Update secure boot certs: ca0 as Source2, boot0 as Source1, drop centos certs

2026-03-08 23:12:32 +00:00 · 2026-03-08 23:12:32 +00:00 · 916ee0ccb8
commit 916ee0ccb8
parent 5877451b00
6 changed files with 4 additions and 7 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,11 +1,8 @@
 BOOTAA64.CSV
 BOOTX64.CSV
-centossecureboot201.cer
-centossecurebootca2.cer
 fbaa64.efi
 fbx64.efi
 mmaa64.efi
 mmx64.efi
 shimaa64.efi
 shimx64.efi
-SOURCES/almalinuxsecurebootca0.cer
--- a/almalinuxsecureboot0.cer
+++ b/almalinuxsecureboot0.cer
--- a/almalinuxsecurebootca0.cer
+++ b/almalinuxsecurebootca0.cer
--- a/shim.rpmmacros
+++ b/shim.rpmmacros
@ -118,7 +118,7 @@ version signed by the UEFI signing service.				\
 	else									\
 		cp -av %{-d*}/%{-b*}%{-a*}.efi %{-b*}%{-a*}-unsigned.efi	\
 	fi									\
-	%{expand:%%sign -i %{-b*}%{-a*}-unsigned.efi -o %{-b*}%{-a*}-signed.efi -n centossecureboot201 -a %{SOURCE2} -c %{SOURCE1} } \
+	%{expand:%%sign -i %{-b*}%{-a*}-unsigned.efi -o %{-b*}%{-a*}-signed.efi -n almalinuxsecureboot0 -a %{SOURCE2} -c %{SOURCE1} } \
 	%{nil}

 # -a <efiarch>
--- a/shim.spec
+++ b/shim.spec
@ -16,7 +16,8 @@ ExclusiveArch:	%{efi}
 ExcludeArch:	%{arm} %{ix86}

 Source0:	shim.rpmmacros
-Source1:	almalinuxsecurebootca0.cer
+Source1:	almalinuxsecureboot0.cer
+Source2:	almalinuxsecurebootca0.cer
 Source5:	shim.conf

 # keep these two lists of sources synched up arch-wise.  That is 0 and 10
--- a/3
+++ b/3
@ -5,5 +5,4 @@ SHA512 (mmx64.efi) = 266f346b5acea659a74e2ec28d6ee652d06a6fc1f2219cbb8c8fe207628
 SHA512 (shimaa64.efi) = 4e959920d0f4da2075680a547b25283363fcd258d5ae911a0435aa43cc4db71f358293ac0c03414572d10e1623f9b7657f5ef53e91981175043676b77ffe6b04
 SHA512 (shimx64.efi) = c8ae4275b844f4237e76878ab335bb0949e7c5db68349b2e54f0e7e138d9e02de2bdcb4b3839ec106b095b15147974a74dedfd1ad296fab18ae5ade6414dc2d3
 SHA512 (BOOTAA64.CSV) = 2dfc78bee3d6e7f27cab8037ace24b9d62d2b3e5056751a32259d997fbaba5ef6015d6c50c842f29e2a31b94c3dc63476fb61803b25f504255c32c04a5a8255c
-SHA512 (BOOTX64.CSV) = 6566d163836a0da9caa31a14b41178a2cf82f96a751a3eff87dcdc0a40b1521b27b35bf7a1d5774e00f605e569f5be1a6baff7e00e3a93f5d6ca3844188034d3
-SHA512 (almalinuxsecurebootca0.cer) = 9190a7d5808d3f4181f0f868d07ba83368357a02970f40594e5ec880d33771d890c69f1dfd4ce6c2bc92e6e14217be1aebf7ecc045e6603032b50e33228763ae
+SHA512 (BOOTX64.CSV) = 6566d163836a0da9caa31a14b41178a2cf82f96a751a3eff87dcdc0a40b1521b27b35bf7a1d5774e00f605e569f5be1a6baff7e00e3a93f5d6ca3844188034d3