41 lines
944 B
Bash
Executable File
41 lines
944 B
Bash
Executable File
#!/bin/bash -eu
|
|
#
|
|
# Staging drivers must not be signed if they are not listed in a
|
|
# signature-inclusion file to prevent loading of 'unsafe' drivers in a
|
|
# Secure Boot environment.
|
|
#
|
|
# Exit with status 0 if the provided module needs to be signed, 1 otherwise
|
|
#
|
|
|
|
mod=${1}
|
|
|
|
# Sign the module if not a staging driver
|
|
if [ "${mod/\/drivers\/staging\//}" = "${mod}" ] ; then
|
|
exit 0
|
|
fi
|
|
|
|
root=$(dirname "$(realpath -e "${0}")")/../..
|
|
. "${root}"/debian/debian.env
|
|
|
|
# Collect the signature-inclusion files
|
|
sig_incls=()
|
|
for d in debian "${DEBIAN}" ; do
|
|
if [ -f "${root}"/"${d}"/signature-inclusion ] ; then
|
|
sig_incls+=("${root}"/"${d}"/signature-inclusion)
|
|
fi
|
|
done
|
|
|
|
# Sign the module if no signature-inclusion files
|
|
if [ ${#sig_incls[@]} -eq 0 ] ; then
|
|
exit 0
|
|
fi
|
|
|
|
# Sign the module if listed in signature-inclusion files
|
|
if grep -qFx "${mod##*/}" "${sig_incls[@]}" ; then
|
|
exit 0
|
|
fi
|
|
|
|
# Don't sign the module
|
|
echo "UBUNTU: Not signing ${1}"
|
|
exit 1
|