#!/bin/bash
# grub2-verify
# Checks the signatures of every file which is has a signature in /boot.
# Author: Bandie Kojote
# Licence: GNU-GPLv3

errorcounter=0
c=0
echo "Checks signature in /boot..."  
for i in `find /boot -name "*.sig"` 
do 
    gpg --verify-files $i > /dev/null 2>&1
    if [ $? -ne 0 ]
    then
        ((errorcounter++))
        files[$errorcounter]=$i
    fi
    ((c++))
done

if [ $c -eq 0 ]
then
    echo "Nothing to verify."
    exit 2
fi

echo -ne "There has been "
if [ $errorcounter -eq 0 ]
then
    echo -ne "\e[1;32mno\e[0m"
else
    echo -ne "\e[1;31m$errorcounter\e[0m"
fi
if [ $errorcounter -eq 1 ]
then
    echo " bad signature."
else
    echo " bad signatures."
fi

if [ $errorcounter -gt 0 ]
then
    for(( i=1; i<=${#files[@]}; i++))
    do
        echo "BAD signature: ${files[$i]}"
    done
    exit 1
else
    exit 0
fi