summaryrefslogtreecommitdiff
path: root/debian/generate_dbx_list
diff options
context:
space:
mode:
Diffstat (limited to 'debian/generate_dbx_list')
-rwxr-xr-xdebian/generate_dbx_list27
1 files changed, 27 insertions, 0 deletions
diff --git a/debian/generate_dbx_list b/debian/generate_dbx_list
new file mode 100755
index 00000000..95ec3e9e
--- /dev/null
+++ b/debian/generate_dbx_list
@@ -0,0 +1,27 @@
+#!/bin/sh
+#
+# Helper script - generate a DBX file for inclusion into a shim build
+#
+# Takes an input file (e.g. debian-dbx.hashes) with data in the form
+#
+# <hex-encoded sha256 checksums> <arch>
+#
+# and generates a siglist of the hashes for just the architecture we
+# want. No point including all the hashes for all the arches, it just
+# bloats things and slows things down.
+
+set -e
+
+ARCH=$1
+IN=$2
+OUT=$3
+
+rm -f $OUT
+for HASH in $(grep -E "[[:xdigit:]]{32} $ARCH" < $IN | \
+ awk '{print $1}' | sort | uniq); do
+ echo " Adding $HASH to dbx list"
+ efisiglist -o $OUT -a -h $HASH
+done
+
+# If we have an empty hashes file, create an empty DBX file
+touch $OUT