mirror of
https://gitlab.archlinux.org/tpowa/archboot.git
synced 2024-09-20 03:50:37 +02:00
64 lines
3.2 KiB
Bash
64 lines
3.2 KiB
Bash
#!/usr/bin/env bash
|
|
# Created by Tobias Powalowski <tpowa@archlinux.org>
|
|
|
|
build ()
|
|
{
|
|
# https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot
|
|
apps="openssl python3 cert-to-efi-hash-list efi-readvar efi-updatevar efitool-mkusb flash-var \
|
|
hash-to-efi-sig-list sig-list-to-certs cert-to-efi-sig-list sign-efi-sig-list sbattach sbkeysync \
|
|
sbsiglist sbsign sbvarsign sbverify"
|
|
add_file "/etc/ssl/openssl.cnf"
|
|
for i in $apps; do
|
|
add_binary "$i"
|
|
done
|
|
# add mkkeys.sh
|
|
MKKEYS=$(mktemp /var/tmp/mkkeys.XXXX)
|
|
curl -L -o ${MKKEYS} https://www.rodsbooks.com/efi-bootloaders/mkkeys.sh
|
|
chmod 755 ${MKKEYS}
|
|
add_file "${MKKEYS}" "/usr/bin/mkkeys.sh"
|
|
# add python3 files for script
|
|
add_full_dir /usr/lib/python3.9/encodings
|
|
add_full_dir /usr/lib/python3.9/collections
|
|
add_full_dir /usr/lib/python3.9/logging
|
|
PYTHON_FILES="_collections_abc.py keyword.py heapq.py platform.py types.py enum.py uuid.py \
|
|
_sitebuiltins.py genericpath.py posixpath.py _collections_abc.py stat.py os.py site.py abc.py io.py codecs.py \
|
|
operator.py reprlib.py re.py sre_compile.py sre_parse.py sre_constants.py functools.py copyreg.py subprocess.py \
|
|
signal.py threading.py _weakrefset.py warnings.py contextlib.py random.py bisect.py hashlib.py traceback.py \
|
|
linecache.py tokenize.py token.py weakref.py string.py"
|
|
PYTHON_DYN="select.cpython-39-x86_64-linux-gnu.so math.cpython-39-x86_64-linux-gnu.so _random.cpython-39-x86_64-linux-gnu.so \
|
|
_sha512.cpython-39-x86_64-linux-gnu.so _posixsubprocess.cpython-39-x86_64-linux-gnu.so"
|
|
for i in $(echo $PYTHON_FILES); do
|
|
add_file "/usr/lib/python3.9/$i"
|
|
done
|
|
for i in $(echo $PYTHON_DYN); do
|
|
add_file "/usr/lib/python3.9/lib-dynload/$i"
|
|
done
|
|
# add preloader files
|
|
add_file "/usr/share/efitools/efi/PreLoader.efi"
|
|
add_file "/usr/share/efitools/efi/HashTool.efi"
|
|
add_file "/usr/share/efitools/efi/KeyTool.efi"
|
|
# add shim signed files from fedora
|
|
_SHIM_URL="https://kojipkgs.fedoraproject.org/packages/shim/15.4/5/x86_64"
|
|
_SHIM_VERSION="shim-x64-15.4-5.x86_64.rpm"
|
|
_SHIM32_VERSION="shim-ia32-15.4-5.x86_64.rpm"
|
|
SHIM=$(mktemp -d /var/tmp/shim.XXXX)
|
|
curl --create-dirs -L -O --output-dir "${SHIM}" "${_SHIM_URL}/${_SHIM_VERSION}"
|
|
bsdtar -C ${SHIM} -xf "${SHIM}"/"${_SHIM_VERSION}"
|
|
add_file "${SHIM}/boot/efi/EFI/fedora/mmx64.efi" "/usr/share/fedora-shim/mmx64.efi"
|
|
add_file "${SHIM}/boot/efi/EFI/fedora/shimx64.efi" "/usr/share/fedora-shim/shimx64.efi"
|
|
SHIM32=$(mktemp -d /var/tmp/shim32.XXXX)
|
|
curl --create-dirs -L -O --output-dir "${SHIM32}" "${_SHIM_URL}/${_SHIM32_VERSION}"
|
|
bsdtar -C "${SHIM32}" -xf "${SHIM32}/${_SHIM32_VERSION}"
|
|
add_file "${SHIM}/boot/efi/EFI/fedora/mmia32.efi" "/usr/share/fedora-shim/mmia32.efi"
|
|
add_file "${SHIM}/boot/efi/EFI/fedora/shimia32.efi" "/usr/share/fedora-shim/shimia32.efi"
|
|
# add grub with modules builtin to boot on secure boot
|
|
add_file "/usr/share/archboot/grub/grubx64.efi"
|
|
add_file "/usr/share/archboot/grub/grubia32.efi"
|
|
}
|
|
|
|
help ()
|
|
{
|
|
cat<<HELPEOF
|
|
This hook includes secure boot tools on an archboot image.
|
|
HELPEOF
|
|
}
|