kernelsign

commit 88ee1a152af53f56a8cac6f510f9929b98d5f7fc
parent 2eb922ecadb369c905a5b6a512a6f33ce50f8088
Author: nanmi <nanmi@member.fsf.org>
Date:   Sat, 23 Jul 2022 06:27:17 +0900

Add fancy test and make the script aimed at stub kernels.

Diffstat:
M
ks.sh
 | 
74
++++++++++++++++++++++++++++++++++++++++++++------------------------------

1 file changed, 44 insertions(+), 30 deletions(-)
diff --git a/ks.sh b/ks.sh
@@ -3,44 +3,58 @@ set -eu
 
 # To find the UUIDs, run `lsblk -f` as root
 # UUID of the partition on the flash drive that holds the keys (i.e. /dev/sdb2)
-KEYS_UUID=80a811c4-9042-49c2-b634-efb97e51f247
+KEYS_UUID="ebee3318-804f-4236-9b75-c805702f1691"
 # UUID of the EFI partition on the flash drive (i.e. /dev/sdb1)
-ESP_UUID=NM00-2135
+ESP_UUID="4BB0-BE60"
 # UUID of /device/mapper/${NAME}
-CRYPT_UUID=4b96d130-9e16-44e8-a8b0-95837516187a
-NAME=keys
-ESP=/efi
-MNT=/mnt
-
-prepareKeys(){
-    printf '%s\n' "Opening keys partition as ${NAME}..."
-    cryptsetup -v luksOpen UUID=${KEYS_UUID} ${NAME}
-    printf '%s\n' "Mounting ${NAME}..."
-    mount -voro -U ${CRYPT_UUID} ${MNT}
+CRYPT_UUID="409dc38b-2fc6-46d0-a1a1-c93755f80bb1"
+NAME="keys"
+ESP="/efi"
+MNT="/mnt"
+
+INSTALL="$(printf '\033[32;01m')"
+GENTOO="$(printf '\033[0m')"
+
+_text() {
+    printf " ${INSTALL}*${GENTOO} %s\n" "${*}"
+}
+
+prepareKeys() {
+    _text "Opening keys partition as ${NAME}..."
+    cryptsetup -v luksOpen UUID="${KEYS_UUID}" "${NAME}"
+    _text "Mounting ${NAME}..."
+    mount -vU "${CRYPT_UUID}" "${MNT}"
 }
 
-prepareESP(){
-    printf '%s\n' "Mounting ESP..."
-    mount -vU $ESP_UUID $ESP
-    printf '%s\n' "Backing up old kernel..."
-    mv -uv ${ESP}/EFI/gentoo/bzImage.efi ${ESP}/EFI/freebsd/oldbzImage.efi
+prepareESP() {
+    _text "Mounting ESP..."
+    mount -vU "${ESP_UUID}" "${ESP}"
+    _text "Backing up old kernel at ${MNT}..."
+    mv -uv "${ESP}/bzImage.efi" "${MNT}/oldbzImage.efi"
 }
 
-signKernel(){
-    sbsign --key ${MNT}/DB.key --cert ${MNT}/DB.crt \
-        --output ${ESP}/EFI/gentoo/bzImage.efi /usr/src/linux/arch/x86/boot/bzImage
-    printf '%s\n' "Signed new kernel."
+signKernel() {
+    sbsign --key "${MNT}/DB.key" --cert "${MNT}/DB.crt" \
+        --output "${ESP}/bzImage.efi" "/usr/src/linux/arch/x86/boot/bzImage"
 }
 
-cleanUp(){
-    printf '%s\n' "Unmounting ${ESP} and ${MNT}"
+cleanUp() {
+    _text "Unmounting ${ESP} and ${MNT}..."
     umount -v ${ESP} ${MNT}
-    printf '%s\n' "Closing keys partition..."
-    cryptsetup -v luksClose ${NAME}
+    _text "Closing keys partition..."
+    cryptsetup -v luksClose "${NAME}"
+}
+
+main() {
+    if [ "$(id -u)" -ne 0 ]; then
+        echo "Please, run as root."
+        exit
+    fi
+    prepareKeys
+    prepareESP
+    signKernel
+    sync
+    cleanUp
 }
 
-prepareKeys
-prepareESP
-signKernel
-cleanUp
-sync
+main