diff options
| author | Steve McIntyre <steve@einval.com> | 2022-11-05 23:46:43 +0000 |
|---|---|---|
| committer | Steve McIntyre <steve@einval.com> | 2022-11-05 23:46:43 +0000 |
| commit | cdcc726f0cf6c09a6496c323e6cebb7c4c0aa8f3 (patch) | |
| tree | e9d2ed9a81f67622921a3094563bf345d1419dfb | |
| parent | 39d009cd3f45f6c60e069a4943a76e328e6edc9d (diff) | |
| download | steve-scripts-cdcc726f0cf6c09a6496c323e6cebb7c4c0aa8f3.zip | |
Dead now - moved into shim packaging
| -rwxr-xr-x | blacklist_signed_deb | 60 |
1 files changed, 0 insertions, 60 deletions
diff --git a/blacklist_signed_deb b/blacklist_signed_deb deleted file mode 100755 index 2990d00..0000000 --- a/blacklist_signed_deb +++ /dev/null @@ -1,60 +0,0 @@ -#!/bin/sh -# -# Helper script for generating blacklist entries for Debian shim -# -# GPL v2+ -# -# Copyright 2020 Steve McIntyre <93sam@debian.org> - -REASON="" - -usage () { - echo "$0" - echo - echo "shim-blacklist the signed binaries in deb file(s)" - echo "Takes one required param:" - echo " -r <reason> - the reason for the blacklisting" - echo - echo "and a list of .deb files to scan" -} - -while getopts ":r:" o; do - case "${o}" in - r) - REASON=${OPTARG} - ;; - *) - echo "Unknown option ${o}" - usage - exit 1 - ;; - esac -done -shift $((OPTIND-1)) - -if [ "$REASON"x = ""x ]; then - echo "$0: Needs a reason to be specified" - echo - usage - exit 1 -fi - -for DEB in $@; do - DIR=$(mktemp -d) - if [ -f $DEB ]; then - BASEDEB=$(basename $DEB) - echo "###############################" - echo "# Files from $BASEDEB" - echo "# ($REASON)" - dpkg -x $DEB $DIR - for EFI in $(find $DIR -name *.signed); do - BASE=$(basename $EFI) - echo "# $BASE" - HASH=$(pesign --hash --padding --in $EFI | awk '{print $2}') - echo $HASH - done - echo "###############################" - echo - fi - rm -rf $DIR -done |