Description: Sign MokManager with sbsigntool instead of pesign
 Ubuntu infrastructure uses sbsigntool for all other EFI signing, so we use
 the same thing for signing MokManager with our ephemeral key.  This also
 avoids an additional build dependency on libnss3-tools.
Author: Steve Langasek <steve.langasek@canonical.com>
Forwarded: not-needed

---
 Makefile |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Index: b/Makefile
===================================================================
--- a/Makefile
+++ b/Makefile
@@ -158,8 +158,8 @@ endif
 		-j .note.gnu.build-id \
 		$(FORMAT) $^ $@.debug
 
-%.efi.signed: %.efi certdb/secmod.db
-	pesign -n certdb -i $< -c "shim" -s -o $@ -f
+%.efi.signed: %.efi shim.crt
+	sbsign --key shim.key --cert shim.crt $<
 
 clean:
 	$(MAKE) -C Cryptlib clean