With the rpm-4.14.3 on SLE-15-SP3, the string comparison in elif
directive has problem. It causes that the certificate block in the
elif-endif to disappear permanently, regardless of whether the
comparison succeeds or fails.
This change can also workaround the issue that elif can not handle
special issue_hash/subject_hash from 'openSUSE Secure Boot Signkey':
shim> openssl x509 -in factory-secure-boot.crt -inform PEM -noout -subject_hash
babd5674
shim> openssl x509 -in factory-secure-boot.crt -inform PEM -noout -issuer_hash
d29860c3
Directlly put to global define in shim.spec can reproduce issue:
global prjissuer_hash d29860c3
global prjsubjec_hash babd5674
This patch changed codes by using if-endif instead of elif-endif to
workaround the above two problems
The old openssl in SLE-15-SP3 assumes the format of input
certificate is PEM. In d279b0c453 patch, we converted the SUSE
certificates from PEM to DER format for using by Lua in pretrans
script. It causes the openssl command to fail with old openssl.
So we specify the certificate format in openssl commands.
