Draft: redhat: switch the kernel package to use certs from system-sb-certs

Both redhat and centos are providing now the public certificates we use
for secure boot signing through the redhat-sb-certs or centos-sb-certs
packages. Those provides the system-sb-certs "virtual" package.

Thus don't carry anymore the copy of the same certificates inside the
kernel sources, instead switch to use the certificates provided by those
packages.

This will enable secure boot signing for centos too, as centos uses a
different set of certificates for signing and we were not using them
in the package yet.

With this change, we also drop the usage of the beta certificates and
the switch to the release certs: they aren't provided in the new scheme
of system-sb-certs and anyway eg. grub2 isn't including/using those
certs for signing. If there are still any switching of keys needed,
ideally this should be done with the package providing system-sb-certs.

While reviewing/doing this change, I also noted some missing signkernel
macro guards were missing in the spec, which I added. Also, in the
install part where we copy files to the kernel-doc package, I
consolidated the logic and added missing signkernel/signmodules guards,
with the existing code things would break if you disabled any of those
options.

v2: change pesign_name_0 for CentOS as reported by Brian Stinson

Signed-off-by: Herton R. Krzesinski herton@redhat.com
Signed-off-by: Prarit Bhargava prarit@redhat.com