mirror of
https://github.com/Bandie/grub2-signing-extension.git
synced 2024-04-01 15:51:26 +00:00
37 lines
605 B
Bash
Executable File
37 lines
605 B
Bash
Executable File
#!/bin/bash
|
|
# grub2-sign
|
|
# Signs everything important in /boot. Depends on grub2-verify.
|
|
# Author: Bandie
|
|
# Licence: GNU-GPLv3
|
|
|
|
function sign(){
|
|
for f in $(find /boot -iname "efi" -prune -o -type f -print)
|
|
do
|
|
if gpg --detach-sign $f
|
|
then
|
|
echo $f signed.
|
|
else
|
|
return 1
|
|
fi
|
|
done
|
|
return 0
|
|
}
|
|
|
|
|
|
# Running grub2-verify first to prevent bad people and double signing
|
|
echo "Running grub2-verify to check if everything is unsigned..." >&2
|
|
grub-verify
|
|
if (( $? < 2 )); then
|
|
echo "Run grub2-unsign first." >&2
|
|
exit 1
|
|
fi
|
|
|
|
|
|
if ! sign
|
|
then
|
|
sign
|
|
else
|
|
echo -e "\nDone!"
|
|
fi
|
|
|