mirror of
https://github.com/Bandie/grub2-signing-extension.git
synced 2024-04-01 15:51:26 +00:00
Renaming script names: grub2-.* to grub-.*, including grub.cfg for update-kernel-signature
This commit is contained in:
97
sbin/grub-verify
Executable file
97
sbin/grub-verify
Executable file
@ -0,0 +1,97 @@
|
||||
#!/bin/bash
|
||||
# grub2-verify
|
||||
# Checks the signatures of every file which is has a signature in /boot.
|
||||
# Author: Bandie
|
||||
# Licence: GNU-GPLv3
|
||||
|
||||
red=$(tput setaf 1)
|
||||
green=$(tput setaf 2)
|
||||
normal=$(tput sgr0)
|
||||
|
||||
all_files=( )
|
||||
error_files=( )
|
||||
missing_files=( )
|
||||
|
||||
# Signature check part + error counter + file counter + file list
|
||||
|
||||
echo "Checking signatures in /boot..." >&2
|
||||
while IFS= read -r -d '' i
|
||||
do
|
||||
if ! gpg --verify-files "$i" >/dev/null 2>&1
|
||||
then
|
||||
error_files+=( "$i" )
|
||||
fi
|
||||
all_files+=( "$i" )
|
||||
done < <(find /boot -type f -name "*.sig" -print0)
|
||||
|
||||
echo "Checking missing signatures in /boot..." >&2
|
||||
while IFS= read -r -d '' i
|
||||
do
|
||||
if test ! -f ${i}.sig
|
||||
then
|
||||
missing_files+=( "$i" )
|
||||
fi
|
||||
done < <(find /boot -type f -not -name "*.sig" -print0)
|
||||
|
||||
# Nothing to verify? Exit 2.
|
||||
if (( ${#all_files[@]} == 0 ))
|
||||
then
|
||||
echo "Nothing to verify." >&2
|
||||
exit 2
|
||||
fi
|
||||
|
||||
# Message signatures
|
||||
printf '%s' 'Found ' >&2
|
||||
if (( ${#error_files} == 0 ))
|
||||
then
|
||||
printf '%s' "$green" "no" "$normal" >&2
|
||||
else
|
||||
printf '%s' "$red" "${#error_files[@]}" "$normal" >&2
|
||||
fi
|
||||
if (( ${#error_files[@]} == 1 ))
|
||||
then
|
||||
echo " bad signature." >&2
|
||||
else
|
||||
echo " bad signatures." >&2
|
||||
fi
|
||||
|
||||
# Message missing
|
||||
printf '%s' 'Found ' >&2
|
||||
if (( ${#missing_files} == 0 ))
|
||||
then
|
||||
printf '%s' "$green" "no" "$normal" >&2
|
||||
else
|
||||
printf '%s' "$red" "${#missing_files[@]}" "$normal" >&2
|
||||
fi
|
||||
if (( ${#missing_files[@]} == 1 ))
|
||||
then
|
||||
echo " missing signature." >&2
|
||||
else
|
||||
echo " missing signatures." >&2
|
||||
fi
|
||||
|
||||
|
||||
|
||||
# File list
|
||||
if (( ${#error_files[@]} > 0 ))
|
||||
then
|
||||
printf 'BAD signature: %s\n' "${error_files[@]}"
|
||||
fi
|
||||
|
||||
if (( ${#missing_files[@]} > 0 ))
|
||||
then
|
||||
printf 'MISSING signatures: %s\n' "${missing_files[@]}"
|
||||
fi
|
||||
|
||||
# Exit codes
|
||||
if (( ${#error_files[@]} > 0 ))
|
||||
then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if (( ${#missing_files[@]} > 0 ))
|
||||
then
|
||||
exit 3
|
||||
fi
|
||||
|
||||
exit 0
|
||||
Reference in New Issue
Block a user