Include DER cert in deb and refactor Makefile

debian.package/Makefile

@@ -11,14 +11,16 @@ uefi-boot-metadata-collect-agent.deb: uefi-boot-metadata-collect-agent/boot/efi/
 	dpkg-deb --build uefi-boot-metadata-collect-agent || rm -fv $@
 
 include dracut-conf-template.mk
-uefi-boot-metadata-collect-agent/boot/efi/uefi-boot-metadata-collect-agent.efi: db.crt db.key db.cer
+uefi-boot-metadata-collect-agent/boot/efi/uefi-boot-metadata-collect-agent.efi: db.crt db.key db.cer uefi-boot-metadata-collect-agent/boot/efi/secboot.cer
 	mkdir -p /tmp/dracut-empty
-	mkdir -m 700 -p uefi-boot-metadata-collect-agent/boot/efi
 	echo "$${dracut_conf}" > dracut.conf
 	sudo dracut -c dracut.conf --confdir /tmp/dracut-empty --uefi-output $@
 	sudo chmod 755 $@
 	rm -rfv /tmp/dracut-empty
 
+uefi-boot-metadata-collect-agent/boot/efi/secboot.cer: db.cer
+	cp -fv db.cer $@
+
 db.crt db.key:
 	openssl req -newkey rsa:4096 -nodes -keyout db.key -new -x509 -sha256 -days 3650 -subj "/CN=Nexedi's UEFI Signature Database key/" -out db.crt
 
@@ -26,4 +28,4 @@ db.cer:
 	openssl x509 -outform DER -in db.crt -out db.cer
 
 clean:
-	rm -rfv uefi-boot-metadata-collect-agent.deb dracut.conf db.key db.crt db.cer uefi-boot-metadata-collect-agent/boot
\ No newline at end of file
+	rm -fv uefi-boot-metadata-collect-agent.deb dracut.conf db.key db.crt db.cer uefi-boot-metadata-collect-agent/boot/efi/uefi-boot-metadata-collect-agent.efi uefi-boot-metadata-collect-agent/boot/efi/secboot.cer
\ No newline at end of file