diff options
Diffstat (limited to 'debian/extra/gen-signing-template')
| -rwxr-xr-x | debian/extra/gen-signing-template | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/debian/extra/gen-signing-template b/debian/extra/gen-signing-template new file mode 100755 index 0000000..6c13571 --- /dev/null +++ b/debian/extra/gen-signing-template @@ -0,0 +1,45 @@ +#!/bin/bash + +set -euE + +export DEB_VERSION="$1" +export DEB_HOST_ARCH="$2" +export DEB_HOST_ARCH_EFI="$3" + +DISTRIBUTION="$(dpkg-parsechangelog -SDistribution)" +URGENCY="$(dpkg-parsechangelog -SUrgency)" +MAINT="$(dpkg-parsechangelog -SMaintainer)" +DATE="$(dpkg-parsechangelog -SDate)" + +DEB_VERSION_MANGLED="$(echo "$DEB_VERSION" | sed -re 's/-/\+/;s/\+(b[[:digit:]]+)$/.\1/')" +DEB_VERSION_SOURCE="$(echo "$DEB_VERSION" | sed -re 's/\+b[[:digit:]]+$//')" +export DEB_VERSION_SOURCE +SIGN_TEMPLATE_DIR="debian/systemd-boot-efi-${DEB_HOST_ARCH}-signed-template/usr/share/code-signing/systemd-boot-efi-${DEB_HOST_ARCH}-signed-template" +SIGN_SOURCE_DIR="${SIGN_TEMPLATE_DIR}/source-template/debian" +FILE=usr/lib/systemd/boot/efi/systemd-boot${DEB_HOST_ARCH_EFI}.efi + +for i in $(find debian/signing-template -type f -printf '%P\n'); do + mkdir -p "$SIGN_SOURCE_DIR/$(dirname "$i")" + envsubst < "debian/signing-template/$i" > "$SIGN_SOURCE_DIR/$i" +done + +( + echo "systemd-boot-efi-${DEB_HOST_ARCH}-signed (${DEB_VERSION_MANGLED}) ${DISTRIBUTION}; urgency=${URGENCY}" + echo + echo " * Sign EFI binaries from systemd-boot-efi ${DEB_VERSION}" + dpkg-parsechangelog -SChanges | sed -rne 's/^.$//p' -e '/^ /p' + echo + echo " -- ${MAINT} ${DATE}" +) > "$SIGN_SOURCE_DIR/changelog" + +jq -n --arg file "${FILE}" ' +{ + "packages": { + "systemd-boot-efi": { + "trusted_certs": [], + "files": [ + {"sig_type": "efi", "file": $file} + ] + } + } +}' > "$SIGN_TEMPLATE_DIR/files.json" |