[Bug 1201066] kernel upgrade fails with Failed to enroll new keys
https://bugzilla.suse.com/show_bug.cgi?id=1201066 https://bugzilla.suse.com/show_bug.cgi?id=1201066#c24 --- Comment #24 from Kilian Hanich <khanich.opensource@gmx.de> --- (In reply to Joey Lee from comment #23)
(In reply to Kilian Hanich from comment #22)
(In reply to Joey Lee from comment #20)
How about change the kernel scripts? To avoid the "255" return value to expose:
suse-module-tools/kernel-scriptlets/cert-script ... # XXX: Only call mokutil if UEFI and shim are used for cert in $certs; do cert="/etc/uefi/certs/${cert}.crt" run_mokutil --import "$cert" --root-pw ${MOK_ARGS} rc=$? if [ $rc != 0 ] ; then script_rc=$rc # hide 255 here? echo "Failed to import $cert" >&2 fi done
I'd do it like this:
# XXX: Only call mokutil if UEFI and shim are used and if efivarfs is mounted readable mount | grep efivarfs | grep -E '\(.*,?ro,?.*\)' if [ $? == 0 ] ; then for cert in $certs; do cert="/etc/uefi/certs/${cert}.crt" run_mokutil --import "$cert" --root-pw ${MOK_ARGS} rc=$? if [ $rc != 0 ] ; then script_rc=$rc echo "Failed to import $cert" >&2 fi done fi
I agree.
Will you send the change to https://github.com/openSUSE/suse-module-tools.git ?
Sure, but I will try this first locally if it works in practice. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com