From b7ef1302715bead649625666f92eff434082de1f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Zegan?= Date: Wed, 26 Oct 2022 18:10:38 +0200 Subject: [PATCH] fix(modsign): load keys to correct keyring Until now, 03modsign module was loading keys from /lib/modules/keys/* into the current session keyring. This change makes it add keys to the secondary trusted keyring. This works only as long as added certificate is signed by key from the same keyring. --- modules.d/03modsign/load-modsign-keys.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules.d/03modsign/load-modsign-keys.sh b/modules.d/03modsign/load-modsign-keys.sh index a042c08aa2..a489067cbc 100755 --- a/modules.d/03modsign/load-modsign-keys.sh +++ b/modules.d/03modsign/load-modsign-keys.sh @@ -7,5 +7,5 @@ for x in /lib/modules/keys/*; do [ "${x}" = "/lib/modules/keys/*" ] && break - keyctl padd asymmetric "" @s < "${x}" + keyctl padd asymmetric "" %:.secondary_trusted_keys < "${x}" done