shim-signed 1.34.9+13-0ubuntu2 / postinst

This file is indexed.

postinst is in shim-signed 1.34.9+13-0ubuntu2.

This file is a maintainer script. It is executed when installing (*inst) or removing (*rm) the package.

The actual contents of the file can be viewed below. 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
#! /bin/sh
set -e

# Must load the confmodule for our template to be installed correctly.
. /usr/share/debconf/confmodule

config_item ()
{
    if [ -f /etc/default/grub ]; then
	. /etc/default/grub || return
	for x in /etc/default/grub.d/*.cfg; do
	    if [ -e "$x" ]; then
		. "$x"
	    fi
	done
    fi
    eval echo "\$$1"
}

sign_dkms_modules()
{
	for kern in `dpkg -l linux-image-[0-9]\* | awk '/^ii/ { sub("linux-image-","",$2); print $2 }'`;
	do
		for dkms in `dkms status -k $(uname -r) | grep 'installed' | awk -F,\  '{print $1"/"$2}'`;
		do
			dkms uninstall -k "$kern" "$dkms" || :
			if ! dkms status -k "$kern" "$dkms" | grep -q 'built$'
			then
				cat <<EOF

shim-signed: failed to prepare dkms module for signing; ignoring.
  module: $dkms
  kernel: $kern
EOF
				continue
			fi
			mods=$(find /var/lib/dkms/${dkms}/${kern}/$(uname -m)/module/ -name "*.ko")
			for mod in $mods; do
				kmodsign sha512 \
					/var/lib/shim-signed/mok/MOK.priv \
					/var/lib/shim-signed/mok/MOK.der \
					$mod
			done
			dkms install -k "$kern" "${dkms}"
		done
	done
}

case $1 in
    triggered)
	if [ -e /var/lib/shim-signed/mok/MOK.priv ]; then
	    SHIM_NOTRIGGER=y update-secureboot-policy --enroll-key
	fi
	;;
    configure)
	bootloader_id="$(config_item GRUB_DISTRIBUTOR | tr A-Z a-z | \
			 cut -d' ' -f1)"
	case $bootloader_id in
	    kubuntu) bootloader_id=ubuntu ;;
	esac
	if [ "$bootloader_id" ] && [ -d "/boot/efi/EFI/$bootloader_id" ] \
	   && which grub-install >/dev/null 2>&1
	then
	    grub-install --target=x86_64-efi
            if dpkg --compare-versions "$2" lt-nl "1.22~"; then
                rm -f /boot/efi/EFI/ubuntu/MokManager.efi
            fi
	fi

	# Upgrade case, capture pre-existing DKMS packages.
	if dpkg --compare-versions "$2" lt-nl "1.30" \
	   && [ -d /var/lib/dkms ]
	then
		find /var/lib/dkms -maxdepth 1 -type d -print \
		| LC_ALL=C sort	> /var/lib/shim-signed/dkms-list
	fi

	# Upgrade case, migrate all existing kernels/dkms module combinations
	# to self-signed modules.
	if dpkg --compare-versions "$2" lt "1.34.7" \
	   && [ -d /var/lib/dkms ]
	then
		SHIM_NOTRIGGER=y update-secureboot-policy --new-key
		sign_dkms_modules
		SHIM_NOTRIGGER=y update-secureboot-policy --enroll-key
	fi
	;;
esac



exit 0

APT Browse - Built by Thomas Orozco.