#!/bin/bash
# grub2-unsign
# Unsigns every file in /boot. Depends on grub2-verify
# Author: Bandie 
# Licence: GNU-GPLv3

# Check if something is wrong
grub-verify
stat=$?
case "$stat" in
1)
  printf '%s\n' "grub2-verify has detected a one or more bad signatures." "Please check for malicious software before you're unsigning everything!" >&2
  exit 1
	;;
2)
  printf 'Everything is unsigned already.\n'
  exit 0
	;;
3)
  printf 'Ignoring missing signatures...\n'
	;&
0|3)	
  # Then remove the signatures.
  find /boot -name '*.sig' -exec rm {} +

  echo "GRUB2 unsigned. WARNING: If you want to deactivate GRUB2's signature feature, change the check_signatures variable in the headers file!"
  exit 0
	;;
*)
  printf 'Something unknown happened!\n'
  exit 99
esac