a423b10248
OBS-URL: https://build.opensuse.org/package/show/Kernel:stable/kernel-source?expand=0&rev=1600
58 lines
1.4 KiB
Plaintext
58 lines
1.4 KiB
Plaintext
%package -n %{-n*}-ueficert
|
|
Summary: UEFI Secure Boot Certificate For Package %{-n*}-kmp
|
|
Group: System/Kernel
|
|
%description -n %{-n*}-ueficert
|
|
This package contains the UEFI Secure Boot certificate used to sign
|
|
modules in the %{-n*}-kmp packages.
|
|
|
|
# The scriptlets are reused in kernel-binary.spec.in by a sed script that
|
|
# stops at the next line that starts with a percent sign
|
|
%post -n %{-n*}-ueficert
|
|
if ! command -v mokutil >/dev/null; then
|
|
exit 0
|
|
fi
|
|
# Only apply CA check on the kernel package certs (bsc#1173115)
|
|
if [ %{defined _suse_kernel_module_subpackage} = 0 ] && mokutil -h | grep -q "ca-check"; then
|
|
MOK_ARG="--ca-check"
|
|
else
|
|
MOK_ARG=""
|
|
fi
|
|
# XXX: Only call mokutil if UEFI and shim are used
|
|
for cert in @CERTS@; do
|
|
cert="/etc/uefi/certs/${cert}.crt"
|
|
if ! mokutil --import "$cert" --root-pw ${MOK_ARG}; then
|
|
echo "Failed to import $cert"
|
|
fi
|
|
done
|
|
exit 0
|
|
|
|
%preun -n %{-n*}-ueficert
|
|
if ! command -v mokutil >/dev/null; then
|
|
exit 0
|
|
fi
|
|
for cert in @CERTS@; do
|
|
cert="/etc/uefi/certs/${cert}.crt"
|
|
ln "$cert" "$cert.delete"
|
|
done
|
|
exit 0
|
|
|
|
%postun -n %{-n*}-ueficert
|
|
if ! command -v mokutil >/dev/null; then
|
|
exit 0
|
|
fi
|
|
for cert in @CERTS@; do
|
|
cert="/etc/uefi/certs/${cert}.crt"
|
|
if ! test -e "$cert"; then
|
|
if ! mokutil --delete "$cert.delete" --root-pw; then
|
|
echo "Failed to delete $cert"
|
|
fi
|
|
fi
|
|
rm "$cert.delete"
|
|
done
|
|
exit 0
|
|
|
|
%files -n %{-n*}-ueficert
|
|
%defattr(-, root, root)
|
|
%dir /etc/uefi
|
|
/etc/uefi/certs
|