diff --git a/anda/tools/sbctl/91-sbctl-rm b/anda/tools/sbctl/91-sbctl-rm deleted file mode 100644 index 247852a75a..0000000000 --- a/anda/tools/sbctl/91-sbctl-rm +++ /dev/null @@ -1,41 +0,0 @@ -#!/usr/bin/sh -# This file is part of sbctl. -# Patched for Fedora, for the Terra repository - -#shellcheck disable=SC2034 -# Enable xtrace if we're verbose -if [ "${KERNEL_INSTALL_VERBOSE:-0}" = "1" ]; then - set -x -fi - -ver=${1} -img=${2} - - -die() { - echo -e " ${NOCOLOR-\e[1;31m*\e[0m }${*}" >&2 - exit 1 -} - -einfo() { - echo -e " ${NOCOLOR-\e[1;32m*\e[0m }${*}" -} - -main() { - # re-define for subst to work - [[ -n ${NOCOLOR+yes} ]] && NOCOLOR= - einfo "Unregistering kernel file from sbctl" - # do nothing if secureboot key directory doesn't exist - if ! [ "$(sbctl setup --print-state --json | awk '/installed/ { gsub(/,$/,"",$2); print $2 }')" = "true" ]; then - einfo "Secureboot key directory doesn't exist, not signing!" - exit 0 - fi - - [[ ${EUID} -eq 0 ]] || die "Please run this script as root" - - einfo "sbctl: Unregistering kernel $img" - sbctl remove-file $img -} - -main - diff --git a/anda/tools/sbctl/91-sbctl-sign b/anda/tools/sbctl/91-sbctl-sign deleted file mode 100755 index 35bb741ac3..0000000000 --- a/anda/tools/sbctl/91-sbctl-sign +++ /dev/null @@ -1,40 +0,0 @@ -#!/usr/bin/sh -# This file is part of sbctl. -# Patched for Fedora, for the Terra repository - -#shellcheck disable=SC2034 -# Enable xtrace if we're verbose -if [ "${KERNEL_INSTALL_VERBOSE:-0}" = "1" ]; then - set -x -fi - -ver=${1} -img=${2} - -die() { - echo -e " ${NOCOLOR-\e[1;31m*\e[0m }${*}" >&2 - exit 1 -} - -einfo() { - echo -e " ${NOCOLOR-\e[1;32m*\e[0m }${*}" -} - -main() { - # re-define for subst to work - [[ -n ${NOCOLOR+yes} ]] && NOCOLOR= - einfo "Running kernel install script" - # do nothing if secureboot key directory doesn't exist - if ! [ "$(sbctl setup --print-state --json | awk '/installed/ { gsub(/,$/,"",$2); print $2 }')" = "true" ]; then - einfo "Secureboot key directory doesn't exist, not signing!" - exit 0 - fi - - [[ ${EUID} -eq 0 ]] || die "Please run this script as root" - - einfo "sbctl: Signing kernel $img" - sbctl sign -s $img -} - -main - diff --git a/anda/tools/sbctl/sbctl.spec b/anda/tools/sbctl/sbctl.spec index 11cbc18f7e..728c6472b0 100644 --- a/anda/tools/sbctl/sbctl.spec +++ b/anda/tools/sbctl/sbctl.spec @@ -1,17 +1,18 @@ +%global appid dev.linderud.sbctl +%global appstream_component console-application +%global patch_commit 14c4027270589b8d6f39cbca97569e6b13e40a05 Name: sbctl Version: 0.18 -Release: 3%?dist +Release: 4%?dist Summary: Secure Boot key manager License: MIT URL: https://github.com/Foxboron/sbctl Source0: https://github.com/Foxboron/sbctl/releases/download/%{version}/sbctl-%{version}.tar.gz +Patch1: https://github.com/Foxboron/sbctl/compare/master...%{patch_commit}.patch ## Based on CachyOS's batch sign script # https://github.com/CachyOS/CachyOS-Settings/blob/master/usr/bin/sbctl-batch-sign Source1: %{name}-batch-sign -# Downstream postinst hook -Source2: 91-sbctl-sign -Source3: 91-sbctl-rm ExclusiveArch: %{golang_arches} @@ -24,6 +25,7 @@ Recommends: systemd-udev BuildRequires: asciidoc BuildRequires: git BuildRequires: go-rpm-macros +BuildRequires: anda-srpm-macros BuildRequires: pkgconfig(libpcsclite) %description @@ -49,13 +51,9 @@ export GOPATH=%{_builddir}/go %make_install PREFIX=%{_prefix} install -Dm755 %{SOURCE1} -t %{buildroot}%{_bindir} -# This script is actually broken on Fedora -rm -f %{buildroot}%{_prefix}/lib/kernel/install.d/91-sbctl.install +# We don't want the Debian script rm -f %{buildroot}%{_prefix}/lib/kernel/postinst.d/91-sbctl.install - -# 95-kernel-hooks.install only runs postinst scripts from /etc, so install it there -install -Dm755 %{SOURCE2} -t %{buildroot}%{_sysconfdir}/kernel/postinst.d -install -Dm755 %{SOURCE3} -t %{buildroot}%{_sysconfdir}/kernel/prerm.d +%terra_appstream %transfiletriggerin -P 1 -- /efi /usr/lib /usr/libexec if [[ ! -f /run/ostree-booted ]] && grep -q -m 1 -e '\.efi$' -e '/vmlinuz$'; then @@ -69,13 +67,13 @@ fi %doc README.md %{_bindir}/sbctl %{_bindir}/sbctl-batch-sign -%{_sysconfdir}/kernel/postinst.d/91-sbctl-sign -%{_sysconfdir}/kernel/prerm.d/91-sbctl-rm +%{_prefix}/lib/kernel/install.d/91-sbctl.install %{_mandir}/man8/sbctl.8* %{_mandir}/man5/sbctl.conf.5* %{_datadir}/bash-completion/completions/sbctl %{_datadir}/fish/vendor_completions.d/sbctl.fish %{_datadir}/zsh/site-functions/_sbctl +%{_metainfodir}/%{appid}.metainfo.xml %changelog