Mild readability tweaks and replace py2 with system core dependency.

3 files changed, 57 insertions, 28 deletions

diff --git a/.SRCINFO b/.SRCINFO
index 370ae064ecbd..c3b58254b350 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,6 +1,6 @@
 pkgbase = sbkeys
 	pkgdesc = Simple script to generate Secure Boot keys
-	pkgver = 1.0.0
+	pkgver = 1.0.1
 	pkgrel = 1
 	url = https://github.com/electrickite/sbkeys
 	arch = any
@@ -8,10 +8,10 @@ pkgbase = sbkeys
 	depends = efitools
 	depends = coreutils
 	depends = bash
-	depends = python2
 	depends = openssl
+	depends = util-linux
 	source = sbkeys
-	sha256sums = a6d7a5fbdd62a07423ef9641e30bb177746720801462f84636c27096926c2d42
+	sha256sums = 895dc5b515625ea515c3f74279dfe67cf40efea4f23ac5e4dbe78213da34d957
 
 pkgname = sbkeys
 
diff --git a/PKGBUILD b/PKGBUILD
index e55b3590e009..7aa1c606ea7e 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -1,16 +1,17 @@
 # Maintainer: Corey Hinshaw <corey(at)electrickite(dot)org>
+# Contributor: zer0def <zer0def@github>
 
 pkgname=sbkeys
-pkgver=1.0.0
+pkgver=1.0.1
 pkgrel=1
 pkgdesc="Simple script to generate Secure Boot keys"
 arch=('any')
 url="https://github.com/electrickite/sbkeys"
 license=('GPL3')
-depends=('efitools' 'coreutils' 'bash' 'python2' 'openssl')
+depends=('efitools' 'coreutils' 'bash' 'openssl' 'util-linux')
 
 source=('sbkeys')
-sha256sums=('a6d7a5fbdd62a07423ef9641e30bb177746720801462f84636c27096926c2d42')
+sha256sums=('895dc5b515625ea515c3f74279dfe67cf40efea4f23ac5e4dbe78213da34d957')
 
 package() {
   install -Dm755 sbkeys "${pkgdir}/usr/bin/sbkeys"
diff --git a/sbkeys b/sbkeys
index 161605e45337..d92112a35393 100755
--- a/sbkeys
+++ b/sbkeys
@@ -15,10 +15,19 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
+[ -n "${DEBUG}" ] && set -x
+set -e
+
 # Do not create new keys if key files already exist
-KEYS="PK.key PK.crt KEK.key KEK.crt DB.key DB.crt PK.cer KEK.cer DB.cer myGUID.txt PK.esl KEK.esl DB.esl noPK.esl PK.auth noPK.auth KEK.auth DB.auth"
-for file in $KEYS; do
-  if [ -f $file ]; then
+KEYS=(
+  PK.key PK.crt PK.cer PK.esl PK.auth
+  KEK.key KEK.crt KEK.cer KEK.esl KEK.auth
+  DB.key DB.crt DB.cer DB.esl DB.auth
+  noPK.esl noPK.auth
+  myGUID.txt
+)
+for file in ${KEYS[@]}; do
+  if [ -f ${file} ]; then
     echo "Error: keys already exist in $(pwd)" >&2
     exit 1
   fi
@@ -27,33 +36,52 @@ done
 echo -n "Enter a Common Name to embed in the keys: "
 read NAME
 
-openssl req -new -x509 -newkey rsa:2048 -subj "/CN=$NAME PK/" -keyout PK.key \
-        -out PK.crt -days 3650 -nodes -sha256
-openssl req -new -x509 -newkey rsa:2048 -subj "/CN=$NAME KEK/" -keyout KEK.key \
-        -out KEK.crt -days 3650 -nodes -sha256
-openssl req -new -x509 -newkey rsa:2048 -subj "/CN=$NAME DB/" -keyout DB.key \
-        -out DB.crt -days 3650 -nodes -sha256
+# Platform key
+openssl req -new -x509 \
+    -subj "/CN=${NAME} PK/" -days 3650 -nodes \
+    -newkey rsa:2048 -sha256 \
+    -keyout PK.key -out PK.crt
 openssl x509 -in PK.crt -out PK.cer -outform DER
+
+# Key exchange key
+openssl req -new -x509 \
+    -subj "/CN=${NAME} KEK/" -days 3650 -nodes \
+    -newkey rsa:2048 -sha256 \
+    -keyout KEK.key -out KEK.crt
 openssl x509 -in KEK.crt -out KEK.cer -outform DER
+
+# Signature database
+openssl req -new -x509 \
+    -subj "/CN=${NAME} DB/" -days 3650 -nodes \
+    -newkey rsa:2048 -sha256 \
+    -keyout DB.key -out DB.crt
 openssl x509 -in DB.crt -out DB.cer -outform DER
 
-GUID=`python2 -c 'import uuid; print str(uuid.uuid1())'`
-echo $GUID > myGUID.txt
+GUID="$(uuidgen -r)"
+echo ${GUID} > myGUID.txt
 
-cert-to-efi-sig-list -g $GUID PK.crt PK.esl
-cert-to-efi-sig-list -g $GUID KEK.crt KEK.esl
-cert-to-efi-sig-list -g $GUID DB.crt DB.esl
+cert-to-efi-sig-list -g ${GUID} PK.crt PK.esl
+cert-to-efi-sig-list -g ${GUID} KEK.crt KEK.esl
+cert-to-efi-sig-list -g ${GUID} DB.crt DB.esl
 rm -f noPK.esl
 touch noPK.esl
 
-sign-efi-sig-list -t "$(date --date='1 second' +'%Y-%m-%d %H:%M:%S')" \
-                  -k PK.key -c PK.crt PK PK.esl PK.auth
-sign-efi-sig-list -t "$(date --date='1 second' +'%Y-%m-%d %H:%M:%S')" \
-                  -k PK.key -c PK.crt PK noPK.esl noPK.auth
-sign-efi-sig-list -t "$(date --date='1 second' +'%Y-%m-%d %H:%M:%S')" \
-                  -k PK.key -c PK.crt  KEK KEK.esl KEK.auth
-sign-efi-sig-list -t "$(date --date='1 second' +'%Y-%m-%d %H:%M:%S')" \
-                  -k KEK.key -c KEK.crt DB DB.esl DB.auth
+sign-efi-sig-list \
+    -t "$(date --date='1 second' +'%Y-%m-%d %H:%M:%S')" \
+    -k PK.key -c PK.crt \
+    PK PK.esl PK.auth
+sign-efi-sig-list \
+    -t "$(date --date='1 second' +'%Y-%m-%d %H:%M:%S')" \
+    -k PK.key -c PK.crt \
+    PK noPK.esl noPK.auth
+sign-efi-sig-list \
+    -t "$(date --date='1 second' +'%Y-%m-%d %H:%M:%S')" \
+    -k PK.key -c PK.crt \
+    KEK KEK.esl KEK.auth
+sign-efi-sig-list \
+    -t "$(date --date='1 second' +'%Y-%m-%d %H:%M:%S')" \
+    -k KEK.key -c KEK.crt \
+    DB DB.esl DB.auth
 
 chmod 0600 *.key