Script fixing...
This commit is contained in:
parent
75cbe05aa5
commit
8a2d80f1c5
GPG Key ID:
4E4ADD02609997B1
|
|
@ -1,6 +1,6 @@
|
|||
#!/bin/bash
|
||||
echo "[+] Updating Grub...";
|
||||
update-grub;
|
||||
/usr/sbin/update-grub;
|
||||
/usr/share/ubuntu-system-adjustments/systemd/start;
|
||||
sign-boot;
|
||||
/usr/local/sbin/sign-boot;
|
||||
echo "[*] Grub Update Complete!";
|
||||
|
|
|
|||
|
|
@ -0,0 +1,28 @@
|
|||
#!/bin/sh
|
||||
REREQ=""
|
||||
|
||||
prereqs()
|
||||
{
|
||||
echo "$PREREQ"
|
||||
}
|
||||
|
||||
error_exit()
|
||||
{
|
||||
echo "[ERROR] $1"
|
||||
exit 1
|
||||
}
|
||||
|
||||
case $1 in
|
||||
prereqs)
|
||||
prereqs
|
||||
exit 0
|
||||
;;
|
||||
esac
|
||||
|
||||
. /usr/share/initramfs-tools/hook-functions
|
||||
|
||||
echo "> Grub File Signing...";
|
||||
/usr/share/ubuntu-system-adjustments/systemd/start;
|
||||
/usr/local/sbin/sign-boot;
|
||||
echo "> Completed Signing.";
|
||||
exit 0;
|
||||
|
|
@ -0,0 +1,26 @@
|
|||
#! /bin/sh
|
||||
set -e
|
||||
|
||||
which update-grub >/dev/null 2>&1 || exit 0
|
||||
|
||||
if type systemd-detect-virt >/dev/null 2>&1 &&
|
||||
systemd-detect-virt --quiet --container; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
set -- $DEB_MAINT_PARAMS
|
||||
mode="${1#\'}"
|
||||
mode="${mode%\'}"
|
||||
case $0:$mode in
|
||||
# Only run on postinst configure and postrm remove, to avoid wasting
|
||||
# time by calling update-grub multiple times on upgrade and removal.
|
||||
# Also run if we have no DEB_MAINT_PARAMS, in order to work with old
|
||||
# kernel packages.
|
||||
*/postinst.d/*:|*/postinst.d/*:configure|*/postrm.d/*:|*/postrm.d/*:remove)
|
||||
if [ -e /boot/grub/grub.cfg ]; then
|
||||
exec /usr/local/sbin/grub-update
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
|
||||
exit 0
|
||||
|
|
@ -0,0 +1,26 @@
|
|||
#! /bin/sh
|
||||
set -e
|
||||
|
||||
which update-grub >/dev/null 2>&1 || exit 0
|
||||
|
||||
if type systemd-detect-virt >/dev/null 2>&1 &&
|
||||
systemd-detect-virt --quiet --container; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
set -- $DEB_MAINT_PARAMS
|
||||
mode="${1#\'}"
|
||||
mode="${mode%\'}"
|
||||
case $0:$mode in
|
||||
# Only run on postinst configure and postrm remove, to avoid wasting
|
||||
# time by calling update-grub multiple times on upgrade and removal.
|
||||
# Also run if we have no DEB_MAINT_PARAMS, in order to work with old
|
||||
# kernel packages.
|
||||
*/postinst.d/*:|*/postinst.d/*:configure|*/postrm.d/*:|*/postrm.d/*:remove)
|
||||
if [ -e /boot/grub/grub.cfg ]; then
|
||||
exec /usr/local/sbin/grub-update
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
|
||||
exit 0
|
||||
|
|
@ -0,0 +1,7 @@
|
|||
#!/bin/sh
|
||||
|
||||
case $1 in
|
||||
pre)
|
||||
/usr/local/sbin/boot-verify-sign
|
||||
;;
|
||||
esac
|
||||
|
|
@ -0,0 +1,121 @@
|
|||
#!/usr/bin/perl
|
||||
|
||||
# Copyright 2011 Ben Hutchings
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
||||
|
||||
use strict;
|
||||
use warnings;
|
||||
|
||||
use DebianLinux qw(version_cmp image_list);
|
||||
|
||||
sub usage {
|
||||
my $fh = shift;
|
||||
print $fh (<< "EOT");
|
||||
Usage: $0 compare VERSION1 OP VERSION2
|
||||
$0 sort [--reverse] [VERSION1 VERSION2 ...]
|
||||
$0 list [--paths]
|
||||
|
||||
The version arguments should be kernel version strings as shown by
|
||||
'uname -r' and used in filenames.
|
||||
|
||||
The valid comparison operators are: lt le eq ge gt
|
||||
EOT
|
||||
}
|
||||
|
||||
sub usage_error {
|
||||
usage(*STDERR{IO});
|
||||
exit 2;
|
||||
}
|
||||
|
||||
sub compare_versions {
|
||||
my %op_map = qw(lt < le <= eq == ge >= gt >);
|
||||
|
||||
# Check arguments
|
||||
if (@_ != 3) {
|
||||
usage_error();
|
||||
}
|
||||
my ($left, $op, $right) = @_;
|
||||
if (!exists($op_map{$op})) {
|
||||
usage_error();
|
||||
}
|
||||
|
||||
my $sign = version_cmp($left, $right);
|
||||
exit !eval("$sign ${op_map{$op}} 0");
|
||||
}
|
||||
|
||||
sub sort_versions {
|
||||
# Check for --reverse option
|
||||
my $sign = 1;
|
||||
if (@_ >= 1 and $_[0] eq '--reverse') {
|
||||
$sign = -1;
|
||||
shift;
|
||||
}
|
||||
|
||||
# Collect versions from argv or stdin (with optional suffix after a space)
|
||||
my @versions;
|
||||
if (@_) {
|
||||
@versions = map({[$_, "\n"]} @_);
|
||||
} else {
|
||||
while (<STDIN>) {
|
||||
/^([^ \n]*)(.*\n?)$/ or die;
|
||||
push @versions, [$1, $2];
|
||||
}
|
||||
}
|
||||
|
||||
for (sort({version_cmp($a->[0], $b->[0]) * $sign} @versions)) {
|
||||
print @$_;
|
||||
}
|
||||
exit 0;
|
||||
}
|
||||
|
||||
sub list_versions {
|
||||
my $show_paths;
|
||||
|
||||
if (@_ == 1 and $_[0] eq '--paths') {
|
||||
$show_paths = 1;
|
||||
} elsif (@_ != 0) {
|
||||
usage_error();
|
||||
}
|
||||
my $sig = '.sig';
|
||||
for (image_list()) {
|
||||
my ($version, $path) = @$_;
|
||||
unless ($path =~ /\Q$sig\E$/) {
|
||||
if ($show_paths) {
|
||||
print "$version $path\n";
|
||||
} else {
|
||||
print "$version\n";
|
||||
}
|
||||
}
|
||||
}
|
||||
exit 0;
|
||||
}
|
||||
|
||||
if (@ARGV == 0) {
|
||||
usage_error();
|
||||
}
|
||||
|
||||
my $command = shift;
|
||||
if ($command eq 'help' or grep({$_ eq '--help'} $command, @ARGV)) {
|
||||
usage(*STDOUT{IO});
|
||||
exit 0;
|
||||
} elsif ($command eq 'compare') {
|
||||
compare_versions(@ARGV);
|
||||
} elsif ($command eq 'sort') {
|
||||
sort_versions(@ARGV);
|
||||
} elsif ($command eq 'list') {
|
||||
list_versions(@ARGV);
|
||||
}
|
||||
usage_error();
|
||||
14
sign-boot
14
sign-boot
|
|
@ -7,28 +7,28 @@ echo "[*] Preparing to sign!";
|
|||
#read -s pwd;
|
||||
#echo -n "$pwd" > /dev/shm/sb-passpwd.txt;
|
||||
echo "[-] BMOK Un-Signing...";
|
||||
for i in $(find /boot/grub -iname "*.efi" -type f -print)
|
||||
for i in $(/usr/bin/find /boot/grub -iname "*.efi" -type f -print)
|
||||
do
|
||||
echo $i;
|
||||
sbattach --remove $i;
|
||||
/usr/bin/sbattach --remove $i;
|
||||
done;
|
||||
echo "[+] BMOK Signing...";
|
||||
for i in $(find /boot/grub -iname "*.efi" -type f -print)
|
||||
for i in $(/usr/bin/find /boot/grub -iname "*.efi" -type f -print)
|
||||
do
|
||||
echo $i;
|
||||
sbsign --key /cert/BMOK.priv --cert /cert/BMOK.pem $i --output $i;
|
||||
/usr/bin/sbsign --key /cert/BMOK.priv --cert /cert/BMOK.pem $i --output $i;
|
||||
done;
|
||||
echo "[-] Un-Signing...";
|
||||
#-iname "efi" -prune -o
|
||||
for i in $(find /boot -iname "*.sig" -type f -print)
|
||||
for i in $(/usr/bin/find /boot -iname "*.sig" -type f -print)
|
||||
do
|
||||
rm "$i";
|
||||
done;
|
||||
echo "[+] Signing...";
|
||||
for i in $(find /boot -iname "grubenv" -prune -o -iname "boot-tainted" -prune -o -type f -print)
|
||||
for i in $(/usr/bin/find /boot -iname "grubenv" -prune -o -iname "boot-tainted" -prune -o -type f -print)
|
||||
do
|
||||
echo $i;
|
||||
gpg --batch --detach-sign $i;
|
||||
/usr/bin/gpg --batch --detach-sign $i;
|
||||
#gpg -v --batch --detach-sign --passphrase-fd 0 $i < \
|
||||
# /dev/shm/sb-passpwd.txt;
|
||||
done;
|
||||
|
|
|
|||
Loading…
Reference in New Issue