[thirdparty/systemd.git] / mkosi.images / system / mkosi.extra / usr / lib / systemd / mkosi-check-and-shutdown.sh

#!/bin/bash -eux
# SPDX-License-Identifier: LGPL-2.1-or-later

systemctl --failed --no-legend | tee /failed-services

# Check that secure boot keys were properly enrolled.
if ! systemd-detect-virt --container && \
   cmp /sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c <(printf '\6\0\0\0\1')
then
    cmp /sys/firmware/efi/efivars/SetupMode-8be4df61-93ca-11d2-aa0d-00e098032b8c <(printf '\6\0\0\0\0')

    if command -v sbsign &>/dev/null; then
        cat /proc/cmdline
        grep -q this_should_be_here /proc/cmdline
        (! grep -q this_should_not_be_here /proc/cmdline)
    fi
fi

# Exit with non-zero EC if the /failed-services file is not empty (we have -e set)
[[ ! -s /failed-services ]]
Commit	Line	Data
24acd406 FS	1	#!/bin/bash -eux
	2	# SPDX-License-Identifier: LGPL-2.1-or-later
	3
	4	systemctl --failed --no-legend \| tee /failed-services
	5
2de6cc18	6	# Check that secure boot keys were properly enrolled.
d1c29b51 DDM	7	if ! systemd-detect-virt --container && \
	8	cmp /sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c <(printf '\6\0\0\0\1')
	9	then
2de6cc18	10	cmp /sys/firmware/efi/efivars/SetupMode-8be4df61-93ca-11d2-aa0d-00e098032b8c <(printf '\6\0\0\0\0')
d9c8cf40 FS	11
	12	if command -v sbsign &>/dev/null; then
	13	cat /proc/cmdline
	14	grep -q this_should_be_here /proc/cmdline
	15	(! grep -q this_should_not_be_here /proc/cmdline)
	16	fi
2de6cc18 JJ	17	fi
2de6cc18 JJ	18
24acd406 FS	19	# Exit with non-zero EC if the /failed-services file is not empty (we have -e set)
24acd406 FS	20	[[ ! -s /failed-services ]]