#!/bin/bash # grub2-verify # Checks the signatures of every file which is has a signature in /boot. # Author: Bandie Kojote # Licence: GNU-GPLv3 red=$(tput setaf 1) green=$(tput setaf 2) normal=$(tput sgr0) all_files=( ) error_files=( ) # Signature check part + error counter + file counter + file list echo "Checking signatures in /boot..." >&2 while IFS= read -r -d '' i; do if ! gpg --verify-files "$i" >/dev/null 2>&1; then error_files+=( "$i" ) fi all_files+=( "$i" ) done < <(find /boot -name "*.sig" -print0) # Nothing to verify? Exit 2. if (( ${#all_files[@]} == 0 )); then echo "Nothing to verify." >&2 exit 2 fi # Message printf '%s' 'Found ' >&2 if (( ${#error_files} == 0 )); then printf '%s' "$green" "no" "$normal" >&2 else printf '%s' "$red" "${#error_files[@]}" "$normal" >&2 fi if (( ${#error_files[@]} == 1 )); then echo " bad signature." >&2 else echo " bad signatures." >&2 fi # File list and exit codes if (( ${#error_files[@]} > 0 )); then printf 'BAD signature: %s\n' "${error_files[@]}" exit 1 else exit 0 fi exit 99