fix

Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
2026-05-04 19:56:32 +02:00 · 2023-11-24 04:50:43 +05:30 · 2023-11-24 04:50:43 +05:30 · d71506e76c
commit d71506e76c
parent 20167758b0
4 changed files with 22 additions and 1 deletions
--- a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-sb-keys/coreos-sb-keys-0.0.1.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-sb-keys/coreos-sb-keys-0.0.1.ebuild
@ -21,4 +21,5 @@ src_install() {
 	newins "${FILESDIR}/KEK.crt" KEK.crt
 	newins "${FILESDIR}/DB.key" DB.key
 	newins "${FILESDIR}/DB.crt" DB.crt
+	newins "${FILESDIR}/DB.crt" DB.der
 }
--- a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-sb-keys/files/DB.der
+++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-sb-keys/files/DB.der
--- a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-sb-keys/files/DB.pem
+++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-sb-keys/files/DB.pem
@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDBTCCAe2gAwIBAgIJALVWTDRRd7EnMA0GCSqGSIb3DQEBCwUAMBkxFzAVBgNV
+BAMMDkNvcmVPUyB0ZXN0IERCMB4XDTE1MDQxMzE4MzM0NloXDTE1MDUxMzE4MzM0
+NlowGTEXMBUGA1UEAwwOQ29yZU9TIHRlc3QgREIwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQCwQoQNxPH1ei+RNEcxmdn8cCNc/tYXuLObAUHtTp9AqCYr
+BkZiFZ25RmujfmJDdK4fPN81tpNC0aKKr71UYgcj13noHmOgR9Rv3rRxwBib3n7S
+K4RjnpW6V2aRDYNo0BH25lk/5M8IE6SX0SIuG1vCFavAj5s0dg5ycPHkDj1Ypbmv
+Q6froIdCVX3fSNXSgPY812Eb36yNyZFybetQupfVRsl0auCUNh3anNLPCFre1oZf
+lkx+U3BFXDZ0k8Fjq+fzvKxu4ef9XpZmXieow5YCwemCRItl+ftBeWD/OjXoNXBR
+sij3QNi/CxrO59DiklpGolPaCVA0oJYWL5XkWI/dAgMBAAGjUDBOMB0GA1UdDgQW
+BBRmPA/wBsfGI3EH2/X5W/SuwY1NOzAfBgNVHSMEGDAWgBRmPA/wBsfGI3EH2/X5
+W/SuwY1NOzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCW9TbpGhGv
+ZPPlb0X05wXYnzKUUq6U3IlxGVghwjLeE6/IIQvWn+sl7l9PNainzPATx1jZ7YSR
+HTCXhtfbnM9WICOV/h4Vztt7Z2m65gDa+/5679VpQfrqG5oV7FhucmPiMNbiy92Y
+F5SjB/HmRaSfimew3RmnOVUeUySW7Nw7tA5ka/nG0U9hXd296z7ghJlZQj1qTYtr
+1Y2yv4QSiRWNZcJSOq79tdGbAJqkqibo775UH6sj/UfHMoDQTvAenF8H/4F80r+6
+X2pgnX96ihshJ2MAXQnhbLLmPtXn/pV122xis/177yrefavHFTp14KPbnU1K3jeW
+hoLJhYcZKXdz
+-----END CERTIFICATE-----
--- a/sdk_container/src/third_party/coreos-overlay/sys-boot/shim/shim-9999.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-boot/shim/shim-9999.ebuild
@ -21,6 +21,7 @@ LICENSE="BSD"
 SLOT="0"
 IUSE=""

+BDEPEND="coreos-base/coreos-sb-keys"
 RDEPEND=""
 # TODO: Would be ideal to depend on sys-boot/gnu-efi package, but
 # currently the shim insists on using the bundled copy. This will need
@ -50,7 +51,7 @@ src_compile() {
 		emake_args+=( ARCH=aarch64 )
 	fi
  emake_args+= ( ENABLE_SBSIGN=1 )
-  emake_args+=( VENDOR_CERT_FILE="/usr/share/sb_keys/shim.der" )
+  emake_args+=( VENDOR_CERT_FILE="/usr/share/sb_keys/DB.der" )
 	emake "${emake_args[@]}" || die
 }