From 48429ea921ab45b68420b26753a6821c810bc7ad Mon Sep 17 00:00:00 2001
From: Tobias Powalowski <tpowa@archlinux.org>
Date: Sun, 30 Jan 2022 14:38:17 +0100
Subject: [PATCH] add fedora shim script

---
 usr/bin/archboot-fedora-shim.sh | 63 +++++++++++++++++++++++++++++++++
 1 file changed, 63 insertions(+)
 create mode 100755 usr/bin/archboot-fedora-shim.sh

diff --git a/usr/bin/archboot-fedora-shim.sh b/usr/bin/archboot-fedora-shim.sh
new file mode 100755
index 000000000..7240c3112
--- /dev/null
+++ b/usr/bin/archboot-fedora-shim.sh
@@ -0,0 +1,63 @@
+#!/bin/bash
+_FEDORA_SERVER="https://kojipkgs.fedoraproject.org"
+_FEDORA_DIR="boot/efi/EFI/fedora"
+_SHIM_VERSION="15.4"
+_SHIM_RELEASE="5"
+_SHIM_URL="${_FEDORA_SERVER}/packages/shim/${_SHIM_VERSION}/${_SHIM_RELEASE}"
+_SHIM_RPM="x86_64/shim-x64-${_SHIM_VERSION}-${_SHIM_RELEASE}.x86_64.rpm"
+_SHIM32_RPM="x86_64/shim-ia32-${_SHIM_VERSION}-${_SHIM_RELEASE}.x86_64.rpm"
+_SHIM_AA64_RPM="aarch64/shim-aa64-${_SHIM_VERSION}-${_SHIM_RELEASE}.aarch64.rpm"
+_SHIM=$(mktemp -d shim.XXXX)
+_SHIM32=$(mktemp -d shim32.XXXX)
+_SHIMAA64=$(mktemp -d shimaa64.XXXX)
+_USER="tobias"
+_GROUP="users"
+_GPG="--detach-sign --no-armor --batch --passphrase-file /etc/archboot/gpg.passphrase --pinentry-mode loopback -u 7EDF681F"
+_SERVER="pkgbuild.com"
+_SHIM_ARCH_SERVERDIR="/home/tpowa/public_html/archboot-helper/fedora-shim"
+
+### check for root
+if ! [[ ${UID} -eq 0 ]]; then 
+    echo "ERROR: Please run as root user!"
+    exit 1
+fi
+### check for tpowa's build server
+if [[ ! "$(cat /etc/hostname)" == "T-POWA-LX" ]]; then
+    echo "This script should only be run on tpowa's build server. Aborting..."
+    exit 1
+fi
+# download packages from fedora server
+echo "Downloading fedora shim..."
+curl -s --create-dirs -L -O --output-dir "${_SHIM}" ${_SHIM_URL}/${_SHIM_RPM} || exit 1
+curl -s --create-dirs -L -O --output-dir "${_SHIM32}" ${_SHIM_URL}/${_SHIM32_RPM} || exit 1
+curl -s --create-dirs -L -O --output-dir "${_SHIMAA64}" ${_SHIM_URL}/${_SHIM_AA64_RPM} || exit 1
+# unpack rpm
+echo "Unpacking roms ..."
+bsdtar -C "${_SHIM}" -xf "${_SHIM}"/*.rpm
+bsdtar -C "${_SHIM32}" -xf "${_SHIM32}"/*.rpm
+bsdtar -C "${_SHIMAA64}" -xf "${_SHIMAA64}"/*.rpm 
+echo "Copy shim files ..."
+mkdir -m 777 shim-fedora
+cp "${_SHIM}/${_FEDORA_DIR}/"{mmx64.efi,shimx64.efi} shim-fedora/
+cp "${_SHIM32}/${_FEDORA_DIR}/"{mmia32.efi,shimia32.efi} shim-fedora/
+cp "${_SHIMAA64}/${_FEDORA_DIR}/"{mmaa64.efi,shimaa64.efi} shim-fedora/
+# cleanup
+echo "Cleanup directories "$_SHIM}" "${_SHIM32}" "${_SHIMAA64}" ..."
+rm -r "${_SHIM}" "${_SHIM32}" "${_SHIMAA64}"
+# sign files
+echo "Sign files and upload ..."
+#shellcheck disable=SC2086
+cd shim-fedora/ || exit 1
+chown "${_USER}" ./*
+chgrp "${_GROUP}" ./*
+for i in *.efi; do
+    [[ -f "${i}" ]] && sudo -u "${_USER}" gpg ${_GPG} "${i}" || exit 1
+    [[ -f "${i}" ]] && cksum -a sha256 "${i}" >> sha256sum.txt
+    [[ -f "${i}.sig" ]] && cksum -a sha256 "${i}.sig" >> sha256sum.txt
+done
+sudo -u "${_USER}" scp * ${_SERVER}:${_SHIM_ARCH_SERVERDIR} || exit 1
+# cleanup
+echo "Remove fedora-shim directory."
+cd ..
+rm -r shim-fedora
+echo "Finished fedora Shim."