blob: 3a25c7e7e34950dfb6061dbb35316bd9a08d3f28 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
#!/bin/bash
set -euE
export DEB_VERSION="$1"
export DEB_HOST_ARCH="$2"
export TEMPLATE_EFI_ARCH="$3"
DISTRIBUTION="$(dpkg-parsechangelog -SDistribution)"
URGENCY="$(dpkg-parsechangelog -SUrgency)"
MAINT="$(dpkg-parsechangelog -SMaintainer)"
DATE="$(dpkg-parsechangelog -SDate)"
DEB_VERSION_MANGLED="$(echo "$DEB_VERSION" | sed -re 's/-/\+/;s/\+(b[[:digit:]]+)$/.\1/')"
DEB_VERSION_SOURCE="$(echo "$DEB_VERSION" | sed -re 's/\+b[[:digit:]]+$//')"
export DEB_VERSION_SOURCE
SIGN_TEMPLATE_DIR="debian/systemd-boot-efi-${DEB_HOST_ARCH}-signed-template/usr/share/code-signing/systemd-boot-efi-${DEB_HOST_ARCH}-signed-template"
SIGN_SOURCE_DIR="${SIGN_TEMPLATE_DIR}/source-template/debian"
FILE=usr/lib/systemd/boot/efi/systemd-boot${TEMPLATE_EFI_ARCH}.efi
for i in $(find debian/signing-template -type f -printf '%P\n'); do
mkdir -p "$SIGN_SOURCE_DIR/$(dirname "$i")"
envsubst < "debian/signing-template/$i" > "$SIGN_SOURCE_DIR/$i"
done
(
echo "systemd-boot-efi-${DEB_HOST_ARCH}-signed (${DEB_VERSION_MANGLED}) ${DISTRIBUTION}; urgency=${URGENCY}"
echo
echo " * Sign EFI binaries from systemd-boot-efi ${DEB_VERSION}"
dpkg-parsechangelog -SChanges | sed -rne 's/^.$//p' -e '/^ /p'
echo
echo " -- ${MAINT} ${DATE}"
) > "$SIGN_SOURCE_DIR/changelog"
jq -n --arg file "${FILE}" '
{
"packages": {
"systemd-boot-efi": {
"trusted_certs": [],
"files": [
{"sig_type": "efi", "file": $file}
]
}
}
}' > "$SIGN_TEMPLATE_DIR/files.json"
|
