diff options
| author | Harald Pfeiffer <coding _ lirion.de> | 2021-04-30 10:56:23 +0200 |
|---|---|---|
| committer | Harald Pfeiffer <coding _ lirion.de> | 2021-04-30 10:56:23 +0200 |
| commit | 8c400500de858a354e1ddbd76c3db9f9fa578ce6 (patch) | |
| tree | 556a633e5b63829b9f13b110582ae9c3f1b84fb9 | |
| parent | 69f1bdba2b4eb0383d3cbbafe1a4d90a352f3f19 (diff) | |
| download | nvidia-signdriver-8c400500de858a354e1ddbd76c3db9f9fa578ce6.tar.bz2 | |
more and sorted output, no arbitrary re-compr.
- Output will now simply tell what went fine and what not
- We will not recompress if we notice a module was already signed,
instead, we will simply remove the decompressed file. So:
xz -k, check, rm
| -rwxr-xr-x | signko | 50 |
1 files changed, 43 insertions, 7 deletions
@@ -28,7 +28,7 @@ if [ ! -r private_key.priv ] || [ ! -r public_key.der ];then fi #printf "We will sign following kernel modules: %b.\n" "$(ls -amA /usr/lib/modules/"$(uname -r)"/extra/nvidia/nvidia{,-uvm}.ko)" -printf "We will sign following kernel modules: %b.\n" "$(ls -amA /usr/lib/modules/"$KVER"/extra/nvidia/nvidia*.ko /usr/lib/modules/"$KVER"/extra/nvidia/nvidia*.ko.xz 2>/dev/null)" +printf "We will sign following kernel modules:\\n%b.\\n" "$(ls -amA /usr/lib/modules/"$KVER"/extra/nvidia/nvidia*.ko /usr/lib/modules/"$KVER"/extra/nvidia/nvidia*.ko.xz 2>/dev/null)" read -rp "Is this OK? [y/N] " PROEMT case "$PROEMT" in "y"|"Y"|"j"|"J") ;; @@ -36,21 +36,57 @@ case "$PROEMT" in esac # shellcheck disable=SC2207 SGDMODS=( $(ls -aA /usr/lib/modules/"$KVER"/extra/nvidia/nvidia*.ko.xz) ) +MSGND=0 +MSKIP=0 +IBAS="/dev/null" for i in "${SGDMODS[@]}";do + if ! sudo id -u 2>/dev/null|grep -P '^0$' >/dev/null;then + printf "Can't elevate to root.\\n" >&2 + exit 23 + fi MODSIG=0 MODGOODSIG=0 - sudo xz -vd "$i"||exit 4 + IBAS="$(basename "$i")" + printf "[....] Extracting module %b\\033[s..." "$IBAS" + if sudo xz -kd "$i" >/dev/null 2>&1;then + printf "\\033[666D[ \\033[32mOK\\033[0m ]\\033[u\\033[K.\\n" + else + printf "\\033[666D[\\033[31mFAIL\\033[0m]\\033[u\\033[K.\\n" + exit 4 + fi MMOD="$(printf "%b" "$i"|sed 's/\.xz$//')" + printf "[....] Signing module %b\\033[s..." "$IBAS" if sudo modinfo "$MMOD"|grep '^sig_id:'|grep 'PKCS#7$' >/dev/null; then MODSIG=1; fi if sudo modinfo "$MMOD"|grep '^signer:'|grep "$SIGNER\$" > /dev/null; then MODGOODSIG=1; fi if [ "$MODSIG" -ne 1 ] || [ "$MODGOODSIG" -ne 1 ];then - printf "Signing %b..." "$i" sudo /usr/src/kernels/"$KVER"/scripts/sign-file sha256 private_key.priv public_key.der "$MMOD" case "$?" in - 0) printf " OK.\n";; - *) printf "FAILED!\n";exit 3;; + 0) + MSGND="$((MSGND+1))" + printf "\\033[666D[ \\033[32mOK\\033[0m ]\\033[u\\033[K.\\n" + ;; + *) + printf "\\033[666D[\\033[31mFAIL\\033[0m]\\033[u\\033[K.\\n" + exit 3 + ;; esac else - printf "%b is already properly signed.\n" "$(basename "$i")" + MSKIP="$((MSKIP+1))" + printf "\\033[666D[\\033[1;30mSKIP\\033[0m]\\033[u\\033[K (already signed)\\n" + fi + if [ "$MODSIG" -ne 1 ] || [ "$MODGOODSIG" -ne 1 ];then + printf "[....] Compressing module %b\\033[s..." "$IBAS" + if sudo xz "$MMOD" >/dev/null 2>&1;then + printf "\\033[666D[ \\033[32mOK\\033[0m ]\\033[u\\033[K.\\n" + else + printf "\\033[666D[\\033[31mFAIL\\033[0m]\\033[u\\033[K.\\n" + exit 5 + fi + else + sudo rm -f "$MMOD"||exit 117 fi - sudo xz -v "$MMOD"||exit 5 done +printf "Summary:\\n" +( + printf "Signed:;%b\\n" "$MSGND" + printf "Skipped:;%b\\n" "$MSKIP" +)|column -ts\; |