diff options
Diffstat (limited to 'debian/patches/sbsigntool-not-pesign')
| -rw-r--r-- | debian/patches/sbsigntool-not-pesign | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/debian/patches/sbsigntool-not-pesign b/debian/patches/sbsigntool-not-pesign new file mode 100644 index 00000000..9629cb12 --- /dev/null +++ b/debian/patches/sbsigntool-not-pesign @@ -0,0 +1,26 @@ +Description: Sign MokManager with sbsigntool instead of pesign + Ubuntu infrastructure uses sbsigntool for all other EFI signing, so we use + the same thing for signing MokManager with our ephemeral key. This also + avoids an additional build dependency on libnss3-tools. +Author: Steve Langasek <steve.langasek@canonical.com> +Forwarded: not-needed + +--- + Makefile | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +Index: b/Makefile +=================================================================== +--- a/Makefile ++++ b/Makefile +@@ -158,8 +158,8 @@ endif + -j .note.gnu.build-id \ + $(FORMAT) $^ $@.debug + +-%.efi.signed: %.efi certdb/secmod.db +- pesign -n certdb -i $< -c "shim" -s -o $@ -f ++%.efi.signed: %.efi shim.crt ++ sbsign --key shim.key --cert shim.crt $< + + clean: + $(MAKE) -C Cryptlib clean |