From 8c400500de858a354e1ddbd76c3db9f9fa578ce6 Mon Sep 17 00:00:00 2001
From: Harald Pfeiffer <coding@lirion.de>
Date: Fri, 30 Apr 2021 10:56:23 +0200
Subject: more and sorted output, no arbitrary re-compr.

- Output will now simply tell what went fine and what not
- We will not recompress if we notice a module was already signed,
  instead, we will simply remove the decompressed file. So:
  xz -k, check, rm
---
 signko | 50 +++++++++++++++++++++++++++++++++++++++++++-------
 1 file changed, 43 insertions(+), 7 deletions(-)

diff --git a/signko b/signko
index 4114fa1..939081d 100755
--- a/signko
+++ b/signko
@@ -28,7 +28,7 @@ if [ ! -r private_key.priv ] || [ ! -r public_key.der ];then
 fi
 
 #printf "We will sign following kernel modules: %b.\n" "$(ls -amA /usr/lib/modules/"$(uname -r)"/extra/nvidia/nvidia{,-uvm}.ko)"
-printf "We will sign following kernel modules: %b.\n" "$(ls -amA /usr/lib/modules/"$KVER"/extra/nvidia/nvidia*.ko /usr/lib/modules/"$KVER"/extra/nvidia/nvidia*.ko.xz 2>/dev/null)"
+printf "We will sign following kernel modules:\\n%b.\\n" "$(ls -amA /usr/lib/modules/"$KVER"/extra/nvidia/nvidia*.ko /usr/lib/modules/"$KVER"/extra/nvidia/nvidia*.ko.xz 2>/dev/null)"
 read -rp "Is this OK? [y/N] " PROEMT
 case "$PROEMT" in
 	"y"|"Y"|"j"|"J") ;;
@@ -36,21 +36,57 @@ case "$PROEMT" in
 esac
 # shellcheck disable=SC2207
 SGDMODS=( $(ls -aA /usr/lib/modules/"$KVER"/extra/nvidia/nvidia*.ko.xz) )
+MSGND=0
+MSKIP=0
+IBAS="/dev/null"
 for i in "${SGDMODS[@]}";do
+	if ! sudo id -u 2>/dev/null|grep -P '^0$' >/dev/null;then
+		printf "Can't elevate to root.\\n" >&2
+		exit 23
+	fi
 	MODSIG=0 MODGOODSIG=0
-	sudo xz -vd "$i"||exit 4
+	IBAS="$(basename "$i")"
+	printf "[....] Extracting module %b\\033[s..." "$IBAS"
+	if sudo xz -kd "$i" >/dev/null 2>&1;then
+		printf "\\033[666D[ \\033[32mOK\\033[0m ]\\033[u\\033[K.\\n"
+	else
+		printf "\\033[666D[\\033[31mFAIL\\033[0m]\\033[u\\033[K.\\n"
+		exit 4
+	fi
 	MMOD="$(printf "%b" "$i"|sed 's/\.xz$//')"
+	printf "[....] Signing module %b\\033[s..." "$IBAS"
 	if sudo modinfo "$MMOD"|grep '^sig_id:'|grep 'PKCS#7$' >/dev/null; then MODSIG=1; fi
 	if sudo modinfo "$MMOD"|grep '^signer:'|grep "$SIGNER\$" > /dev/null; then MODGOODSIG=1; fi
 	if [ "$MODSIG" -ne 1 ] || [ "$MODGOODSIG" -ne 1 ];then
-		printf "Signing %b..." "$i"
 		sudo /usr/src/kernels/"$KVER"/scripts/sign-file sha256 private_key.priv public_key.der "$MMOD"
 		case "$?" in
-			0) printf " OK.\n";;
-			*) printf "FAILED!\n";exit 3;;
+			0)
+				MSGND="$((MSGND+1))"
+				printf "\\033[666D[ \\033[32mOK\\033[0m ]\\033[u\\033[K.\\n"
+			;;
+			*)
+				printf "\\033[666D[\\033[31mFAIL\\033[0m]\\033[u\\033[K.\\n"
+				exit 3
+			;;
 		esac
 	else
-		printf "%b is already properly signed.\n" "$(basename "$i")"
+		MSKIP="$((MSKIP+1))"
+		printf "\\033[666D[\\033[1;30mSKIP\\033[0m]\\033[u\\033[K (already signed)\\n"
+	fi
+	if [ "$MODSIG" -ne 1 ] || [ "$MODGOODSIG" -ne 1 ];then
+		printf "[....] Compressing module %b\\033[s..." "$IBAS"
+		if sudo xz "$MMOD" >/dev/null 2>&1;then
+			printf "\\033[666D[ \\033[32mOK\\033[0m ]\\033[u\\033[K.\\n"
+		else
+			printf "\\033[666D[\\033[31mFAIL\\033[0m]\\033[u\\033[K.\\n"
+			exit 5
+		fi
+	else
+		sudo rm -f "$MMOD"||exit 117
 	fi
-	sudo xz -v "$MMOD"||exit 5
 done
+printf "Summary:\\n"
+(
+ printf "Signed:;%b\\n" "$MSGND"
+ printf "Skipped:;%b\\n" "$MSKIP"
+)|column -ts\;
-- 
cgit v1.2.3