mirror of
https://git.proxmox.com/git/efi-boot-shim
synced 2025-11-01 12:03:14 +00:00
de3def7f53
Only include the hashes for the architecture we're building for - no point in adding bloat and delay here. Add a script "block_signed_deb" to scan a set of .deb files, extract the hashes for .efi binaries and list them in the format wanted for the dbx hashes file. Split out the code to use that file from the rules file into a separate helper.
28 lines
664 B
Bash
Executable File
28 lines
664 B
Bash
Executable File
#!/bin/sh
|
|
#
|
|
# Helper script - generate a DBX file for inclusion into a shim build
|
|
#
|
|
# Takes an input file (e.g. debian-dbx.hashes) with data in the form
|
|
#
|
|
# <hex-encoded sha256 checksums> <arch>
|
|
#
|
|
# and generates a siglist of the hashes for just the architecture we
|
|
# want. No point including all the hashes for all the arches, it just
|
|
# bloats things and slows things down.
|
|
|
|
set -e
|
|
|
|
ARCH=$1
|
|
IN=$2
|
|
OUT=$3
|
|
|
|
rm -f $OUT
|
|
for HASH in $(grep -E "[[:xdigit:]]{32} $ARCH" < $IN | \
|
|
awk '{print $1}' | sort | uniq); do
|
|
echo " Adding $HASH to dbx list"
|
|
efisiglist -o $OUT -a -h $HASH
|
|
done
|
|
|
|
# If we have an empty hashes file, create an empty DBX file
|
|
touch $OUT
|