#! /usr/bin/env nix-shell
#! nix-shell -i bash -p efitools

set -eux

mkdir signed
cp -L result/* signed/

loopdev=$(sudo losetup -f)
sudo losetup -P "$loopdev" signed/*.img
sudo mount "${loopdev}p1" /mnt -t vfat

sudo find signed/ /mnt/ -name "*.efi" -type f -exec sbsign --key <(echo "$DB_KEY") --cert <(echo "$DB_CRT") --output {} {} \;

sudo mkdir -p /mnt/loader/keys/patos
sudo cp keys/*.auth /mnt/loader/keys/patos/

sudo umount /mnt
sudo losetup -d "$loopdev"