On 6/14/23 09:29, stan via devel wrote:
On Tue, 13 Jun 2023 11:05:53 -0400
"Chris Murphy" <lists@xxxxxxxxxxxxxxxxx> wrote:
OK I tried this again and discover shim is signed twice.
It has been awhile since I built a local kernel that I signed, but even
a locally built kernel was signed twice when using rpmbuild. I assume
that somewhere in the build plumbing there are two certificates and two
sign procedures.
If that's the case, one of those places is using an expired certificate.
I would have thought that signing tools would refuse to sign with an
invalid cert?
Maybe the build tools take an existing blob, signed way back when with
that expired cert, and re-sign it with a current cert?
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
