From 4a5c5440ba90afe1ce47b4283577a903ca5d0d02 Mon Sep 17 00:00:00 2001
From: Andrew Lukoshko <alukoshko@almalinux.org>
Date: Sun, 8 Mar 2026 21:58:36 +0000
Subject: [PATCH] Consolidate pesign/secureboot rules with AlmaLinux certs

---
 config.yaml                    |  44 ++++++++++++++-------------------
 files/almalinuxsecureboot0.cer | Bin 0 -> 999 bytes
 2 files changed, 19 insertions(+), 25 deletions(-)
 create mode 100644 files/almalinuxsecureboot0.cer

diff --git a/config.yaml b/config.yaml
index ed94912..de4b636 100644
--- a/config.yaml
+++ b/config.yaml
@@ -48,24 +48,31 @@ actions:
               %define secureboot_key_0 %{SOURCE12}
               %define pesign_name_0 centossecureboot201
               %else
-        replace: |
-              Source10: almalinuxsecurebootca0.cer
-              Source11: almalinuxsecurebootca0.cer
-        count: 1
-      - target: "spec"
-        find: |
+
               %ifarch x86_64 aarch64
               %define secureboot_ca_0 %{SOURCE10}
               %define secureboot_key_0 %{SOURCE13}
               %define pesign_name_0 redhatsecureboot501
               %endif
-        replace: |
-              %define secureboot_ca_0 %{SOURCE10}
-              %define secureboot_ca_1 %{SOURCE11}
-              %define secureboot_ca_2 %{SOURCE11}
 
-              %define secureboot_key_0 %{SOURCE10}
-              %define pesign_name_0 almalinuxsecurebootca0
+              %ifarch s390x
+              %define secureboot_ca_0 %{SOURCE10}
+              %define secureboot_key_0 %{SOURCE14}
+              %define pesign_name_0 redhatsecureboot302
+              %endif
+
+              %ifarch ppc64le
+              %define secureboot_ca_0 %{SOURCE16}
+              %define secureboot_key_0 %{SOURCE15}
+              %define pesign_name_0 redhatsecureboot701
+              %endif
+              %endif
+        replace: |
+              Source10: almalinuxsecurebootca0.cer
+              Source11: almalinuxsecureboot0.cer
+              %define secureboot_ca_0  %{SOURCE10}
+              %define secureboot_key_0 %{SOURCE11}
+              %define pesign_name_0 almalinuxsecureboot0
         count: 1
       - target: "spec"
         find: |
@@ -164,19 +171,6 @@ actions:
   - delete_line:
       - target: "spec"
         lines:
-          - |
-             %ifarch s390x
-             %define secureboot_ca_0 %{SOURCE10}
-             %define secureboot_key_0 %{SOURCE14}
-             %define pesign_name_0 redhatsecureboot302
-             %endif
-          - |
-             %ifarch ppc64le
-             %define secureboot_ca_0 %{SOURCE16}
-             %define secureboot_key_0 %{SOURCE15}
-             %define pesign_name_0 redhatsecureboot701
-             %endif
-             %endif
           - |
             if [ "$KernelExtension" == "gz" ]; then
                   gzip -f9 $SignImage
diff --git a/files/almalinuxsecureboot0.cer b/files/almalinuxsecureboot0.cer
new file mode 100644
index 0000000000000000000000000000000000000000..e6bb9db458dcdd38c1d601a5160ce8464ad028e0
GIT binary patch
literal 999
zcmXqLVt#DU#B_QAGZP~dlSq=$x3`I_j%l#2FGy70?o}0&^C`xFmyJ`a&7<u*FC!y2
zD}zCfp{jv0T!@oVOsqIHxwI&=q|zZVCpR%CGq1ElFTW_=P{BZsjX9KsOIX|yDDDFi
zSMU#3aLX^vOGzxr%+E7aG>`|WU>24@s0aobma5>CpI@Tj>}Vh-&TC|9U~Ft?Xklb&
zVh|<HYYgNXSwgu6g@$SdDqur+WU(6(oSB}NnTK!=4^HP0=P!dMMkVAhVPs`sZerwT
z0E%-lH8C<WEZZ7vnwP#}ZBI`6%E}aj=2*X?OWuz}HVaQNm9>5{Q*3?l-?<XejdnUq
zKCHAY&Ji(*UCnNE>gr~{?8kbg0b5t?lBx5kIj7}g65w>>_kj-vx$A0zuP(QmrG2<v
zyYkg>u2<Dx8luytRn|sj?tZ28M{A<_`Nco3O8PJ=EB{FN@kev^zl`gfdUYihiuIj{
z<jR*lo4|4=%{|g8^7WU!lM;Ve`1D@LUJy3t*T=8!ig)Z2=j5$;7xE+5W~Q=d_Jeh&
zZ#D;QWIvGby)*K~%=00)SLqdObmx7Z=#;R#ckgG*<8$`h3lX%@o6_{CzocB^=Kk%)
zHz&_I5k3Dwje(7^RF{JIoySbfj0}v6D-6mEcz_WjE6m9FpM}YQ!GI6M;|K9rn3>oc
z48%ZuRS=)YfQyYon~jl`m7ST{Ko%s<$0Eie@_$b83%6N8)15EgoM>+NBkWY&gl=$>
zkyU1qFc51HIoS8|=e1RqCd=#0HZEQp>z27>$v)(`0j5`A+%Ph@OKKIL-ult%`<1Av
z5-(2v5nVsM&G$=Ot<n*eNsTTs7N?kZ@@;?hSS~mCSVaEWr5A<g*@f^%nL8ZeT$Z$9
z>(U)hQd!P8?3PlTo-)sP<I&6QPXqm~Z<0*Bw;<xx`@Tst=T_`dJQ7tFm$bI1J}dE4
z^`)cduiTGjs9*CUcth!`gj5sJ__C?DisVG6#~pbmz3ZjsWO4Pa)71XE8a{jO`Rn@(
z<ztQ#VmF2NEZ^4qdX+=g@kcSP_B!dm`yy}U*)IAcd_z=pO6xrR4<=kYmcQJW%>C%)
z%GRv~6F;VMvx!~hPrProZ&#m`UU0&*YmVC)`!Achh~HyQ{q4DbyFt~aQ_2ejlC}W=
DeSwFp

literal 0
HcmV?d00001