From: Antonio Alvarez Feijoo <antonio.feijoo@suse.com>
Date: Mon, 13 Feb 2023 10:13:00 +0000 (+0100)
Subject: fix(dracut.sh): handle sbsign errors for UEFI builds
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a6dd5bfb9a514a3bf650cc1e8d4311c05e9b968c;p=thirdparty%2Fdracut.git

fix(dracut.sh): handle sbsign errors for UEFI builds

`sbsign` does not issue any error if there is not enough disk space to create
the signed file using its `--output` option. So, verify the signed image after
its creation using `sbverify`.

Fixes issue #2197
---

diff --git a/dracut.sh b/dracut.sh
index 06d3d3379..91592084c 100755
--- a/dracut.sh
+++ b/dracut.sh
@@ -2496,9 +2496,11 @@ if [[ $uefi == yes ]]; then
                 ${uefi_secureboot_engine:+--engine "$uefi_secureboot_engine"} \
                 --key "${uefi_secureboot_key}" \
                 --cert "${uefi_secureboot_cert}" \
-                --output "$outfile" "${uefi_outdir}/linux.efi"; then
+                --output "$outfile" "${uefi_outdir}/linux.efi" \
+                && sbverify --cert "${uefi_secureboot_cert}" "$outfile" > /dev/null 2>&1; then
                 dinfo "*** Creating signed UEFI image file '$outfile' done ***"
             else
+                rm -f -- "$outfile"
                 dfatal "*** Creating signed UEFI image file '$outfile' failed ***"
                 exit 1
             fi