File project.diff of Package grub2
--- grub2.spec.orig
+++ grub2.spec
@@ -188,6 +188,8 @@ Source16: grub2-xen-pv-firmware.cf
Source17: grub2-systemd-sleep.sh
Source18: grub2-check-default.sh
Source19: grub2-instdev-fixup.pl
+Source20: openSUSE-UEFI-SIGN-Certificate-20210202.crt
+Source21: SLES-UEFI-SIGN-Certificate-20210225.crt
Source1000: PATCH_POLICY
Patch1: rename-grub-info-file-to-grub2.patch
Patch2: grub2-linux.patch
@@ -964,6 +966,15 @@ if [ "%{platform}" = "ieee1275" ]; then
# for kernel verification
projectcert="%{_sourcedir}/_projectcert.crt"
openssl x509 -in "$projectcert" -outform DER -out grub.der
+ extracert=""
+ # This is an unofficial build, make it possible to boot official kernels from
+ # SLE (SLE, Leap) or Factory (Tumbleeweed)
+ %if 0%{?suse_version} > 1500
+ openssl x509 -in "%{SOURCE20}" -outform DER -out extra.der
+ %else
+ openssl x509 -in "%{SOURCE21}" -outform DER -out extra.der
+ %endif
+ extracert="-x extra.der"
cat > %{platform}-config <<'EOF'
set root=memdisk
set prefix=($root)/
@@ -1079,7 +1090,7 @@ if [ -n "$prefix" ]; then
fi
EOF
%{__tar} cvf memdisk.tar ./grub.cfg
- ./grub-mkimage -O %{grubarch} -o grub.elf -d grub-core -x grub.der -m memdisk.tar \
+ ./grub-mkimage -O %{grubarch} -o grub.elf -d grub-core -x grub.der $extracert -m memdisk.tar \
-c %{platform}-config -s sbat.csv --appended-signature-size %brp_pesign_reservation ${GRUB_MODULES}
ls -l "grub.elf"
truncate -s -%brp_pesign_reservation "grub.elf"