mirror of
https://github.com/Bandie/grub2-signing-extension.git
synced 2024-04-01 15:51:26 +00:00
52 lines
1.1 KiB
Bash
Executable File
52 lines
1.1 KiB
Bash
Executable File
#!/bin/bash
|
|
# grub2-verify
|
|
# Checks the signatures of every file which is has a signature in /boot.
|
|
# Author: Bandie
|
|
# Licence: GNU-GPLv3
|
|
|
|
red=$(tput setaf 1)
|
|
green=$(tput setaf 2)
|
|
normal=$(tput sgr0)
|
|
|
|
all_files=( )
|
|
error_files=( )
|
|
|
|
# Signature check part + error counter + file counter + file list
|
|
|
|
echo "Checking signatures in /boot..." >&2
|
|
while IFS= read -r -d '' i; do
|
|
if ! gpg --verify-files "$i" >/dev/null 2>&1; then
|
|
error_files+=( "$i" )
|
|
fi
|
|
all_files+=( "$i" )
|
|
done < <(find /boot -name "*.sig" -print0)
|
|
|
|
# Nothing to verify? Exit 2.
|
|
if (( ${#all_files[@]} == 0 )); then
|
|
echo "Nothing to verify." >&2
|
|
exit 2
|
|
fi
|
|
|
|
# Message
|
|
printf '%s' 'Found ' >&2
|
|
if (( ${#error_files} == 0 )); then
|
|
printf '%s' "$green" "no" "$normal" >&2
|
|
else
|
|
printf '%s' "$red" "${#error_files[@]}" "$normal" >&2
|
|
fi
|
|
if (( ${#error_files[@]} == 1 )); then
|
|
echo " bad signature." >&2
|
|
else
|
|
echo " bad signatures." >&2
|
|
fi
|
|
|
|
# File list and exit codes
|
|
if (( ${#error_files[@]} > 0 )); then
|
|
printf 'BAD signature: %s\n' "${error_files[@]}"
|
|
exit 1
|
|
else
|
|
exit 0
|
|
fi
|
|
|
|
exit 99
|