shim/strip_signature.sh

#!/bin/bash
# attach ascii armored signature to a PE binary
set -e

infile="$1"
if [ -z "$infile" -o ! -e "$infile" ]; then
	echo "USAGE: $0 file.efi"
	exit 1
fi

outfile="${infile%.efi}-unsigned.efi"

nssdir=`mktemp -d`
cleanup()
{
	rm -r "$nssdir"
}
trap cleanup EXIT
echo > "$nssdir/pw"
certutil -f "$nssdir/pw" -d "$nssdir" -N

pesign -n "$nssdir" -r -i "$infile" -o "$outfile"
Accepting request 197604 from home:lnussel:branches:devel:openSUSE:Factory - set timestamp of PE file to time of the binary the signature was made for. - make sure cert.o get's rebuilt for each target - Update microsoft.asc: shim signed by UEFI signing service, based on code from "Wed Aug 28 15:54:38 UTC 2013" OBS-URL: https://build.opensuse.org/request/show/197604 OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=42 2013-09-09 05:29:33 +02:00			`#!/bin/bash`
			`# attach ascii armored signature to a PE binary`
			`set -e`

			`infile="$1"`
			`if [ -z "$infile" -o ! -e "$infile" ]; then`
			`echo "USAGE: $0 file.efi"`
			`exit 1`
			`fi`

			`outfile="${infile%.efi}-unsigned.efi"`

			nssdir=`mktemp -d`
			`cleanup()`
			`{`
			`rm -r "$nssdir"`
			`}`
			`trap cleanup EXIT`
			`echo > "$nssdir/pw"`
			`certutil -f "$nssdir/pw" -d "$nssdir" -N`

			`pesign -n "$nssdir" -r -i "$infile" -o "$outfile"`