Drop the Fedora checks around pesign

Now that we are packaging the certificates, there's no reason
to have the extra check. pesign will take care of doing the
right thing behind the scenes
This commit is contained in:
Laura Abbott 2019-11-20 12:46:22 -05:00
parent eb5fbf2f84
commit 3d93b18d26

View File

@ -1600,12 +1600,8 @@ BuildKernel() {
fi fi
%ifarch x86_64 aarch64 %ifarch x86_64 aarch64
%if 0%{?fedora}
%pesign -s -i $KernelImage -o vmlinuz.signed
%else
%pesign -s -i $SignImage -o vmlinuz.signed -a %{secureboot_ca} -c %{secureboot_key} -n %{pesign_name} %pesign -s -i $SignImage -o vmlinuz.signed -a %{secureboot_ca} -c %{secureboot_key} -n %{pesign_name}
%endif %endif
%endif
%ifarch s390x ppc64le %ifarch s390x ppc64le
if [ -x /usr/bin/rpm-sign ]; then if [ -x /usr/bin/rpm-sign ]; then
rpm-sign --key "%{pesign_name}" --lkmsign $SignImage --output vmlinuz.signed rpm-sign --key "%{pesign_name}" --lkmsign $SignImage --output vmlinuz.signed