[gentoo-commits] repo/gentoo:master commit in: sys-kernel/gentoo-kernel-bin/

[Nowa Ammerlaan]

commit:     c8a9bb682870ee759e9f3d6d8e8b7544bc748f34
Author:     Nowa Ammerlaan <nowa <AT> gentoo <DOT> org>
AuthorDate: Wed Sep 24 13:13:36 2025 +0000
Commit:     Nowa Ammerlaan <nowa <AT> gentoo <DOT> org>
CommitDate: Wed Sep 24 13:13:36 2025 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c8a9bb68

sys-kernel/gentoo-kernel-bin: set the secureboot cert in 6.12.{47,48}

Looks like I missed these two earlier

Closes: https://bugs.gentoo.org/963360
Signed-off-by: Nowa Ammerlaan <nowa <AT> gentoo.org>

 sys-kernel/gentoo-kernel-bin/gentoo-kernel-bin-6.12.47.ebuild | 7 +++++++
 sys-kernel/gentoo-kernel-bin/gentoo-kernel-bin-6.12.48.ebuild | 7 +++++++
 2 files changed, 14 insertions(+)

diff --git a/sys-kernel/gentoo-kernel-bin/gentoo-kernel-bin-6.12.47.ebuild 
b/sys-kernel/gentoo-kernel-bin/gentoo-kernel-bin-6.12.47.ebuild
index aaff192170e7..7a3f3c256bf9 100644
--- a/sys-kernel/gentoo-kernel-bin/gentoo-kernel-bin-6.12.47.ebuild
+++ b/sys-kernel/gentoo-kernel-bin/gentoo-kernel-bin-6.12.47.ebuild
@@ -155,6 +155,13 @@ src_configure() {
                die "USE=generic-uki requires a CONFIG_EFI_ZBOOT enabled build"
        fi
 
+       # Override user variable with the cert used during build
+       openssl x509 \
+               -inform DER -in "${kernel_dir}/certs/signing_key.x509" \
+               -outform PEM -out "${T}/cert.pem" ||
+                       die "Failed to convert pcrpkey to PEM format"
+       export SECUREBOOT_SIGN_CERT=${T}/cert.pem
+
        local image="${kernel_dir}/$(dist-kernel_get_image_path)"
        local uki="${image%/*}/uki.efi"
        if [[ -s ${uki} ]]; then

diff --git a/sys-kernel/gentoo-kernel-bin/gentoo-kernel-bin-6.12.48.ebuild 
b/sys-kernel/gentoo-kernel-bin/gentoo-kernel-bin-6.12.48.ebuild
index 903aa1ed8e02..f27b76b50f36 100644
--- a/sys-kernel/gentoo-kernel-bin/gentoo-kernel-bin-6.12.48.ebuild
+++ b/sys-kernel/gentoo-kernel-bin/gentoo-kernel-bin-6.12.48.ebuild
@@ -155,6 +155,13 @@ src_configure() {
                die "USE=generic-uki requires a CONFIG_EFI_ZBOOT enabled build"
        fi
 
+       # Override user variable with the cert used during build
+       openssl x509 \
+               -inform DER -in "${kernel_dir}/certs/signing_key.x509" \
+               -outform PEM -out "${T}/cert.pem" ||
+                       die "Failed to convert pcrpkey to PEM format"
+       export SECUREBOOT_SIGN_CERT=${T}/cert.pem
+
        local image="${kernel_dir}/$(dist-kernel_get_image_path)"
        local uki="${image%/*}/uki.efi"
        if [[ -s ${uki} ]]; then