grub2-signing-extension/sbin/grub-sign

37 lines
605 B
Bash
Executable File

#!/bin/bash
# grub2-sign
# Signs everything important in /boot. Depends on grub2-verify.
# Author: Bandie
# Licence: GNU-GPLv3
function sign(){
for f in $(find /boot -iname "efi" -prune -o -type f -print)
do
if gpg --detach-sign $f
then
echo $f signed.
else
return 1
fi
done
return 0
}
# Running grub2-verify first to prevent bad people and double signing
echo "Running grub2-verify to check if everything is unsigned..." >&2
grub-verify
if (( $? < 2 )); then
echo "Run grub2-unsign first." >&2
exit 1
fi
if ! sign
then
sign
else
echo -e "\nDone!"
fi