2 changed files with 21 additions and 72 deletions
--- a/config.yaml
+++ b/config.yaml
@ -1,19 +1,15 @@
 actions:
  - replace:
      - target: "grub.macros"
-        find: "Provides:	%{name}-efi = %{evr}					\\"
+        find: |
+              Provides:	%{name}-efi = %{evr}					\
        replace: |
-              Requires:	%{efi_esp_dir}/shim%%(echo %{1} | cut -d- -f2).efi	\
              Provides:	%{name}-efi = %{evr}					\
              Provides:	almalinux(grub2-sig-key) = 202303				\
              %{expand:%%ifarch x86_64						\
-              Conflicts:	shim-x64 <= 15.6-1.el8.alma					\
-              Conflicts:	shim-ia32 <= 15.6-1.el8.alma				\
-              %%endif}										\
-        count: 1
-      - target: "grub.macros"
-        find: "ln -sf ../efi/EFI/%{efi_vendor}/grubenv				\\\\\\"
-        replace: "ln -sf ../efi/EFI/%{efidir}/grubenv				\\\\\\"
+              Conflicts:	shim-x64 <= 15.6-1.el9.alma					\
+              Conflicts:	shim-ia32 <= 15.6-1.el9.alma				\
+              %%endif}                                        \
        count: 1
      - target: "sbat.csv.in"
        find: "grub.rh,2,Red Hat,grub2,@@VERSION_RELEASE@@,mailto:secalert@redhat.com"
@ -21,82 +17,40 @@ actions:
              grub.rh,2,Red Hat,grub2,@@RHEL_VERSION_RELEASE@@,mailto:secalert@redhat.com
              grub.almalinux,2,AlmaLinux,grub2,@@VERSION_RELEASE@@,mailto:security@almalinux.org
        count: 1
-      - target: "spec"
-        find: "%undefine _hardened_build"
-        replace: |
-              %global efi_vendor almalinux
-              %global efidir almalinux
-              %global efi_esp_dir /boot/efi/EFI/%{efidir}
-              
-              %undefine _hardened_build
      - target: "spec"
        find: |
-              %define old_sb_cer	%{SOURCE14}
-              %define old_sb_key	redhatsecureboot301
-              %define sb_ca		%{SOURCE15}
-              %define sb_cer		%{SOURCE16}
+              %if 0%{?centos}
+              
+              %ifarch x86_64 aarch64 ppc64le
+              %define sb_key		centossecureboot202
+              %endif
+              %else
+              %ifarch x86_64 aarch64
              %define sb_key		redhatsecureboot502
-        replace: |
-              %define old_sb_cer	%{SOURCE13}
-              %define old_sb_key	almalinuxsecurebootca0
-              %define sb_ca		%{SOURCE13}
-              %define sb_cer		%{SOURCE13}
-              %define sb_key		almalinuxsecurebootca0
-        count: 1
-      - target: "spec"
-        find: | 
-              %define old_sb_cer	%{SOURCE17}
-              %define sb_cer		%{SOURCE18}
+              %endif
+              %ifarch ppc64le
              %define sb_key		redhatsecureboot702
-        replace: |
-              %define old_sb_cer	%{SOURCE13}
-              %define sb_cer		%{SOURCE13}
-              %define sb_key		almalinuxsecurebootca0
+              %endif
+              
+              %endif
+        replace: "%define sb_key		almalinuxsecurebootca0"
        count: 1
      - target: "spec"
        find: |
              # generate with do-rebase
-              %include %{SOURCE2}
+              %include %{SOURCE11}
        replace: |
              # AlmaLinux: keep upstream EVR for RHEL SBAT entry
              %define rhel_version_release $(echo %{version}-%{release} | sed 's/\.alma.*//')
              
+              
              # generate with do-rebase
-              %include %{SOURCE2}
+              %include %{SOURCE11}
        count: 1
      - target: "spec"
        find: "sed -e \"s,@@VERSION@@,%{version},g\" -e \"s,@@VERSION_RELEASE@@,%{version}-%{release},g\" \\"
        replace: "sed -e \"s,@@VERSION@@,%{version},g\" -e \"s,@@VERSION_RELEASE@@,%{version}-%{release},g\" -e \"s,@@RHEL_VERSION_RELEASE@@,%{rhel_version_release},g\" \\"
        count: 1
-      - target: "spec"
-        find: "%files common -f grub.lang"
-        replace: |
-              %if 0%{with_efi_arch}
-              %posttrans %{package_arch}
-              if [ -d /sys/firmware/efi ] && [ ! -f %{efi_esp_dir}/grub.cfg ]; then
-                  grub2-mkconfig -o %{efi_esp_dir}/grub.cfg || :
-              fi
-              %endif
-              
-              %if 0%{with_alt_efi_arch}
-              %posttrans %{alt_package_arch}
-              if [ -d /sys/firmware/efi ] && [ ! -f %{efi_esp_dir}/grub.cfg ]; then
-                  grub2-mkconfig -o %{efi_esp_dir}/grub.cfg || :
-              fi
-              %endif
-              
-              %files common -f grub.lang
-        
-  - delete_line:
-      - target: "spec"
-        lines:
-          - |
-            Source13:	redhatsecurebootca3.cer
-            Source14:	redhatsecureboot301.cer
-            Source15:	redhatsecurebootca5.cer
-            Source16:	redhatsecureboot502.cer
-            Source17:	redhatsecureboot601.cer
-            Source18:	redhatsecureboot701.cer

  - modify_release:
    - suffix: ".alma.1"
@ -107,8 +61,3 @@ actions:
        email: "eabdullin@almalinux.org"
        line:
          - "Debrand for AlmaLinux"
-
-  - add_files:
-      - type: "source"
-        name: "almalinuxsecurebootca0.cer"
-        number: 13
--- a/files/almalinuxsecurebootca0.cer
+++ b/files/almalinuxsecurebootca0.cer