harald/VerityBook
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

prepare-root.sh: add dbxtool, shim, audit tweaks

Browse source
This commit is contained in:
Harald Hoyer 2018-10-23 14:16:56 +02:00
parent ca335b1137
commit 88405feecc
1 changed files with 28 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
prepare-root.sh
View file

@ -682,6 +682,34 @@ if [[ -f "$sysroot"/etc/fwupd/uefi.conf ]]; then
"$sysroot"/etc/fwupd/uefi.conf
fi
#---------------
# Disable dbxtool
if [[ -f "$sysroot"/usr/lib/systemd/system/dbxtool.service ]]; then
systemctl --root="$sysroot" disable dbxtool
fi
#---------------
# Tweak auditd.service
if [[ -f "$sysroot"/usr/lib/systemd/system/auditd.service ]]; then
sed -i -e 's%^ExecStartPost=-/sbin/augenrules%#ExecStartPost=-/sbin/augenrules%' \
-e 's%^#ExecStartPost=-/sbin/auditctl%ExecStartPost=-/sbin/auditctl%' \
"$sysroot"/usr/lib/systemd/system/auditd.service
chroot "$sysroot" augenrules
fi
#---------------
# remove the shim
for i in /boot/efi/EFI/BOOT/BOOTX64.EFI \
/boot/efi/EFI/BOOT/fbx64.efi \
/boot/efi/EFI/fedora/BOOTX64.CSV \
/boot/efi/EFI/fedora/mmx64.efi \
/boot/efi/EFI/fedora/shimx64-fedora.efi \
/boot/efi/EFI/fedora/shimx64.efi \
/boot/efi/EFI/fedora/shim.efi \
; do
rm -f "$sysroot/$i"
done
#---------------
# CA
chroot "$sysroot" update-ca-trust