Skip to content

Instantly share code, notes, and snippets.

@EAirPeter

EAirPeter/sign-akmods.sh

Created March 2, 2018 13:05
Show Gist options
  • Save EAirPeter/a5a0f3cab686e16cd8f621f3da122bb3 to your computer and use it in GitHub Desktop.
Save EAirPeter/a5a0f3cab686e16cd8f621f3da122bb3 to your computer and use it in GitHub Desktop.
Download ZIP
Sign akmods automatically for Fedora 27.
Raw
sign-akmods.sh
#! /bin/bash
priv="/etc/pki/private/mok/signing_key.pem"
x509="/etc/pki/private/mok/signing_key.x509"
akdir="/var/cache/akmods"
kver="$(uname -r)"
sifi="/usr/src/kernels/${kver}/scripts/sign-file"
tmpf="/tmp/modsign_tmp.ko"
while pgrep -f -- '/sur/bin/akmods --from-kernel-posttrans' > /dev/null; do
echo 'sign-akmods: waiting akmods finish...'
sleep 1
done
readarray -t kos < <(
find "${akdir}" -name "*${kver}*.rpm" -exec sh -c 'rpm -qlp "{}" | grep ".ko$"' \;
)
for ((i = 0; i < ${#kos[@]}; ++i)); do
if ! strings "${kos[i]}" | tail -n1 | grep -q '~Module signature appended~'; then
"${sifi}" sha256 "${priv}" "${x509}" "${kos[i]}"
echo "sign-akmods: newly signed '${kos[i]}'..."
else
echo "sign-akmods: already signed '${kos[i]}'..."
fi
done
readarray -t koxzs < <(
find "${akdir}" -name "*${kver}*.rpm" -exec sh -c 'rpm -qlp "{}" | grep ".ko.xz$"' \;
)
for ((i = 0; i < ${#koxzs[@]}; ++i)); do
xz -dc "${koxzs[i]}" > "${tmpf}"
if ! strings "${tmpf}" | tail -n1 | grep -q '~Module signature appended~'; then
"${sifi}" sha256 "${priv}" "${x509}" "${tmpf}"
xz -zc "${tmpf}" > "${koxzs[i]}"
echo "sign-akmods: newly signed '${koxzs[i]}'..."
else
echo "sign-akmods: already signed '${koxzs[i]}'..."
fi
rm -f "${tmpf}"
done
@EAirPeter
Copy link
Author

Added support for xz compressed kmods.
Original: https://gist.github.com/xenithorb/df08970b9e70bb3c6576e1fd91460afe

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment