#!/bin/bash
# grub2-update-kernel-signature
# Renews the signature in /boot/.
# Author: Bandie
# Licence: GNU-GPLv3

function sign(){
  for f in `find /boot -maxdepth 1 -type f`
  do
    if gpg --detach-sign $f
    then
      echo $f signed.
    else
      return 1
    fi
  done
  if gpg --detach-sign "/boot/grub/grub.cfg"
  then
    echo /boot/grub/grub.cfg signed.
  else
    return 1
  fi
  return 0
}


shred --remove=unlink /boot/*.sig
shred --remove=unlink /boot/grub/grub.cfg.sig

if ! sign
then
  sign
fi
