23 lines
579 B
Bash
23 lines
579 B
Bash
#!/bin/sh
|
|
set -ex -uo pipefail
|
|
|
|
SETUP_MODE=$(sbctl status --json | jq -r '.setup_mode')
|
|
|
|
[ "$SETUP_MODE" = "false" ] && exit 0
|
|
|
|
cat <<EOL> /run/sbctl.yml
|
|
---
|
|
keydir: /sysroot/boot/sbctl/keys
|
|
guid: /sysroot/boot/sbctl/GUID
|
|
EOL
|
|
|
|
ESP=$(blkid --label ESP)
|
|
|
|
mount $ESP /sysroot/boot && \
|
|
sbctl --config /run/sbctl.yml create-keys && \
|
|
sbctl --config /run/sbctl.yml enroll-keys --yolo && \
|
|
# Sign EFIs
|
|
find /sysroot/boot -type f \( -iname "*.efi" -o -iname "*.EFI" \) -print0 | xargs -I {} sbctl --config /run/sbctl.yml sign {}
|
|
|
|
umount /sysroot/boot && \
|
|
systemctl reboot -f
|