Bug 1087847 - The staging certificate in shim conflicted with the same one in kernel-source
The staging certificate in shim conflicted with the same one in kernel-source
Classification: openSUSE
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Bootloader
Other Other
: P5 - None : Normal (vote)
: ---
Assigned To: Gary Ching-Pang Lin
Jiri Srain
Depends on:
  Show dependency treegraph
Reported: 2018-04-03 09:00 UTC by Gary Ching-Pang Lin
Modified: 2020-10-16 10:25 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Gary Ching-Pang Lin 2018-04-03 09:00:42 UTC
When shim is built in the staging project, it will install the staging certificate to /etc/uefi/certs. Since the naming policy is to cut the first 8 hex of the sha1 checksum of the certificate, if the kernel is also built in the same staging project, both shim and kernel would install the same staging certificate to /etc/uefi/certs and the file conflict happens.

We can avoid the conflict by adding a suffix, say "-shim", to the certificate installed by shim.

NOTE: It won't happen in the release project since shim only contains the official CA certificate while the kernel contains the official SIGN certificate.
Comment 1 Gary Ching-Pang Lin 2018-04-10 06:54:21 UTC
The fix was merged. Close this bug.
Comment 2 Swamp Workflow Management 2019-05-14 10:10:22 UTC
This is an autogenerated message for OBS integration:
This bug (1087847) was mentioned in
https://build.opensuse.org/request/show/702795 Factory / shim