mkrelease.sh: add UEFI signing
This commit is contained in:
Harald Hoyer
parent
edee679f34
commit
6036c0d2ba
47
mkrelease.sh
47
mkrelease.sh
|
|
@ -1,11 +1,58 @@
|
|||
#!/bin/bash -ex
|
||||
|
||||
usage() {
|
||||
cat << EOF
|
||||
Usage: $PROGNAME [OPTION]
|
||||
|
||||
-h, --help Display this help
|
||||
--certdir DIR Use DIR as certification CA for EFI signing
|
||||
EOF
|
||||
}
|
||||
|
||||
TEMP=$(
|
||||
getopt -o '' \
|
||||
--long certdir: \
|
||||
--long help \
|
||||
-- "$@"
|
||||
)
|
||||
|
||||
if (( $? != 0 )); then
|
||||
usage >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
eval set -- "$TEMP"
|
||||
unset TEMP
|
||||
|
||||
while true; do
|
||||
case "$1" in
|
||||
'--certdir')
|
||||
CERTDIR="$(readlink -e $2)"
|
||||
shift 2; continue
|
||||
;;
|
||||
'--help')
|
||||
usage
|
||||
exit 0
|
||||
;;
|
||||
'--')
|
||||
shift
|
||||
break
|
||||
;;
|
||||
*)
|
||||
echo 'Internal error!' >&2
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
JSON="$(realpath -e $1)"
|
||||
BASEDIR="${JSON%/*}"
|
||||
IMAGE="${BASEDIR}/$(jq -r '.name' ${JSON})-$(jq -r '.version' ${JSON})"
|
||||
|
||||
(
|
||||
cd "$IMAGE"
|
||||
pesign -c DB -s ${CERTDIR:+--certdir $CERTDIR} -i bootx64.efi -o bootx64-signed.efi
|
||||
mv bootx64-signed.efi bootx64.efi
|
||||
[[ -f sha512sum.txt ]] || sha512sum * > sha512sum.txt
|
||||
[[ -f sha512sum.txt.sig ]] || gpg2 --detach-sign sha512sum.txt
|
||||
)
|
||||
|
|
|
|||
Loading…
Reference in a new issue