File: shim-signed.postinst

package info (click to toggle)
shim-signed 1.44
  • links: PTS, VCS
  • area: main
  • in suites: sid, trixie
  • size: 2,112 kB
  • sloc: sh: 297; python: 48; makefile: 39
file content (105 lines) | stat: -rwxr-xr-x 2,561 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
 
#! /bin/sh
set -e

#DEBHELPER#

# If we're not on an EFI system, do nothing else
if [ ! -d /sys/firmware/efi ]; then
    exit 0
fi

# Must load the confmodule for our template to be installed correctly.
. /usr/share/debconf/confmodule

# Select the right target architecture for grub-install
ARCH=$(dpkg --print-architecture)
case ${ARCH} in
    i386|amd64)
	FW_SIZE=$(cat /sys/firmware/efi/fw_platform_size)
	if [ "$FW_SIZE"x = "32"x ]; then
	    GRUB_EFI_TARGET="i386-efi"
	elif [ "$FW_SIZE"x = "64"x ]; then
	    GRUB_EFI_TARGET="x86_64-efi"
	else
	    echo "Unable to read a valid value from fw_platform_size, ABORT"
	    exit 1
	fi
	;;
    arm64)
	GRUB_EFI_TARGET="arm64-efi"
	;;
    *)
	echo "Unsupported dpkg architecture ${ARCH} in $0. ABORT"
	exit 1
	;;
esac

# Pull out a config value from /etc/default/grub
config_item ()
{
    if [ -f /etc/default/grub ]; then
	. /etc/default/grub || return
	for x in /etc/default/grub.d/*.cfg; do
	    if [ -e "$x" ]; then
		# Lose any output here so we don't confuse our
		# caller. The xen packages echo stuff here, Aargh!
		. "$x" > /dev/null
	    fi
	done
    fi
    eval echo "\$$1"
}

# Call grub-install but don't fail on errors. Let's not break upgrades
run_grub_install()
{
    if ! grub-install $@ ; then
        echo "Failed: grub-install $@" >&2
        echo "WARNING: Bootloader is not properly installed, system may not be bootable" >&2
    fi
}

case $1 in
    configure)
	bootloader_id="$(config_item GRUB_DISTRIBUTOR | tr A-Z a-z | \
			 cut -d' ' -f1)"
	case $bootloader_id in
	    kubuntu) bootloader_id=ubuntu ;;
	esac

	# Call grub-install to make sure we're added to the ESP as
	# needed
	if [ "$bootloader_id" ] && \
	   [ -d "/boot/efi/EFI/$bootloader_id" ] && \
	   which grub-install >/dev/null 2>&1
	then
	    # Check for some of the options that matter, so we can
	    # call grub-install safely without dropping them
	    OPTIONS=""

	    db_get grub2/force_efi_extra_removable || RET=false
	    if [ "$RET" = true ]; then
		OPTIONS="$OPTIONS --force-extra-removable"
	    fi

	    db_get grub2/update_nvram || RET=true
	    if [ "$RET" = false ]; then
		OPTIONS="$OPTIONS --no-nvram"
	    fi

	    run_grub_install --target=${GRUB_EFI_TARGET} $OPTIONS

            if dpkg --compare-versions "$2" lt-nl "1.22~"; then
                rm -f /boot/efi/EFI/ubuntu/MokManager.efi
            fi
	fi

	# Finally, trigger the policy script from the -common package
	if which update-secureboot-policy >/dev/null 2>&1; then
	    SHIM_NOTRIGGER=y update-secureboot-policy
	fi
	;;
esac

exit 0