From b8f290bae455ea204a06632e0a7c115d4f5d1681 Mon Sep 17 00:00:00 2001
From: Sayan Chowdhury <schowdhury@microsoft.com>
Date: Thu, 5 Sep 2024 22:57:55 +0530
Subject: [PATCH] sys-boot/shim: Add a use flag to use a DER files for shim
 builds

Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
---
 .../{shim-15.8-r1.ebuild => shim-15.8-r2.ebuild}     | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)
 rename sdk_container/src/third_party/coreos-overlay/sys-boot/shim/{shim-15.8-r1.ebuild => shim-15.8-r2.ebuild} (84%)

diff --git a/sdk_container/src/third_party/coreos-overlay/sys-boot/shim/shim-15.8-r1.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-boot/shim/shim-15.8-r2.ebuild
similarity index 84%
rename from sdk_container/src/third_party/coreos-overlay/sys-boot/shim/shim-15.8-r1.ebuild
rename to sdk_container/src/third_party/coreos-overlay/sys-boot/shim/shim-15.8-r2.ebuild
index 2e0dd7096e..6c6228ed5a 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-boot/shim/shim-15.8-r1.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-boot/shim/shim-15.8-r2.ebuild
@@ -11,7 +11,7 @@ KEYWORDS="amd64 arm64"
 
 LICENSE="BSD"
 SLOT="0"
-IUSE=""
+IUSE="official"
 
 RDEPEND=""
 # TODO: Would be ideal to depend on sys-boot/gnu-efi package, but
@@ -41,8 +41,16 @@ src_compile() {
   elif use arm64; then
     emake_args+=( ARCH=aarch64 )
   fi
-    emake_args+=( ENABLE_SBSIGN=1 )
+  emake_args+=( ENABLE_SBSIGN=1 )
+
+  if use official; then
+    if [ -z "${SHIM_SIGNING_CERTIFICATE}" ]; then
+      die "use production flag needs env SHIM_SIGNING_CERTIFICATE"
+    fi
+    emake_args+=( VENDOR_CERT_FILE="${SHIM_SIGNING_CERTIFICATE}" )
+  else
     emake_args+=( VENDOR_CERT_FILE="/usr/share/sb_keys/shim.der" )
+  fi
   emake "${emake_args[@]}" || die
 }