fix(dracut.sh): handle sbsign errors for UEFI builds

`sbsign` does not issue any error if there is not enough disk space to create the signed file using its `--output` option. So, verify the signed image after its creation using `sbverify`. Fixes issue #2197
dracutdevs · Feb 13, 2023 · a6dd5bf · a6dd5bf
1 parent 8602df7
commit a6dd5bf
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/dracut.sh b/dracut.sh
@@ -2496,9 +2496,11 @@ if [[ $uefi == yes ]]; then
                 ${uefi_secureboot_engine:+--engine "$uefi_secureboot_engine"} \
                 --key "${uefi_secureboot_key}" \
                 --cert "${uefi_secureboot_cert}" \
-                --output "$outfile" "${uefi_outdir}/linux.efi"; then
+                --output "$outfile" "${uefi_outdir}/linux.efi" \
+                && sbverify --cert "${uefi_secureboot_cert}" "$outfile" > /dev/null 2>&1; then
                 dinfo "*** Creating signed UEFI image file '$outfile' done ***"
             else
+                rm -f -- "$outfile"
                 dfatal "*** Creating signed UEFI image file '$outfile' failed ***"
                 exit 1
             fi