Mini Shell

# macros for use with pesign
#
# this makes it possible to invoke your build as:
# rpmbuild --define 'pe_signing_token test2' --define "pe_signing_cert signing key for test2" -ba shim.spec
# and then in the spec do:
# %pesign -s -i shim.orig -o shim.efi
# And magically get the right thing.

%__pesign_token %{nil}%{?pe_signing_token:--token "%{pe_signing_token}"}
%__pesign_cert %{!?pe_signing_cert:"Red Hat Test Certificate"}%{?pe_signing_cert:"%{pe_signing_cert}"}

%__pesign_client_token %{!?pe_signing_token:"OpenSC Card (Fedora Signer)"}%{?pe_signing_token:"%{pe_signing_token}"}
%__pesign_client_cert %{!?pe_signing_cert:"/CN=Fedora Secure Boot Signer"}%{?pe_signing_cert:"%{pe_signing_cert}"}

%_pesign /usr/bin/pesign
%_pesign_client /usr/bin/pesign-client

# -i <input filename>
# -o <output filename>
# -C <output cert filename>
# -e <output sattr filename>
# -c <input certificate filename>	# rhel only
# -n <input certificate name>		# rhel only
# -a <input ca cert filename>		# rhel only
# -s 					# perform signing
%pesign(i:o:C:e:c:n:a:s)						\
  %{_libexecdir}/pesign/pesign-rpmbuild-helper				\\\
    "%{_target_cpu}"							\\\
    "%{_pesign}"							\\\
    "%{_pesign_client}"							\\\
    %{?__pesign_client_token:--client-token %{__pesign_client_token}}	\\\
    %{?__pesign_client_cert:--client-cert %{__pesign_client_cert}}	\\\
    %{?__pesign_token:%{__pesign_token}}				\\\
    %{?__pesign_cert:--cert %{__pesign_cert}}				\\\
    %{?_buildhost:--hostname "%{_buildhost}"}				\\\
    %{?vendor:--vendor "%{vendor}"}					\\\
    %{?rhel:--rhelver "%{rhel}"}					\\\
    %{?centos:--rhelver "%{centos}"}					\\\
    %{?-n:--rhelcert %{-n*}}%{?!-n:--rhelcert %{__pesign_cert}}	\\\
    %{?-a:--rhelcafile "%{-a*}"}					\\\
    %{?-c:--rhelcertfile "%{-c*}"}					\\\
    %{?-C:--certout "%{-C*}"}						\\\
    %{?-e:--sattrout "%{-e*}"}						\\\
    %{?-i:--in "%{-i*}"}						\\\
    %{?-o:--out "%{-o*}"}						\\\
    %{?-s:--sign}							\\\
    ;									\
%{nil}