91-sbctl.install: sbctl sign missing -s flag, signed kernels not saved to database
Description:
In contrib/kernel-install/91-sbctl.install, the add case calls:
sbctl sign "$IMAGE_FILE" 1>/dev/null1
The -s flag is missing. As a result, kernels are signed during installation but never saved to sbctl's database. They do not appear in sbctl verify output and will not be resigned by sbctl sign-all on future operations.
Note: this is specific to contrib/kernel-install/91-sbctl.install. The installkernel hook already correctly uses sbctl sign -s.
Fix:
sbctl sign -s "$IMAGE_FILE" 1>/dev/null
Environment:
sbctl 0.18
Fedora 43, grub2 default install
91-sbctl.install: sbctl sign missing -s flag, signed kernels not saved to database
Description:
In contrib/kernel-install/91-sbctl.install, the add case calls:
sbctl sign "$IMAGE_FILE" 1>/dev/null1The -s flag is missing. As a result, kernels are signed during installation but never saved to sbctl's database. They do not appear in sbctl verify output and will not be resigned by sbctl sign-all on future operations.
Note: this is specific to contrib/kernel-install/91-sbctl.install. The installkernel hook already correctly uses sbctl sign -s.
Fix:
sbctl sign -s "$IMAGE_FILE" 1>/dev/nullEnvironment:
sbctl 0.18
Fedora 43, grub2 default install