redhat: spec: prepare to defer signing to image composition

Shawn Dohertyrequested to merge
shawn_doherty/kernel-ark:RHEL-78808 into os-build

JIRA: https://issues.redhat.com/browse/RHEL-78808

Upstream Status: RHEL-only

Enable the configuration to add an extra certificate to the kernel
keyring later. This is intended for atomic images (e.g, ostree), that
are target specific, to sign their modules when composing an image for
that target using an existing kernel RPM.

Disable kernel signing, as the signature would be invalidated by adding
extra certificates at image composition.

The build generated key used to sign the modules will be in the keyring,
so images using packages can still use: dnf install _kernel-or-module-rpm
and enforce signature verification. Atomic images signing their modules
at composition will add an extra certificate, re-sign the modules and
potentially wipe or invalidate the existing build key.

Signed-off-by: Shawn Doherty sdoherty@redhat.com

Edited by Shawn Doherty

Merge request reports