diff options
author | Corey Hinshaw | 2020-10-06 17:06:38 -0400 |
---|---|---|
committer | GitHub | 2020-10-06 17:06:38 -0400 |
commit | 4dc7402feed242649ebcd79374a60f9c2c8a3d7f (patch) | |
tree | ec05a076106572d5adaa40e7931a8d1520ada795 | |
parent | 4d9d8137126c8df37484fb4624adde8a44db04b9 (diff) | |
parent | e3cbe8ae5be3471a5e9c075db92c6c6307630b5e (diff) | |
download | aur-4dc7402feed242649ebcd79374a60f9c2c8a3d7f.tar.gz |
Merge pull request #1 from zer0def/master
Mild readability tweaks and replace py2 with system core dependency
-rw-r--r-- | .SRCINFO | 6 | ||||
-rw-r--r-- | PKGBUILD | 7 | ||||
-rwxr-xr-x | sbkeys | 72 |
3 files changed, 57 insertions, 28 deletions
@@ -1,6 +1,6 @@ pkgbase = sbkeys pkgdesc = Simple script to generate Secure Boot keys - pkgver = 1.0.0 + pkgver = 1.0.1 pkgrel = 1 url = https://github.com/electrickite/sbkeys arch = any @@ -8,10 +8,10 @@ pkgbase = sbkeys depends = efitools depends = coreutils depends = bash - depends = python2 depends = openssl + depends = util-linux source = sbkeys - sha256sums = a6d7a5fbdd62a07423ef9641e30bb177746720801462f84636c27096926c2d42 + sha256sums = 895dc5b515625ea515c3f74279dfe67cf40efea4f23ac5e4dbe78213da34d957 pkgname = sbkeys @@ -1,16 +1,17 @@ # Maintainer: Corey Hinshaw <corey(at)electrickite(dot)org> +# Contributor: zer0def <zer0def@github> pkgname=sbkeys -pkgver=1.0.0 +pkgver=1.0.1 pkgrel=1 pkgdesc="Simple script to generate Secure Boot keys" arch=('any') url="https://github.com/electrickite/sbkeys" license=('GPL3') -depends=('efitools' 'coreutils' 'bash' 'python2' 'openssl') +depends=('efitools' 'coreutils' 'bash' 'openssl' 'util-linux') source=('sbkeys') -sha256sums=('a6d7a5fbdd62a07423ef9641e30bb177746720801462f84636c27096926c2d42') +sha256sums=('895dc5b515625ea515c3f74279dfe67cf40efea4f23ac5e4dbe78213da34d957') package() { install -Dm755 sbkeys "${pkgdir}/usr/bin/sbkeys" @@ -15,10 +15,19 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. +[ -n "${DEBUG}" ] && set -x +set -e + # Do not create new keys if key files already exist -KEYS="PK.key PK.crt KEK.key KEK.crt DB.key DB.crt PK.cer KEK.cer DB.cer myGUID.txt PK.esl KEK.esl DB.esl noPK.esl PK.auth noPK.auth KEK.auth DB.auth" -for file in $KEYS; do - if [ -f $file ]; then +KEYS=( + PK.key PK.crt PK.cer PK.esl PK.auth + KEK.key KEK.crt KEK.cer KEK.esl KEK.auth + DB.key DB.crt DB.cer DB.esl DB.auth + noPK.esl noPK.auth + myGUID.txt +) +for file in ${KEYS[@]}; do + if [ -f ${file} ]; then echo "Error: keys already exist in $(pwd)" >&2 exit 1 fi @@ -27,33 +36,52 @@ done echo -n "Enter a Common Name to embed in the keys: " read NAME -openssl req -new -x509 -newkey rsa:2048 -subj "/CN=$NAME PK/" -keyout PK.key \ - -out PK.crt -days 3650 -nodes -sha256 -openssl req -new -x509 -newkey rsa:2048 -subj "/CN=$NAME KEK/" -keyout KEK.key \ - -out KEK.crt -days 3650 -nodes -sha256 -openssl req -new -x509 -newkey rsa:2048 -subj "/CN=$NAME DB/" -keyout DB.key \ - -out DB.crt -days 3650 -nodes -sha256 +# Platform key +openssl req -new -x509 \ + -subj "/CN=${NAME} PK/" -days 3650 -nodes \ + -newkey rsa:2048 -sha256 \ + -keyout PK.key -out PK.crt openssl x509 -in PK.crt -out PK.cer -outform DER + +# Key exchange key +openssl req -new -x509 \ + -subj "/CN=${NAME} KEK/" -days 3650 -nodes \ + -newkey rsa:2048 -sha256 \ + -keyout KEK.key -out KEK.crt openssl x509 -in KEK.crt -out KEK.cer -outform DER + +# Signature database +openssl req -new -x509 \ + -subj "/CN=${NAME} DB/" -days 3650 -nodes \ + -newkey rsa:2048 -sha256 \ + -keyout DB.key -out DB.crt openssl x509 -in DB.crt -out DB.cer -outform DER -GUID=`python2 -c 'import uuid; print str(uuid.uuid1())'` -echo $GUID > myGUID.txt +GUID="$(uuidgen -r)" +echo ${GUID} > myGUID.txt -cert-to-efi-sig-list -g $GUID PK.crt PK.esl -cert-to-efi-sig-list -g $GUID KEK.crt KEK.esl -cert-to-efi-sig-list -g $GUID DB.crt DB.esl +cert-to-efi-sig-list -g ${GUID} PK.crt PK.esl +cert-to-efi-sig-list -g ${GUID} KEK.crt KEK.esl +cert-to-efi-sig-list -g ${GUID} DB.crt DB.esl rm -f noPK.esl touch noPK.esl -sign-efi-sig-list -t "$(date --date='1 second' +'%Y-%m-%d %H:%M:%S')" \ - -k PK.key -c PK.crt PK PK.esl PK.auth -sign-efi-sig-list -t "$(date --date='1 second' +'%Y-%m-%d %H:%M:%S')" \ - -k PK.key -c PK.crt PK noPK.esl noPK.auth -sign-efi-sig-list -t "$(date --date='1 second' +'%Y-%m-%d %H:%M:%S')" \ - -k PK.key -c PK.crt KEK KEK.esl KEK.auth -sign-efi-sig-list -t "$(date --date='1 second' +'%Y-%m-%d %H:%M:%S')" \ - -k KEK.key -c KEK.crt DB DB.esl DB.auth +sign-efi-sig-list \ + -t "$(date --date='1 second' +'%Y-%m-%d %H:%M:%S')" \ + -k PK.key -c PK.crt \ + PK PK.esl PK.auth +sign-efi-sig-list \ + -t "$(date --date='1 second' +'%Y-%m-%d %H:%M:%S')" \ + -k PK.key -c PK.crt \ + PK noPK.esl noPK.auth +sign-efi-sig-list \ + -t "$(date --date='1 second' +'%Y-%m-%d %H:%M:%S')" \ + -k PK.key -c PK.crt \ + KEK KEK.esl KEK.auth +sign-efi-sig-list \ + -t "$(date --date='1 second' +'%Y-%m-%d %H:%M:%S')" \ + -k KEK.key -c KEK.crt \ + DB DB.esl DB.auth chmod 0600 *.key |