-
-
Notifications
You must be signed in to change notification settings - Fork 3.6k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
The sbsign and ukify part was moved into a finalize script rather than a postinst.chroot script so was using host tools instead of just-built.
- Loading branch information
1 parent
85e23ef
commit a56820d
Showing
2 changed files
with
12 additions
and
9 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
12 changes: 12 additions & 0 deletions
12
mkosi.images/system/mkosi.conf.d/20-particle/mkosi.postinst.chroot
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
#!/bin/bash | ||
# SPDX-License-Identifier: LGPL-2.1-or-later | ||
set -e | ||
|
||
# sbsign is not available on CentOS Stream | ||
if command -v sbsign &>/dev/null; then | ||
# Ensure that side-loaded PE addons are loaded if signed, and ignored if not | ||
addons_dir=/efi/loader/addons | ||
mkdir -p "$addons_dir" | ||
ukify build --secureboot-private-key mkosi.key --secureboot-certificate mkosi.crt --cmdline this_should_be_here -o "$addons_dir/good.addon.efi" | ||
ukify build --cmdline this_should_not_be_here -o "$addons_dir/bad.addon.efi" | ||
fi |