Current problem (if any)

Qubes is introducing a secure boot signing meethod:

• mock: bind mount qubes-pesign socket on build QubesOS/qubes-builderv2#77

Proposed solution

Unfortunately, it appears to be very user specific the key name (to restrict to a specific key) and other user specific configuration of which files the key is stored in:

• Dom0: /etc/qubes/policy.d/*.policy
• dvm-qubes-builder-pesign: /usr/local/etc/default/qubes-pesign
• vault-pesign: /home/user/.config/qubes-pesign/CERT_NICKNAME

The value to a user, and who that user might be

Automate as much as Qubes Bulder V2 setup as possible, leave as little as possible for users and developers to configure to avoid errors.