diff options
| author | Wolfgang Müller | 2025-02-03 20:05:25 +0100 |
|---|---|---|
| committer | Wolfgang Müller | 2025-02-03 20:05:25 +0100 |
| commit | 55bf648eaeb584ccedc520cb76cc82c71ce06939 (patch) | |
| tree | 9c2f48e50055cd7ac899d731862706366641783d | |
| parent | f31544bbd3cf4cc9bfc49a8a48e27ca0cde92736 (diff) | |
| download | portage-roles-55bf648eaeb584ccedc520cb76cc82c71ce06939.tar.gz | |
boot-efi: Have app-crypt/sbctl automatically sign systemd-bootx64
This commit introduces a hook into the sys-apps/systemd installation
process which will automatically sign its bootloader with sbctl if
available. This makes updates of sys-apps/systemd work without manual
intervention.
| -rw-r--r-- | boot-efi/env/sys-apps/systemd | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/boot-efi/env/sys-apps/systemd b/boot-efi/env/sys-apps/systemd index 91b83b4..37a11c9 100644 --- a/boot-efi/env/sys-apps/systemd +++ b/boot-efi/env/sys-apps/systemd @@ -1,3 +1,7 @@ -if test "${EBUILD_PHASE}" = "postinst"; then - bootctl --no-variables --graceful update -fi +post_pkg_postinst() { + if [[ "$(bootctl is-installed)" == "yes" ]] && command -v sbctl &>/dev/null; then + ebegin "Signing systemd-bootx64" + sbctl sign -s -o /usr/lib/systemd/boot/efi/systemd-bootx64.efi.signed /usr/lib/systemd/boot/efi/systemd-bootx64.efi + eend ${?} || ewarn "Signing systemd-bootx64 failed" + fi +} |