From 3d93b18d2615522f0cb8e4d95c74f14f6a3b60fc Mon Sep 17 00:00:00 2001
From: Laura Abbott <labbott@redhat.com>
Date: Wed, 20 Nov 2019 12:46:22 -0500
Subject: [PATCH] Drop the Fedora checks around pesign

Now that we are packaging the certificates, there's no reason
to have the extra check. pesign will take care of doing the
right thing behind the scenes
---
 kernel.spec | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/kernel.spec b/kernel.spec
index ef0c936c1..3cf27d74a 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -1600,12 +1600,8 @@ BuildKernel() {
     fi
 
     %ifarch x86_64 aarch64
-    %if 0%{?fedora}
-    %pesign -s -i $KernelImage -o vmlinuz.signed
-    %else
     %pesign -s -i $SignImage -o vmlinuz.signed -a %{secureboot_ca} -c %{secureboot_key} -n %{pesign_name}
     %endif
-    %endif
     %ifarch s390x ppc64le
     if [ -x /usr/bin/rpm-sign ]; then
 	rpm-sign --key "%{pesign_name}" --lkmsign $SignImage --output vmlinuz.signed