commit: 62abff9d0e4a8fef2be0184cff5e32ab7a50d315 Author: Andrew Ammerlaan <andrewammerlaan <AT> gentoo <DOT> org> AuthorDate: Wed Jul 12 07:32:05 2023 +0000 Commit: Andrew Ammerlaan <andrewammerlaan <AT> gentoo <DOT> org> CommitDate: Thu Jul 20 11:32:18 2023 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=62abff9d
sys-boot/shim: use secureboot.eclass to sign mokmanager Signed-off-by: Andrew Ammerlaan <andrewammerlaan <AT> gentoo.org> sys-boot/shim/shim-15.6.ebuild | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/sys-boot/shim/shim-15.6.ebuild b/sys-boot/shim/shim-15.6.ebuild index 21fc211e6607..c4f33913bd22 100644 --- a/sys-boot/shim/shim-15.6.ebuild +++ b/sys-boot/shim/shim-15.6.ebuild @@ -1,9 +1,9 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 -inherit rpm +inherit rpm secureboot DESCRIPTION="Fedora's signed UEFI shim" HOMEPAGE="https://src.fedoraproject.org/rpms/shim"; @@ -23,4 +23,8 @@ src_install() { insinto /usr/share/${PN} doins BOOT/BOOT*.EFI doins fedora/mm*.efi + + # Shim is already signed with Microsoft keys, but MokManager still needs + # signing with our key otherwise we have to enrol the Fedora key in Mok list + secureboot_auto_sign --in-place }
