Comment # 24 on bug 1201066 from 
(In reply to Joey Lee from comment #23)
> (In reply to Kilian Hanich from comment #22)
> > (In reply to Joey Lee from comment #20)
> > > How about change the kernel scripts? To avoid the "255" return value to
> > > expose:
> > > 
> > > suse-module-tools/kernel-scriptlets/cert-script
> > > ...
> > >         # XXX: Only call mokutil if UEFI and shim are used
> > >         for cert in $certs; do
> > >             cert="/etc/uefi/certs/${cert}.crt"
> > >             run_mokutil --import "$cert" --root-pw ${MOK_ARGS}
> > >             rc=$?
> > >             if [ $rc != 0 ] ; then
> > >                 script_rc=$rc                 # hide 255 here?
> > >                 echo "Failed to import $cert" >&2
> > >             fi
> > >         done
> > 
> > I'd do it like this:
> > 
> > # XXX: Only call mokutil if UEFI and shim are used and if efivarfs is
> > mounted readable
> > mount | grep efivarfs | grep -E '\(.*,?ro,?.*\)'
> >     if [ $? == 0 ] ; then
> >         for cert in $certs; do
> >         cert="/etc/uefi/certs/${cert}.crt"
> >         run_mokutil --import "$cert" --root-pw ${MOK_ARGS}
> >         rc=$?
> >         if [ $rc != 0 ] ; then
> > 	    script_rc=$rc
> >             echo "Failed to import $cert" >&2
> >         fi
> >     done
> > fi
> 
> I agree. 
> 
> Will you send the change to
> https://github.com/openSUSE/suse-module-tools.git ?

Sure, but I will try this first locally if it works in practice.

You are receiving this mail because: