23b0639b8c
- set timestamp of PE file to time of the binary the signature was made for. - make sure cert.o get's rebuilt for each target - Update microsoft.asc: shim signed by UEFI signing service, based on code from "Wed Aug 28 15:54:38 UTC 2013" OBS-URL: https://build.opensuse.org/request/show/197604 OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=42
23 lines
382 B
Bash
23 lines
382 B
Bash
#!/bin/bash
|
|
# attach ascii armored signature to a PE binary
|
|
set -e
|
|
|
|
infile="$1"
|
|
if [ -z "$infile" -o ! -e "$infile" ]; then
|
|
echo "USAGE: $0 file.efi"
|
|
exit 1
|
|
fi
|
|
|
|
outfile="${infile%.efi}-unsigned.efi"
|
|
|
|
nssdir=`mktemp -d`
|
|
cleanup()
|
|
{
|
|
rm -r "$nssdir"
|
|
}
|
|
trap cleanup EXIT
|
|
echo > "$nssdir/pw"
|
|
certutil -f "$nssdir/pw" -d "$nssdir" -N
|
|
|
|
pesign -n "$nssdir" -r -i "$infile" -o "$outfile"
|