patos/scripts/sign-release.sh

#! /usr/bin/env nix-shell
#! nix-shell -i bash -p efitools

set -eux

mkdir signed
cp -L result/* signed/

loopdev=$(sudo losetup -f)
sudo losetup -P "$loopdev" signed/*.img
sudo mount "${loopdev}p1" /mnt -t vfat

sudo find signed/ /mnt/ -name "*.efi" -type f -exec sbsign --key <(echo "$DB_KEY") --cert <(echo "$DB_CRT") --output {} {} \;

sudo mkdir -p /mnt/loader/keys/patos
sudo cp keys/*.auth /mnt/loader/keys/patos/

sudo umount /mnt
sudo losetup -d "$loopdev"
feat: initial secure boot 2025-01-22 09:15:54 +01:00			`#! /usr/bin/env nix-shell`
			`#! nix-shell -i bash -p efitools`

			`set -eux`

			`mkdir signed`
			`cp -L result/* signed/`

			`loopdev=$(sudo losetup -f)`
			`sudo losetup -P "$loopdev" signed/*.img`
			`sudo mount "${loopdev}p1" /mnt -t vfat`

			`sudo find signed/ /mnt/ -name "*.efi" -type f -exec sbsign --key <(echo "$DB_KEY") --cert <(echo "$DB_CRT") --output {} {} \;`

			`sudo mkdir -p /mnt/loader/keys/patos`
			`sudo cp keys/*.auth /mnt/loader/keys/patos/`

			`sudo umount /mnt`
			`sudo losetup -d "$loopdev"`