2015-03-16 19:38:36 +00:00
|
|
|
#!/bin/bash
|
|
|
|
|
# grub2-unsign
|
|
|
|
|
# Unsigns every file in /boot. Depends on grub2-verify
|
2018-01-12 20:46:55 +00:00
|
|
|
# Author: Bandie
|
2015-03-16 19:38:36 +00:00
|
|
|
# Licence: GNU-GPLv3
|
|
|
|
|
|
2015-03-17 06:23:23 +00:00
|
|
|
# Check if something is wrong
|
2018-03-22 12:34:56 +00:00
|
|
|
grub2-verify
|
|
|
|
|
stat=$?
|
|
|
|
|
if (( $stat == 1 ))
|
|
|
|
|
then
|
2018-01-12 20:46:55 +00:00
|
|
|
printf '%s\n' "grub2-verify has detected a one or more bad signatures." "Please check for malicious software before you're unsigning everything!" >&2
|
|
|
|
|
exit 1
|
2018-03-22 12:34:56 +00:00
|
|
|
elif (( $stat == 2 ))
|
|
|
|
|
then
|
|
|
|
|
printf 'Everything is unsigned already.\n'
|
|
|
|
|
exit 0
|
|
|
|
|
elif (( $stat == 3 ))
|
|
|
|
|
then
|
|
|
|
|
printf 'Ignoring missing signatures...\n'
|
|
|
|
|
else
|
|
|
|
|
printf 'Something unknown happened!\n'
|
|
|
|
|
exit 99
|
2015-03-16 19:38:36 +00:00
|
|
|
fi
|
2015-03-17 06:23:23 +00:00
|
|
|
|
|
|
|
|
# Then remove the signatures.
|
2015-12-29 20:26:53 +00:00
|
|
|
find /boot -name '*.sig' -exec rm -- '{}' +
|
|
|
|
|
|
2015-03-17 06:23:23 +00:00
|
|
|
echo "GRUB2 unsigned. WARNING: If you want to deactivate GRUB2's signature feature, change the check_signatures variable in the headers file!"
|
2015-03-17 06:54:03 +00:00
|
|
|
exit 0
|
