fix(dracut.sh): handle sbsign errors for UEFI builds

`sbsign` does not issue any error if there is not enough disk space to create
the signed file using its `--output` option. So, verify the signed image after
its creation using `sbverify`.

Fixes issue #2197

diff --git a/dracut.sh b/dracut.sh
index 06d3d33793c9417a2a500703f5eb9ccc3b8ef797..91592084c3c1835a1039e0f630f85aff4f2afd22 100755 (executable)
--- a/dracut.sh
+++ b/dracut.sh
@@ -2496,9 +2496,11 @@ if [[ $uefi == yes ]]; then
                 ${uefi_secureboot_engine:+--engine "$uefi_secureboot_engine"} \
                 --key "${uefi_secureboot_key}" \
                 --cert "${uefi_secureboot_cert}" \
-                --output "$outfile" "${uefi_outdir}/linux.efi"; then
+                --output "$outfile" "${uefi_outdir}/linux.efi" \
+                && sbverify --cert "${uefi_secureboot_cert}" "$outfile" > /dev/null 2>&1; then
                 dinfo "*** Creating signed UEFI image file '$outfile' done ***"
             else
+                rm -f -- "$outfile"
                 dfatal "*** Creating signed UEFI image file '$outfile' failed ***"
                 exit 1
             fi