grub2-signing-extension/sbin/grub2-sign

#!/bin/bash
# grub2-sign
# Signs everything important in /boot. Depends on grub2-verify.
# Author: Bandie
# Licence: GNU-GPLv3

function sign(){
  for f in `find /boot -type f`
  do
    if gpg --detach-sign $f
    then
      echo $f signed.
    else
      return 1
    fi
  done
  return 0
}


# Running grub2-verify first to prevent bad people and double signing
echo "Running grub2-verify to check if everything is unsigned..." >&2
grub2-verify
if (( $? < 2 )); then
    echo "Run grub2-unsign first." >&2
    exit 1
fi


if ! sign
then
  sign
else
  echo -e "\nDone!"
fi
First commit and release. 2015-03-16 20:38:36 +01:00			`#!/bin/bash`
			`# grub2-sign`
			`# Signs everything important in /boot. Depends on grub2-verify.`
Using gpg's passphrase request; new script. 2018-01-12 21:46:55 +01:00			`# Author: Bandie`
First commit and release. 2015-03-16 20:38:36 +01:00			`# Licence: GNU-GPLv3`

Using gpg's passphrase request; new script. 2018-01-12 21:46:55 +01:00			`function sign(){`
			for f in `find /boot -type f`
			`do`
			`if gpg --detach-sign $f`
			`then`
			`echo $f signed.`
			`else`
			`return 1`
			`fi`
			`done`
			`return 0`
			`}`
Comments and words. 2015-03-17 07:23:23 +01:00
Using gpg's passphrase request; new script. 2018-01-12 21:46:55 +01:00
			`# Running grub2-verify first to prevent bad people and double signing`
Follow best practices for bash - Use native bash math where doing so improves readability. - Avoid illegal exit status codes (666 in impossible scenario). - Avoid useless use of cat (`cat foo \| bar` vs the more efficient `bar <foo`). - Avoid needless echo pipelines (`echo foo \| bar` vs `bar <<<"$foo"`). - Never use a for loop to iterate over output from `find`; `for` loops depend on string-splitting, which is only available with globbing behavior. See http://mywiki.wooledge.org/DontReadLinesWithFor - Use `read -s` to silence feedback rather than playing around with `stty`. - Use `tput` to retrieve color codes correct for the current terminal rather than assuming a terminal compatible with ANSI color codes. - Use a expression compatible with BSD `tr` in "passphrase-shredding" code. (BTW, I very much doubt that this code actually does any good; it's not a reasonable expectation that a new string assigned to a variable will actually be placed at the same location in memory). - Implementations of `echo` which do anything other than print `-e` on output when `echo -e` is run are nonconformant with the POSIX spec for echo. Similarly, `echo -n` behavior is not defined by the standard. Avoid relying on either of these. (See http://pubs.opengroup.org/onlinepubs/009604599/utilities/echo.html, particularly the APPLICATION USAGE section). - Always quote expansions to prevent string-splitting and glob-expansion (`"$i"`, not `$i`). - Avoid `some_command; if [ $? -eq 0 ]; then` when `if some_command; then` can be used instead. 2015-12-30 15:32:46 -06:00			`echo "Running grub2-verify to check if everything is unsigned..." >&2`
First commit and release. 2015-03-16 20:38:36 +01:00			`grub2-verify`
Follow best practices for bash - Use native bash math where doing so improves readability. - Avoid illegal exit status codes (666 in impossible scenario). - Avoid useless use of cat (`cat foo \| bar` vs the more efficient `bar <foo`). - Avoid needless echo pipelines (`echo foo \| bar` vs `bar <<<"$foo"`). - Never use a for loop to iterate over output from `find`; `for` loops depend on string-splitting, which is only available with globbing behavior. See http://mywiki.wooledge.org/DontReadLinesWithFor - Use `read -s` to silence feedback rather than playing around with `stty`. - Use `tput` to retrieve color codes correct for the current terminal rather than assuming a terminal compatible with ANSI color codes. - Use a expression compatible with BSD `tr` in "passphrase-shredding" code. (BTW, I very much doubt that this code actually does any good; it's not a reasonable expectation that a new string assigned to a variable will actually be placed at the same location in memory). - Implementations of `echo` which do anything other than print `-e` on output when `echo -e` is run are nonconformant with the POSIX spec for echo. Similarly, `echo -n` behavior is not defined by the standard. Avoid relying on either of these. (See http://pubs.opengroup.org/onlinepubs/009604599/utilities/echo.html, particularly the APPLICATION USAGE section). - Always quote expansions to prevent string-splitting and glob-expansion (`"$i"`, not `$i`). - Avoid `some_command; if [ $? -eq 0 ]; then` when `if some_command; then` can be used instead. 2015-12-30 15:32:46 -06:00			`if (( $? < 2 )); then`
			`echo "Run grub2-unsign first." >&2`
First commit and release. 2015-03-16 20:38:36 +01:00			`exit 1`
			`fi`

Comments and words. 2015-03-17 07:23:23 +01:00
Using gpg's passphrase request; new script. 2018-01-12 21:46:55 +01:00			`if ! sign`
			`then`
			`sign`
			`else`
			`echo -e "\nDone!"`
Follow best practices for bash - Use native bash math where doing so improves readability. - Avoid illegal exit status codes (666 in impossible scenario). - Avoid useless use of cat (`cat foo \| bar` vs the more efficient `bar <foo`). - Avoid needless echo pipelines (`echo foo \| bar` vs `bar <<<"$foo"`). - Never use a for loop to iterate over output from `find`; `for` loops depend on string-splitting, which is only available with globbing behavior. See http://mywiki.wooledge.org/DontReadLinesWithFor - Use `read -s` to silence feedback rather than playing around with `stty`. - Use `tput` to retrieve color codes correct for the current terminal rather than assuming a terminal compatible with ANSI color codes. - Use a expression compatible with BSD `tr` in "passphrase-shredding" code. (BTW, I very much doubt that this code actually does any good; it's not a reasonable expectation that a new string assigned to a variable will actually be placed at the same location in memory). - Implementations of `echo` which do anything other than print `-e` on output when `echo -e` is run are nonconformant with the POSIX spec for echo. Similarly, `echo -n` behavior is not defined by the standard. Avoid relying on either of these. (See http://pubs.opengroup.org/onlinepubs/009604599/utilities/echo.html, particularly the APPLICATION USAGE section). - Always quote expansions to prevent string-splitting and glob-expansion (`"$i"`, not `$i`). - Avoid `some_command; if [ $? -eq 0 ]; then` when `if some_command; then` can be used instead. 2015-12-30 15:32:46 -06:00			`fi`
Additional exit codes added + better shredding 2015-03-17 07:54:03 +01:00