong/520914b191f17194a0acdc0e03122e63
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue