Use relative path to certs directory, use ""

Fixes reading PEM with trusted keys (for some reason...)
2025-02-24 02:52:55 +00:00 · 2019-11-19 16:37:20 +03:00 · 2019-11-19 16:37:20 +03:00 · a71dd0a80d
commit a71dd0a80d
parent 32ae7451b8
1 changed files with 4 additions and 4 deletions
--- a/kernel.spec
+++ b/kernel.spec
@ -11,7 +11,7 @@
 %define sublevel	11

 # Release number. Increase this before a rebuild.
-%define rpmrel		3
+%define rpmrel		4
 %define fullrpmrel	%{rpmrel}

 %define rpmtag		%{disttag}
@ -85,7 +85,7 @@
 # Manual control of creating and deleting keys
 # "rnd" is "random" and means that a key pair is generated at build time
 # and is not saved anywhere.
-%define certs_dir_rnd %{src_dir}/certs_%{vendor}_rnd
+%define certs_dir_rnd certs
 %define certs_signing_key_rnd %{certs_dir_rnd}/signing_key.pem
 %define certs_key_config_rnd %{certs_dir_rnd}/x509.genkey
 %define certs_public_keys %{certs_dir_rnd}/public.pem
@ -791,10 +791,10 @@ echo CONFIG_MODULE_SIG_ALL=y >> .config
 # Use SHA-512 algo
 echo CONFIG_MODULE_SIG_SHA512=y >> .config
 # Set path to the key that will be generated later by openssl
-echo CONFIG_MODULE_SIG_KEY="%{certs_signing_key_rnd}" >> .config
+echo CONFIG_MODULE_SIG_KEY=\"%{certs_signing_key_rnd}\" >> .config
 # Set path to one PEM file with all keys that the kernel must trust
 sed -i '/CONFIG_SYSTEM_TRUSTED_KEYS/d' .config
-echo CONFIG_SYSTEM_TRUSTED_KEYS="%{certs_public_keys}" >> .config
+echo CONFIG_SYSTEM_TRUSTED_KEYS=\"%{certs_public_keys}\" >> .config
 # Reserve area for inserting a certificate without recompiling
 sed -i '/CONFIG_SYSTEM_EXTRA_CERTIFICATE/d' .config
 echo CONFIG_SYSTEM_EXTRA_CERTIFICATE=y >> .config