Excluding the EFI directory. Fixes #10

2021-02-13 13:54:17 +01:00 · 2021-02-13 13:54:17 +01:00 · 4b42d088eb
parent d04a4e5151
commit 4b42d088eb
3 changed files with 4 additions and 4 deletions
--- a/sbin/grub-sign
+++ b/sbin/grub-sign
@ -5,7 +5,7 @@
 # Licence: GNU-GPLv3

 function sign(){
-  for f in `find /boot -type f`
+  for f in $(find /boot -iname "efi" -prune -o -type f -print)
  do
    if gpg --detach-sign $f
    then
--- a/sbin/grub-unsign
+++ b/sbin/grub-unsign
@ -21,7 +21,7 @@ case "$stat" in
 	;&
 0|3)	
  # Then remove the signatures.
-  find /boot -name '*.sig' -exec rm {} +
+  find /boot -iname "efi" -prune -o -name '*.sig' -exec rm {} +

  echo "GRUB2 unsigned. WARNING: If you want to deactivate GRUB2's signature feature, change the check_signatures variable in the headers file!"
  exit 0
--- a/sbin/grub-verify
+++ b/sbin/grub-verify
@ -22,7 +22,7 @@ do
        error_files+=( "$i" )
    fi
    all_files+=( "$i" )
-done < <(find /boot -type f -name "*.sig" -print0)
+done < <(find /boot -iname "efi" -prune -o -type f -name "*.sig" -print0)

 echo "Checking missing signatures in /boot..." >&2
 while IFS= read -r -d '' i
@ -31,7 +31,7 @@ do
    then
        missing_files+=( "$i" )
    fi
-done < <(find /boot -type f -not -name "*.sig" -print0)
+done < <(find /boot -iname "efi" -prune -o -type f -not -name "*.sig" -print0)

 # Nothing to verify? Exit 2.
 if (( ${#all_files[@]} == 0 ))