From 196c21c03b15ec8879ae08af5becb0a555916dba Mon Sep 17 00:00:00 2001 From: Anders Darander Date: Fri, 12 Jan 2018 07:56:49 +0100 Subject: [PATCH 1/2] Sign the default/fallback loader Instead of hardcoding the installation path of the systemd-boot, to be used to sign it, try to extract the actual path's that bootctl installs systemd-boot to. Usually, it's also installing a fallback loader. Signed-off-by: Anders Darander --- sicherboot | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/sicherboot b/sicherboot index 8b47b4a..c27f160 100755 --- a/sicherboot +++ b/sicherboot @@ -172,8 +172,11 @@ BOOTCTL_HELP="Usage: sicherboot bootctl [ ...] systemd-boot${EFI_ARCH}.efi " bootctl() { - command bootctl --path="$BOOT_EFI_DIR" "$@" - sign_image "$BOOT_EFI_DIR/EFI/systemd/systemd-boot${EFI_ARCH}.efi" + PATHS=`command bootctl --path="$BOOT_EFI_DIR" "$@" 2>&1 | grep $BOOT_EFI_DIR | cut -d'"' -f 4` + for item in $PATHS + do + sign_image "$item" + done } From ce8874957c7db91b5d11a93f446a6c1e1a75cbd3 Mon Sep 17 00:00:00 2001 From: Anders Darander Date: Fri, 12 Jan 2018 08:06:11 +0100 Subject: [PATCH 2/2] tests: add output to mock bootcl The bootctl command in sicherboot was rewritten to parse the output of the systemd bootctl command. Add the relevant output to the mock. Signed-off-by: Anders Darander --- tests/test-setup | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/test-setup b/tests/test-setup index 174f5a1..592121b 100755 --- a/tests/test-setup +++ b/tests/test-setup @@ -50,6 +50,7 @@ testsuccess test -e tmp/efi/loader/entries/machine-id-keytool.conf cat >> $PWD/tmp/bootctl << EOF #!/bin/sh install -D /usr/lib/systemd/boot/efi/systemd-boot${EFI_ARCH}.efi $PWD/tmp/efi/EFI/systemd/systemd-boot${EFI_ARCH}.efi +echo "Copied \"/usr/lib/systemd/boot/efi/systemd-boot${EFI_ARCH}.efi\" to \"$PWD/tmp/efi/EFI/systemd/systemd-bootx64.efi\"." EOF chmod +x $PWD/tmp/bootctl