mirror of
https://github.com/Bandie/grub2-signing-extension.git
synced 2024-04-01 15:51:26 +00:00
Comments and words.
This commit is contained in:
Bandie Kojote
@ -4,6 +4,8 @@
|
||||
# Author: Bandie Kojote
|
||||
# Licence: GNU-GPLv3
|
||||
|
||||
|
||||
# Running grub2-verify first to prevent double signing
|
||||
echo "Running grub2-verify to check if everything is unsigned..."
|
||||
grub2-verify
|
||||
if [ $? -lt 2 ]
|
||||
@ -12,15 +14,21 @@ then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
||||
# Ask for passphrase
|
||||
echo -n "Passphrase: "
|
||||
stty -echo
|
||||
read pp
|
||||
stty echo
|
||||
echo -e "\n"
|
||||
|
||||
|
||||
# Find GRUB2 datas
|
||||
for i in `find /boot -name "*.cfg" -or -name "*.lst" -or \
|
||||
-name "*.mod" -or -name "vmlinuz*" -or -name "initrd*" -or \
|
||||
-name "grubenv" -or -name "*.asc" -or -name "*.pf2"`;
|
||||
do
|
||||
# Signing
|
||||
echo $pp | gpg --batch --detach-sign --passphrase-fd 0 $i
|
||||
if [ $? -eq 0 ]
|
||||
then
|
||||
@ -30,4 +38,6 @@ do
|
||||
break
|
||||
fi
|
||||
done
|
||||
pp=`cat /dev/urandom | tr -dc 'a-zA-Z0-9-!@#$%^&*()_+~' | fold -w 96 | head -n 1`
|
||||
|
||||
# Shredding passphrase
|
||||
pp=`cat /dev/urandom | tr -dc 'a-zA-Z0-9-!@#$%^&*()_+~' | fold -w ${#pp} | head -n 1`
|
||||
|
||||
@ -4,14 +4,18 @@
|
||||
# Author: Bandie Kojote
|
||||
# Licence: GNU-GPLv3
|
||||
|
||||
# Check if something is wrong
|
||||
grub2-verify
|
||||
if [ $? -eq 1 ]
|
||||
then
|
||||
echo -e "grub2-verify has detected a one or more bad signatures.\nPlease check for malicious software before you're unsigning everything!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
||||
# Then remove the signatures.
|
||||
for i in `find /boot -name "*.sig"`
|
||||
do
|
||||
rm $i
|
||||
done
|
||||
echo "GRUB2 unsigned."
|
||||
echo "GRUB2 unsigned. WARNING: If you want to deactivate GRUB2's signature feature, change the check_signatures variable in the headers file!"
|
||||
|
||||
@ -5,7 +5,11 @@
|
||||
# Licence: GNU-GPLv3
|
||||
|
||||
errorcounter=0
|
||||
c=0
|
||||
filecounter=0
|
||||
|
||||
|
||||
# Signature check part + error counter + file counter + file list
|
||||
|
||||
echo "Checking signatures in /boot..."
|
||||
for i in `find /boot -name "*.sig"`
|
||||
do
|
||||
@ -15,15 +19,19 @@ do
|
||||
((errorcounter++))
|
||||
files[$errorcounter]=$i
|
||||
fi
|
||||
((c++))
|
||||
((filecounter++))
|
||||
done
|
||||
|
||||
if [ $c -eq 0 ]
|
||||
# Nothing to verify? Exit 2.
|
||||
if [ $filecounter -eq 0 ]
|
||||
then
|
||||
echo "Nothing to verify."
|
||||
exit 2
|
||||
fi
|
||||
|
||||
|
||||
|
||||
# Message
|
||||
|
||||
echo -ne "There has been "
|
||||
if [ $errorcounter -eq 0 ]
|
||||
then
|
||||
@ -38,6 +46,10 @@ else
|
||||
echo " bad signatures."
|
||||
fi
|
||||
|
||||
|
||||
|
||||
# File list and exit codes
|
||||
|
||||
if [ $errorcounter -gt 0 ]
|
||||
then
|
||||
for(( i=1; i<=${#files[@]}; i++))
|
||||
|
||||
Reference in New Issue
Block a user