funkemunky/packages
1
0
Fork 0
mirror of https://github.com/terrapkg/packages.git synced 2026-05-31 09:01:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(sbctl): Make it actually work on Fedora (#5689) (#5702)

Browse Source 
(cherry picked from commit 573aef30ca)

Co-authored-by: Gilver <rockgrub@disroot.org>
This commit is contained in:
Raboneko
2025-06-28 22:11:01 -07:00
committed by GitHub
parent 717bee3483
commit ae3a4d02a2
2 changed files with 32 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
anda/tools/sbctl/sbctl-batch-sign
+24
View File
@@ -0,0 +1,24 @@
#!/usr/bin/env bash
# sbctl-batch-sign is a helper script designed to make it easier for users to sign files needed for Secure Boot support.
# The obvious case in which this script helps a lot is when dual booting Windows as there are a lot of files by Windows that need to be signed in EFI.
set -e
if [ -f /boot/limine.conf ]; then
echo "Limine detected, please do not use this script."
exit 0
fi
if [ "$(id -u)" -ne 0 ]; then
echo "Error: This script must be run with root privileges."
exit 1
fi
export ESP_PATH=/boot
sbctl verify 2>/dev/null | awk '/✗/ {print $2}' | while IFS= read -r entry; do
if [[ "$entry" =~ ^.*/EFI/(Microsoft|Windows) || "$entry" == *.mui || "$entry" == *.dll
|| "$entry" =~ ^/boot/grub ]]; then
continue
fi
sbctl sign -s "$entry"
done
anda/tools/sbctl/sbctl.spec
+8 -3
View File
@@ -1,16 +1,20 @@
Name: sbctl
Version: 0.17
Release: 2%?dist
Release: 3%?dist
Summary: Secure Boot key manager
License: MIT
URL: https://github.com/Foxboron/sbctl
Source0: https://github.com/Foxboron/sbctl/releases/download/%{version}/sbctl-%{version}.tar.gz
## Based on CachyOS's batch sign script
# https://github.com/CachyOS/CachyOS-Settings/blob/master/usr/bin/sbctl-batch-sign
Source1: %{name}-batch-sign
ExclusiveArch: %{golang_arches}
Requires: binutils
Requires: util-linux
Requires(post): bash
Recommends: systemd-udev
@@ -39,12 +43,12 @@ export GOPATH=%{_builddir}/go
%install
%make_install PREFIX=%{_prefix}
install -Dm755 %{SOURCE1} -t %{buildroot}%{_bindir}
%transfiletriggerin -P 1 -- /boot /efi /usr/lib /usr/libexec
if [[ ! -f /run/ostree-booted ]] && grep -q -m 1 -e '\.efi$' -e '/vmlinuz$'; then
exec </dev/null
%{_bindir}/sbctl sign-all -g
%{_bindir}/sbctl-batch-sign
fi
@@ -52,6 +56,7 @@ fi
%license LICENSE
%doc README.md
%{_bindir}/sbctl
%{_bindir}/sbctl-batch-sign
%{_prefix}/lib/kernel/install.d/91-sbctl.install
%{_mandir}/man8/sbctl.8*
%{_mandir}/man5/sbctl.conf.5*