Bandie/grub2-signing-extension
1
0
Fork 0
mirror of https://github.com/Bandie/grub2-signing-extension.git synced 2024-04-01 15:51:26 +00:00
Code Issues Projects Releases Wiki Activity
Files
5cfea7218ffa68bb2c4131cb4275329b6fe1a530
grub2-signing-extension/sbin/grub2-sign
Bandie Kojote dfe955413b Additional exit codes added + better shredding
2015-03-17 07:54:03 +01:00

52 lines
1008 B
Bash
Raw Blame History

#!/bin/bash
# grub2-sign
# Signs everything important in /boot. Depends on grub2-verify.
# Author: Bandie Kojote
# Licence: GNU-GPLv3
# Running grub2-verify first to prevent double signing
echo "Running grub2-verify to check if everything is unsigned..."
grub2-verify
if [ $? -lt 2 ]
then
echo "Run grub2-unsign first."
exit 1
fi
# Ask for passphrase
echo -n "Passphrase: "
stty -echo
read pp
stty echo
echo -e "\n"
# Find GRUB2 datas
for i in `find /boot -name "*.cfg" -or -name "*.lst" -or \
-name "*.mod" -or -name "vmlinuz*" -or -name "initrd*" -or \
-name "grubenv" -or -name "*.asc" -or -name "*.pf2"`;
do
# Signing
echo $pp | gpg --batch --detach-sign --passphrase-fd 0 $i
if [ $? -eq 0 ]
then
echo "$i signed."
else
echo "ERROR!"
break
fi
done
# Shredding passphrase
echo "Shredding passphrase..."
for ( i=0; $i<10; i++ )
do
pp=`cat /dev/urandom | tr -dc 'a-zA-Z0-9-!@#$%^&*()_+~' | fold -w ${#pp} | head -n 1`
done
echo "Done!"
exit 0
Reference in New Issue View Git Blame Copy Permalink