Passes along one or more public keys to the grub-mkimage invocation Signed-off-by: Jon McCune <jonmcc...@google.com> --- util/grub-install.in | 19 +++++++++++++++---- util/grub-install_header | 6 ++++++ 2 files changed, 21 insertions(+), 4 deletions(-)
diff --git a/util/grub-install.in b/util/grub-install.in index 1816bb1..034cf10 100644 --- a/util/grub-install.in +++ b/util/grub-install.in @@ -650,10 +650,21 @@ case "${grub_modinfo_target_cpu}-${grub_modinfo_platform}" in *) imgext=img ;; esac +pubkey_file_arg="" +if [ x"$pubkey_file_list" != x ]; then + for file in $pubkey_file_list; do + if [ ! -e "$file" ]; then + gettext_printf "Public key file %s not found.\n" "${file}" 1>&2 + exit 1 + fi + pubkey_file_arg="$pubkey_file_arg --pubkey=$file" + done +fi + if [ x"$config_opt_file" = x ]; then - "$grub_mkimage" -d "${source_directory}" -O "${mkimage_target}" --output="${grubdir}/${grub_modinfo_target_cpu}-$grub_modinfo_platform/core.${imgext}" --prefix="${prefix_drive}${relative_grubdir}" $grub_decompression_module $modules || exit 1 + "$grub_mkimage" $pubkey_file_arg -d "${source_directory}" -O "${mkimage_target}" --output="${grubdir}/${grub_modinfo_target_cpu}-$grub_modinfo_platform/core.${imgext}" --prefix="${prefix_drive}${relative_grubdir}" $grub_decompression_module $modules || exit 1 else - "$grub_mkimage" -c "${config_opt_file}" -d "${source_directory}" -O "${mkimage_target}" --output="${grubdir}/${grub_modinfo_target_cpu}-$grub_modinfo_platform/core.${imgext}" --prefix="${prefix_drive}${relative_grubdir}" $grub_decompression_module $modules || exit 1 + "$grub_mkimage" -c "${config_opt_file}" $pubkey_file_arg -d "${source_directory}" -O "${mkimage_target}" --output="${grubdir}/${grub_modinfo_target_cpu}-$grub_modinfo_platform/core.${imgext}" --prefix="${prefix_drive}${relative_grubdir}" $grub_decompression_module $modules || exit 1 fi # Backward-compatibility kludges @@ -664,9 +675,9 @@ elif [ "${grub_modinfo_target_cpu}-${grub_modinfo_platform}" = "i386-ieee1275" ] elif [ "${grub_modinfo_target_cpu}-${grub_modinfo_platform}" = "i386-efi" ] || [ "${grub_modinfo_target_cpu}-${grub_modinfo_platform}" = "x86_64-efi" ]; then if [ x"$config_opt_file" = x ]; then - "$grub_mkimage" -d "${source_directory}" -O "${mkimage_target}" --output="${grubdir}/${grub_modinfo_target_cpu}-$grub_modinfo_platform/grub.efi" --prefix="" $grub_decompression_module $modules || exit 1 + "$grub_mkimage" $pubkey_file_arg -d "${source_directory}" -O "${mkimage_target}" --output="${grubdir}/${grub_modinfo_target_cpu}-$grub_modinfo_platform/grub.efi" --prefix="" $grub_decompression_module $modules || exit 1 else - "$grub_mkimage" -c "${config_opt_file}" -d "${source_directory}" -O "${mkimage_target}" --output="${grubdir}/${grub_modinfo_target_cpu}-$grub_modinfo_platform/grub.efi" --prefix="" $grub_decompression_module $modules || exit 1 + "$grub_mkimage" -c "${config_opt_file}" $pubkey_file_arg -d "${source_directory}" -O "${mkimage_target}" --output="${grubdir}/${grub_modinfo_target_cpu}-$grub_modinfo_platform/grub.efi" --prefix="" $grub_decompression_module $modules || exit 1 fi fi diff --git a/util/grub-install_header b/util/grub-install_header index cf7fa9d..5ea27d6 100644 --- a/util/grub-install_header +++ b/util/grub-install_header @@ -156,6 +156,7 @@ grub_print_install_files_help () { dir_msg="$(gettext_printf "use images and modules under DIR [default=%s/<platform>]" "${libdir}/@PACKAGE@")" print_option_help "-d, --directory=$(gettext "DIR")" "$dir_msg" print_option_help "--grub-mkimage=$(gettext "FILE")" "$(gettext "use FILE as grub-mkimage")" + print_option_help "-k, --pubkey=$(gettext "FILE")" "$(gettext "embed FILE as public key for signature checking")" print_option_help "-v, --version" "$(gettext "print the version information and exit")" } @@ -168,6 +169,7 @@ grub_decompression_module="" compressor="" compressor_opts="" source_directory="" +pubkey_file_list="" argument () { opt=$1 @@ -245,6 +247,10 @@ grub_process_install_options () { grub_mkimage=`argument $option "$@"`; grub_process_install_options_consumed=2 ;; --grub-mkimage=*) grub_mkimage=`echo "$option" | sed 's/--grub-mkimage=//'`;grub_process_install_options_consumed=1 ;; + --pubkey | -k) + pubkey_file_list=`echo -n "$pubkey_file_list "; argument $option "$@"`; grub_process_install_options_consumed=2;; + --pubkey=*) + pubkey_file_list=`echo -n "$pubkey_file_list "; echo "$option" | sed 's/--pubkey=//'` grub_process_install_options_consumed=1;; --modules) modules=`argument $option "$@"`; grub_process_install_options_consumed=2;; --modules=*) -- 1.8.4 _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel