Comment # 60 on bug 1189841 from Martin Wilck

Michal, your new scripts cause mokutil to be called not only for the -ueficert
package, but also for oridnary kernel packages (rpm-script calls cert-script).

This causes errors on non-UEFI systems:

> post name: kernel-default version: 5.3.18 release: 21.1.gafe7c6c kernelrelease: 5.3.18-21.gafe7c6c flavor: default variant:  usrmerged: 0 image: vmlinuz certs: 1245A689 -- 2
> Triggering purge-kernels
> wm2 --add-kernel 5.3.18-21.gafe7c6c-default
> cert post ca-check: 1 certs: 1245A689  -- 2
> EFI variables are not supported on this system
> mokutil --import /etc/uefi/certs/1245A689.crt --root-pw
> EFI variables are not supported on this system
> Failed to import /etc/uefi/certs/1245A689.crt
> warning: %post(kernel-default-5.3.18-21.1.gafe7c6c.x86_64) scriptlet failed, exit status 1

I suggest adding something like this to cert-script:

> if ! mokutil --sb-state 2>/dev/null; then
>     exit 0
> fi

mokutil --sb-state succeeds on uefi systems (with and without SB) whereas it
fails on BIOS systems.

Ok?