mirror of
https://github.com/terrapkg/packages.git
synced 2026-05-31 09:01:55 +00:00
* sbctl: Remove dependency on grubby postinst hook
Finally fix that one issue where sbctl won't sign automatically on
systemd-boot-based systems by simply just copying over the path hack
from the grubby postinst hook, now we just patch it instead
* Apply patch instead
* forgot to remove the source install
* generate appstream metainfo
* update patch
* update patch again
(cherry picked from commit 4545b0fc76)
Co-authored-by: Pornpipat Popum <cappy@cappuchino.xyz>
This commit is contained in:
Raboneko
@@ -1,41 +0,0 @@
|
||||
#!/usr/bin/sh
|
||||
# This file is part of sbctl.
|
||||
# Patched for Fedora, for the Terra repository
|
||||
|
||||
#shellcheck disable=SC2034
|
||||
# Enable xtrace if we're verbose
|
||||
if [ "${KERNEL_INSTALL_VERBOSE:-0}" = "1" ]; then
|
||||
set -x
|
||||
fi
|
||||
|
||||
ver=${1}
|
||||
img=${2}
|
||||
|
||||
|
||||
die() {
|
||||
echo -e " ${NOCOLOR-\e[1;31m*\e[0m }${*}" >&2
|
||||
exit 1
|
||||
}
|
||||
|
||||
einfo() {
|
||||
echo -e " ${NOCOLOR-\e[1;32m*\e[0m }${*}"
|
||||
}
|
||||
|
||||
main() {
|
||||
# re-define for subst to work
|
||||
[[ -n ${NOCOLOR+yes} ]] && NOCOLOR=
|
||||
einfo "Unregistering kernel file from sbctl"
|
||||
# do nothing if secureboot key directory doesn't exist
|
||||
if ! [ "$(sbctl setup --print-state --json | awk '/installed/ { gsub(/,$/,"",$2); print $2 }')" = "true" ]; then
|
||||
einfo "Secureboot key directory doesn't exist, not signing!"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
[[ ${EUID} -eq 0 ]] || die "Please run this script as root"
|
||||
|
||||
einfo "sbctl: Unregistering kernel $img"
|
||||
sbctl remove-file $img
|
||||
}
|
||||
|
||||
main
|
||||
|
||||
@@ -1,40 +0,0 @@
|
||||
#!/usr/bin/sh
|
||||
# This file is part of sbctl.
|
||||
# Patched for Fedora, for the Terra repository
|
||||
|
||||
#shellcheck disable=SC2034
|
||||
# Enable xtrace if we're verbose
|
||||
if [ "${KERNEL_INSTALL_VERBOSE:-0}" = "1" ]; then
|
||||
set -x
|
||||
fi
|
||||
|
||||
ver=${1}
|
||||
img=${2}
|
||||
|
||||
die() {
|
||||
echo -e " ${NOCOLOR-\e[1;31m*\e[0m }${*}" >&2
|
||||
exit 1
|
||||
}
|
||||
|
||||
einfo() {
|
||||
echo -e " ${NOCOLOR-\e[1;32m*\e[0m }${*}"
|
||||
}
|
||||
|
||||
main() {
|
||||
# re-define for subst to work
|
||||
[[ -n ${NOCOLOR+yes} ]] && NOCOLOR=
|
||||
einfo "Running kernel install script"
|
||||
# do nothing if secureboot key directory doesn't exist
|
||||
if ! [ "$(sbctl setup --print-state --json | awk '/installed/ { gsub(/,$/,"",$2); print $2 }')" = "true" ]; then
|
||||
einfo "Secureboot key directory doesn't exist, not signing!"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
[[ ${EUID} -eq 0 ]] || die "Please run this script as root"
|
||||
|
||||
einfo "sbctl: Signing kernel $img"
|
||||
sbctl sign -s $img
|
||||
}
|
||||
|
||||
main
|
||||
|
||||
+10
-12
@@ -1,17 +1,18 @@
|
||||
%global appid dev.linderud.sbctl
|
||||
%global appstream_component console-application
|
||||
%global patch_commit 14c4027270589b8d6f39cbca97569e6b13e40a05
|
||||
Name: sbctl
|
||||
Version: 0.18
|
||||
Release: 3%?dist
|
||||
Release: 4%?dist
|
||||
Summary: Secure Boot key manager
|
||||
|
||||
License: MIT
|
||||
URL: https://github.com/Foxboron/sbctl
|
||||
Source0: https://github.com/Foxboron/sbctl/releases/download/%{version}/sbctl-%{version}.tar.gz
|
||||
Patch1: https://github.com/Foxboron/sbctl/compare/master...%{patch_commit}.patch
|
||||
## Based on CachyOS's batch sign script
|
||||
# https://github.com/CachyOS/CachyOS-Settings/blob/master/usr/bin/sbctl-batch-sign
|
||||
Source1: %{name}-batch-sign
|
||||
# Downstream postinst hook
|
||||
Source2: 91-sbctl-sign
|
||||
Source3: 91-sbctl-rm
|
||||
|
||||
ExclusiveArch: %{golang_arches}
|
||||
|
||||
@@ -24,6 +25,7 @@ Recommends: systemd-udev
|
||||
BuildRequires: asciidoc
|
||||
BuildRequires: git
|
||||
BuildRequires: go-rpm-macros
|
||||
BuildRequires: anda-srpm-macros
|
||||
BuildRequires: pkgconfig(libpcsclite)
|
||||
|
||||
%description
|
||||
@@ -49,13 +51,9 @@ export GOPATH=%{_builddir}/go
|
||||
%make_install PREFIX=%{_prefix}
|
||||
install -Dm755 %{SOURCE1} -t %{buildroot}%{_bindir}
|
||||
|
||||
# This script is actually broken on Fedora
|
||||
rm -f %{buildroot}%{_prefix}/lib/kernel/install.d/91-sbctl.install
|
||||
# We don't want the Debian script
|
||||
rm -f %{buildroot}%{_prefix}/lib/kernel/postinst.d/91-sbctl.install
|
||||
|
||||
# 95-kernel-hooks.install only runs postinst scripts from /etc, so install it there
|
||||
install -Dm755 %{SOURCE2} -t %{buildroot}%{_sysconfdir}/kernel/postinst.d
|
||||
install -Dm755 %{SOURCE3} -t %{buildroot}%{_sysconfdir}/kernel/prerm.d
|
||||
%terra_appstream
|
||||
|
||||
%transfiletriggerin -P 1 -- /efi /usr/lib /usr/libexec
|
||||
if [[ ! -f /run/ostree-booted ]] && grep -q -m 1 -e '\.efi$' -e '/vmlinuz$'; then
|
||||
@@ -69,13 +67,13 @@ fi
|
||||
%doc README.md
|
||||
%{_bindir}/sbctl
|
||||
%{_bindir}/sbctl-batch-sign
|
||||
%{_sysconfdir}/kernel/postinst.d/91-sbctl-sign
|
||||
%{_sysconfdir}/kernel/prerm.d/91-sbctl-rm
|
||||
%{_prefix}/lib/kernel/install.d/91-sbctl.install
|
||||
%{_mandir}/man8/sbctl.8*
|
||||
%{_mandir}/man5/sbctl.conf.5*
|
||||
%{_datadir}/bash-completion/completions/sbctl
|
||||
%{_datadir}/fish/vendor_completions.d/sbctl.fish
|
||||
%{_datadir}/zsh/site-functions/_sbctl
|
||||
%{_metainfodir}/%{appid}.metainfo.xml
|
||||
|
||||
|
||||
%changelog
|
||||
|
||||
Reference in New Issue
Block a user