On Wed, 15 Jul 2020 17:01:07 -0000
"Mikhail Gavrilov" <mikhail.v.gavrilov(a)gmail.com> wrote:
Who knows how to configure mock to build the kernel locally?
I need to test some upstream patches, but I discovered that
currently, I could not build kernel locally because of pesign not
working in the mock environment. I do not want to use koji because I
have enough power PC at home with Ryzen 3950X. Here I filled bug
report
https://bugzilla.redhat.com/show_bug.cgi?id=1855836 but no one
answers me.
I build a custom kernel, and sign it using pesign with a locally
generated key, but using rpmbuild, not mock. However, what isn't clear
from your description, and my unfamiliarity with the mock build
process, is whether you have a local signing key installed in your EFI
public key database. If you don't, I don't think it can work. The
private key that kernels are signed with when they are official Fedora
kernels resides on the Fedora infrastructure. It is *not* going to be
transferred to your local machine as that would be a severe security
breach (it would no longer be a valid private key). So, I think you
need to create a key pair on your local machine, and install the public
key in the EFI database on your local machine.