Script fixing...

grub-update

@@ -1,6 +1,6 @@
 #!/bin/bash
 echo "[+] Updating Grub...";
-update-grub;
+/usr/sbin/update-grub;
 /usr/share/ubuntu-system-adjustments/systemd/start;
-sign-boot;
+/usr/local/sbin/sign-boot;
 echo "[*] Grub Update Complete!";

initramfs-tools-hooks/zzz-sign-grub.sh

@@ -0,0 +1,28 @@
+#!/bin/sh
+REREQ=""
+
+prereqs()
+{
+    echo "$PREREQ"
+}
+
+error_exit()
+{
+    echo "[ERROR] $1"
+    exit 1
+}
+
+case $1 in
+    prereqs)
+        prereqs
+        exit 0
+    ;;
+esac
+
+. /usr/share/initramfs-tools/hook-functions
+
+echo "> Grub File Signing...";
+/usr/share/ubuntu-system-adjustments/systemd/start;
+/usr/local/sbin/sign-boot;
+echo "> Completed Signing.";
+exit 0;

kernel-hooks/postinst.d/zzz-sign-grub

@@ -0,0 +1,26 @@
+#! /bin/sh
+set -e
+
+which update-grub >/dev/null 2>&1 || exit 0
+
+if type systemd-detect-virt >/dev/null 2>&1 &&
+   systemd-detect-virt --quiet --container; then
+        exit 0
+fi
+
+set -- $DEB_MAINT_PARAMS
+mode="${1#\'}"
+mode="${mode%\'}"
+case $0:$mode in
+    # Only run on postinst configure and postrm remove, to avoid wasting
+    # time by calling update-grub multiple times on upgrade and removal.
+    # Also run if we have no DEB_MAINT_PARAMS, in order to work with old
+    # kernel packages.
+    */postinst.d/*:|*/postinst.d/*:configure|*/postrm.d/*:|*/postrm.d/*:remove)
+        if [ -e /boot/grub/grub.cfg ]; then
+                exec /usr/local/sbin/grub-update
+        fi
+        ;;
+esac
+
+exit 0

kernel-hooks/postrm.d/zzz-sign-grub

@@ -0,0 +1,26 @@
+#! /bin/sh
+set -e
+
+which update-grub >/dev/null 2>&1 || exit 0
+
+if type systemd-detect-virt >/dev/null 2>&1 &&
+   systemd-detect-virt --quiet --container; then
+        exit 0
+fi
+
+set -- $DEB_MAINT_PARAMS
+mode="${1#\'}"
+mode="${mode%\'}"
+case $0:$mode in
+    # Only run on postinst configure and postrm remove, to avoid wasting
+    # time by calling update-grub multiple times on upgrade and removal.
+    # Also run if we have no DEB_MAINT_PARAMS, in order to work with old
+    # kernel packages.
+    */postinst.d/*:|*/postinst.d/*:configure|*/postrm.d/*:|*/postrm.d/*:remove)
+        if [ -e /boot/grub/grub.cfg ]; then
+                exec /usr/local/sbin/grub-update
+        fi
+        ;;
+esac
+
+exit 0

lib-systemd-system-sleep/grub-vs

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+case $1 in
+  pre)
+    /usr/local/sbin/boot-verify-sign
+    ;;
+esac

linux-version

@@ -0,0 +1,121 @@
+#!/usr/bin/perl
+
+# Copyright 2011 Ben Hutchings
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+
+use strict;
+use warnings;
+
+use DebianLinux qw(version_cmp image_list);
+
+sub usage {
+    my $fh = shift;
+    print $fh (<< "EOT");
+Usage: $0 compare VERSION1 OP VERSION2
+       $0 sort [--reverse] [VERSION1 VERSION2 ...]
+       $0 list [--paths]
+
+The version arguments should be kernel version strings as shown by
+'uname -r' and used in filenames.
+
+The valid comparison operators are: lt le eq ge gt
+EOT
+}
+
+sub usage_error {
+    usage(*STDERR{IO});
+    exit 2;
+}
+
+sub compare_versions {
+    my %op_map = qw(lt < le <= eq == ge >= gt >);
+
+    # Check arguments
+    if (@_ != 3) {
+	usage_error();
+    }
+    my ($left, $op, $right) = @_;
+    if (!exists($op_map{$op})) {
+	usage_error();
+    }
+
+    my $sign = version_cmp($left, $right);
+    exit !eval("$sign ${op_map{$op}} 0");
+}
+
+sub sort_versions {
+    # Check for --reverse option
+    my $sign = 1;
+    if (@_ >= 1 and $_[0] eq '--reverse') {
+	$sign = -1;
+	shift;
+    }
+
+    # Collect versions from argv or stdin (with optional suffix after a space)
+    my @versions;
+    if (@_) {
+	@versions = map({[$_, "\n"]} @_);
+    } else {
+	while (<STDIN>) {
+	    /^([^ \n]*)(.*\n?)$/ or die;
+	    push @versions, [$1, $2];
+	}
+    }
+
+    for (sort({version_cmp($a->[0], $b->[0]) * $sign} @versions)) {
+	print @$_;
+    }
+    exit 0;
+}
+
+sub list_versions {
+    my $show_paths;
+
+    if (@_ == 1 and $_[0] eq '--paths') {
+	$show_paths = 1;
+    } elsif (@_ != 0) {
+	usage_error();
+    }
+    my $sig = '.sig';
+    for (image_list()) {
+	my ($version, $path) = @$_;
+        unless ($path =~ /\Q$sig\E$/) {
+	    if ($show_paths) {
+	        print "$version $path\n";
+	    } else {
+	        print "$version\n";
+	    }
+        }
+    }
+    exit 0;
+}
+
+if (@ARGV == 0) {
+    usage_error();
+}
+
+my $command = shift;
+if ($command eq 'help' or grep({$_ eq '--help'} $command, @ARGV)) {
+    usage(*STDOUT{IO});
+    exit 0;
+} elsif ($command eq 'compare') {
+    compare_versions(@ARGV);
+} elsif ($command eq 'sort') {
+    sort_versions(@ARGV);
+} elsif ($command eq 'list') {
+    list_versions(@ARGV);
+}
+usage_error();

sign-boot

@@ -7,28 +7,28 @@ echo "[*] Preparing to sign!";
 #read -s pwd;
 #echo -n "$pwd" > /dev/shm/sb-passpwd.txt;
 echo "[-] BMOK Un-Signing...";
-for i in $(find /boot/grub -iname "*.efi" -type f -print)
+for i in $(/usr/bin/find /boot/grub -iname "*.efi" -type f -print)
 do
   echo $i;
-  sbattach --remove $i;
+  /usr/bin/sbattach --remove $i;
 done;
 echo "[+] BMOK Signing...";
-for i in $(find /boot/grub -iname "*.efi" -type f -print)
+for i in $(/usr/bin/find /boot/grub -iname "*.efi" -type f -print)
 do
   echo $i;
-  sbsign --key /cert/BMOK.priv --cert /cert/BMOK.pem $i --output $i;
+  /usr/bin/sbsign --key /cert/BMOK.priv --cert /cert/BMOK.pem $i --output $i;
 done;
 echo "[-] Un-Signing...";
 #-iname "efi" -prune -o
-for i in $(find /boot -iname "*.sig" -type f -print)
+for i in $(/usr/bin/find /boot -iname "*.sig" -type f -print)
 do
   rm "$i";
 done;
 echo "[+] Signing...";
-for i in $(find /boot -iname "grubenv" -prune -o -iname "boot-tainted" -prune -o -type f -print)
+for i in $(/usr/bin/find /boot -iname "grubenv" -prune -o -iname "boot-tainted" -prune -o -type f -print)
 do
   echo $i;
-  gpg --batch --detach-sign $i;
+  /usr/bin/gpg --batch --detach-sign $i;
   #gpg -v --batch --detach-sign --passphrase-fd 0 $i < \
   #  /dev/shm/sb-passpwd.txt;
 done;