dd00d3c666
- don't include binary in the sources. Instead package the raw signature and attach it during build (bnc#813448). OBS-URL: https://build.opensuse.org/request/show/186534 OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=32
24 lines
432 B
Bash
24 lines
432 B
Bash
#!/bin/bash
|
|
# attach ascii armored signature to a PE binary
|
|
set -e
|
|
|
|
sig="$1"
|
|
infile="$2"
|
|
if [ -z "$sig" -o ! -e "$sig" -o -z "$infile" -o ! -e "$infile" ]; then
|
|
echo "USAGE: $0 sig.asc file.efi"
|
|
exit 1
|
|
fi
|
|
|
|
outfile="${infile%.efi}-signed.efi"
|
|
|
|
nssdir=`mktemp -d`
|
|
cleanup()
|
|
{
|
|
rm -r "$nssdir"
|
|
}
|
|
trap cleanup EXIT
|
|
echo > "$nssdir/pw"
|
|
certutil -f "$nssdir/pw" -d "$nssdir" -N
|
|
|
|
pesign -n "$nssdir" -m "$sig" -i "$infile" -o "$outfile"
|