# macros for use with pesign # # this makes it possible to invoke your build as: # rpmbuild --define 'pe_signing_token test2' --define "pe_signing_cert signing key for test2" -ba shim.spec # and then in the spec do: # %pesign -s -i shim.orig -o shim.efi # And magically get the right thing. %__pesign_token %{nil}%{?pe_signing_token:--token "%{pe_signing_token}"} %__pesign_cert %{!?pe_signing_cert:"Red Hat Test Certificate"}%{?pe_signing_cert:"%{pe_signing_cert}"} %__pesign_client_token %{!?pe_signing_token:"OpenSC Card (Fedora Signer)"}%{?pe_signing_token:"%{pe_signing_token}"} %__pesign_client_cert %{!?pe_signing_cert:"/CN=Fedora Secure Boot Signer"}%{?pe_signing_cert:"%{pe_signing_cert}"} %_pesign /usr/bin/pesign %_pesign_client /usr/bin/pesign-client # -i # -o # -C # -e # -c # rhel only # -n # rhel only # -a # rhel only # -s # perform signing %pesign(i:o:C:e:c:n:a:s) \ %{_libexecdir}/pesign/pesign-rpmbuild-helper \\\ "%{_target_cpu}" \\\ "%{_pesign}" \\\ "%{_pesign_client}" \\\ %{?__pesign_client_token:--client-token %{__pesign_client_token}} \\\ %{?__pesign_client_cert:--client-cert %{__pesign_client_cert}} \\\ %{?__pesign_token:%{__pesign_token}} \\\ %{?__pesign_cert:--cert %{__pesign_cert}} \\\ %{?_buildhost:--hostname "%{_buildhost}"} \\\ %{?vendor:--vendor "%{vendor}"} \\\ %{?rhel:--rhelver "%{rhel}"} \\\ %{?centos:--rhelver "%{centos}"} \\\ %{?-n:--rhelcert %{-n*}}%{?!-n:--rhelcert %{__pesign_cert}} \\\ %{?-a:--rhelcafile "%{-a*}"} \\\ %{?-c:--rhelcertfile "%{-c*}"} \\\ %{?-C:--certout "%{-C*}"} \\\ %{?-e:--sattrout "%{-e*}"} \\\ %{?-i:--in "%{-i*}"} \\\ %{?-o:--out "%{-o*}"} \\\ %{?-s:--sign} \\\ ; \ %{nil}