File project.diff of Package grub2

--- grub2.spec.orig
+++ grub2.spec
@@ -188,6 +188,8 @@ Source16:       grub2-xen-pv-firmware.cf
 Source17:       grub2-systemd-sleep.sh
 Source18:       grub2-check-default.sh
 Source19:       grub2-instdev-fixup.pl
+Source20:       openSUSE-UEFI-SIGN-Certificate-20210202.crt
+Source21:       SLES-UEFI-SIGN-Certificate-20210225.crt
 Source1000:     PATCH_POLICY
 Patch1:         rename-grub-info-file-to-grub2.patch
 Patch2:         grub2-linux.patch
@@ -964,6 +966,15 @@ if [ "%{platform}" = "ieee1275" ]; then
         # for kernel verification
         projectcert="%{_sourcedir}/_projectcert.crt"
         openssl x509 -in "$projectcert" -outform DER -out grub.der
+        extracert=""
+        # This is an unofficial build, make it possible to boot official kernels from
+        # SLE (SLE, Leap) or Factory (Tumbleeweed)
+        %if 0%{?suse_version} > 1500
+            openssl x509 -in "%{SOURCE20}" -outform DER -out extra.der
+        %else
+            openssl x509 -in "%{SOURCE21}" -outform DER -out extra.der
+        %endif
+        extracert="-x extra.der"
         cat > %{platform}-config <<'EOF'
 set root=memdisk
 set prefix=($root)/
@@ -1079,7 +1090,7 @@ if [ -n "$prefix" ]; then
 fi
 EOF
         %{__tar} cvf memdisk.tar ./grub.cfg
-        ./grub-mkimage -O %{grubarch} -o grub.elf -d grub-core -x grub.der -m memdisk.tar \
+        ./grub-mkimage -O %{grubarch} -o grub.elf -d grub-core -x grub.der $extracert -m memdisk.tar \
             -c %{platform}-config -s sbat.csv --appended-signature-size %brp_pesign_reservation ${GRUB_MODULES}
         ls -l "grub.elf"
         truncate -s -%brp_pesign_reservation "grub.elf"
openSUSE Build Service is sponsored by