summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Ammerlaan <andrewammerlaan@gentoo.org>2023-07-12 09:32:05 +0200
committerAndrew Ammerlaan <andrewammerlaan@gentoo.org>2023-07-20 13:32:18 +0200
commit62abff9d0e4a8fef2be0184cff5e32ab7a50d315 (patch)
tree638a53670c556c2f085a38a268dc2b98443381f5 /sys-boot/shim
parentsys-apps/fwupd-efi: use secureboot.eclass to sign efi exec (diff)
downloadgentoo-62abff9d0e4a8fef2be0184cff5e32ab7a50d315.tar.gz
gentoo-62abff9d0e4a8fef2be0184cff5e32ab7a50d315.tar.bz2
gentoo-62abff9d0e4a8fef2be0184cff5e32ab7a50d315.zip
sys-boot/shim: use secureboot.eclass to sign mokmanager
Signed-off-by: Andrew Ammerlaan <andrewammerlaan@gentoo.org>
Diffstat (limited to 'sys-boot/shim')
-rw-r--r--sys-boot/shim/shim-15.6.ebuild8
1 files changed, 6 insertions, 2 deletions
diff --git a/sys-boot/shim/shim-15.6.ebuild b/sys-boot/shim/shim-15.6.ebuild
index 21fc211e6607..c4f33913bd22 100644
--- a/sys-boot/shim/shim-15.6.ebuild
+++ b/sys-boot/shim/shim-15.6.ebuild
@@ -1,9 +1,9 @@
-# Copyright 1999-2022 Gentoo Authors
+# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
-inherit rpm
+inherit rpm secureboot
DESCRIPTION="Fedora's signed UEFI shim"
HOMEPAGE="https://src.fedoraproject.org/rpms/shim"
@@ -23,4 +23,8 @@ src_install() {
insinto /usr/share/${PN}
doins BOOT/BOOT*.EFI
doins fedora/mm*.efi
+
+ # Shim is already signed with Microsoft keys, but MokManager still needs
+ # signing with our key otherwise we have to enrol the Fedora key in Mok list
+ secureboot_auto_sign --in-place
}