git.lirion.de

Of git, get, and gud

aboutsummaryrefslogtreecommitdiffstats
path: root/signko
diff options
context:
space:
mode:
authormail_redacted_for_web 2021-04-30 10:56:23 +0200
committermail_redacted_for_web 2021-04-30 10:56:23 +0200
commit8c400500de858a354e1ddbd76c3db9f9fa578ce6 (patch)
tree556a633e5b63829b9f13b110582ae9c3f1b84fb9 /signko
parent69f1bdba2b4eb0383d3cbbafe1a4d90a352f3f19 (diff)
downloadnvidia-signdriver-8c400500de858a354e1ddbd76c3db9f9fa578ce6.tar.bz2
more and sorted output, no arbitrary re-compr.
- Output will now simply tell what went fine and what not - We will not recompress if we notice a module was already signed, instead, we will simply remove the decompressed file. So: xz -k, check, rm
Diffstat (limited to 'signko')
-rwxr-xr-xsignko50
1 files changed, 43 insertions, 7 deletions
diff --git a/signko b/signko
index 4114fa1..939081d 100755
--- a/signko
+++ b/signko
@@ -28,7 +28,7 @@ if [ ! -r private_key.priv ] || [ ! -r public_key.der ];then
fi
#printf "We will sign following kernel modules: %b.\n" "$(ls -amA /usr/lib/modules/"$(uname -r)"/extra/nvidia/nvidia{,-uvm}.ko)"
-printf "We will sign following kernel modules: %b.\n" "$(ls -amA /usr/lib/modules/"$KVER"/extra/nvidia/nvidia*.ko /usr/lib/modules/"$KVER"/extra/nvidia/nvidia*.ko.xz 2>/dev/null)"
+printf "We will sign following kernel modules:\\n%b.\\n" "$(ls -amA /usr/lib/modules/"$KVER"/extra/nvidia/nvidia*.ko /usr/lib/modules/"$KVER"/extra/nvidia/nvidia*.ko.xz 2>/dev/null)"
read -rp "Is this OK? [y/N] " PROEMT
case "$PROEMT" in
"y"|"Y"|"j"|"J") ;;
@@ -36,21 +36,57 @@ case "$PROEMT" in
esac
# shellcheck disable=SC2207
SGDMODS=( $(ls -aA /usr/lib/modules/"$KVER"/extra/nvidia/nvidia*.ko.xz) )
+MSGND=0
+MSKIP=0
+IBAS="/dev/null"
for i in "${SGDMODS[@]}";do
+ if ! sudo id -u 2>/dev/null|grep -P '^0$' >/dev/null;then
+ printf "Can't elevate to root.\\n" >&2
+ exit 23
+ fi
MODSIG=0 MODGOODSIG=0
- sudo xz -vd "$i"||exit 4
+ IBAS="$(basename "$i")"
+ printf "[....] Extracting module %b\\033[s..." "$IBAS"
+ if sudo xz -kd "$i" >/dev/null 2>&1;then
+ printf "\\033[666D[ \\033[32mOK\\033[0m ]\\033[u\\033[K.\\n"
+ else
+ printf "\\033[666D[\\033[31mFAIL\\033[0m]\\033[u\\033[K.\\n"
+ exit 4
+ fi
MMOD="$(printf "%b" "$i"|sed 's/\.xz$//')"
+ printf "[....] Signing module %b\\033[s..." "$IBAS"
if sudo modinfo "$MMOD"|grep '^sig_id:'|grep 'PKCS#7$' >/dev/null; then MODSIG=1; fi
if sudo modinfo "$MMOD"|grep '^signer:'|grep "$SIGNER\$" > /dev/null; then MODGOODSIG=1; fi
if [ "$MODSIG" -ne 1 ] || [ "$MODGOODSIG" -ne 1 ];then
- printf "Signing %b..." "$i"
sudo /usr/src/kernels/"$KVER"/scripts/sign-file sha256 private_key.priv public_key.der "$MMOD"
case "$?" in
- 0) printf " OK.\n";;
- *) printf "FAILED!\n";exit 3;;
+ 0)
+ MSGND="$((MSGND+1))"
+ printf "\\033[666D[ \\033[32mOK\\033[0m ]\\033[u\\033[K.\\n"
+ ;;
+ *)
+ printf "\\033[666D[\\033[31mFAIL\\033[0m]\\033[u\\033[K.\\n"
+ exit 3
+ ;;
esac
else
- printf "%b is already properly signed.\n" "$(basename "$i")"
+ MSKIP="$((MSKIP+1))"
+ printf "\\033[666D[\\033[1;30mSKIP\\033[0m]\\033[u\\033[K (already signed)\\n"
+ fi
+ if [ "$MODSIG" -ne 1 ] || [ "$MODGOODSIG" -ne 1 ];then
+ printf "[....] Compressing module %b\\033[s..." "$IBAS"
+ if sudo xz "$MMOD" >/dev/null 2>&1;then
+ printf "\\033[666D[ \\033[32mOK\\033[0m ]\\033[u\\033[K.\\n"
+ else
+ printf "\\033[666D[\\033[31mFAIL\\033[0m]\\033[u\\033[K.\\n"
+ exit 5
+ fi
+ else
+ sudo rm -f "$MMOD"||exit 117
fi
- sudo xz -v "$MMOD"||exit 5
done
+printf "Summary:\\n"
+(
+ printf "Signed:;%b\\n" "$MSGND"
+ printf "Skipped:;%b\\n" "$MSKIP"
+)|column -ts\;