From 82d771110c8cf81974c9864b1718fb70f4ab8725 Mon Sep 17 00:00:00 2001
From: Harald Hoyer <harald@redhat.com>
Date: Fri, 14 Sep 2018 12:43:15 +0200
Subject: [PATCH] mkrelease.sh: prevent double sign

---
 mkrelease.sh | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/mkrelease.sh b/mkrelease.sh
index 26c4c0a..8412a6b 100755
--- a/mkrelease.sh
+++ b/mkrelease.sh
@@ -73,8 +73,10 @@ IMAGE="${BASEDIR}/$(jq -r '.name' ${JSON})-$(jq -r '.version' ${JSON})"
             echo "Need --dbkey KEY --dbcrt CRT options"
             exit 1
         fi
-        sbsign --key "$DBKEY" --cert "$DBCRT" --output bootx64-signed.efi bootx64.efi
-        mv bootx64-signed.efi bootx64.efi
+        if ! sbverify --cert "$DBCRT" bootx64.efi &>/dev/null ; then
+            sbsign --key "$DBKEY" --cert "$DBCRT" --output bootx64-signed.efi bootx64.efi
+            mv bootx64-signed.efi bootx64.efi
+        fi
     fi
     [[ -f sha512sum.txt ]] || sha512sum * > sha512sum.txt
     [[ -f sha512sum.txt.sig ]] || gpg2 --detach-sign sha512sum.txt