From 55bf648eaeb584ccedc520cb76cc82c71ce06939 Mon Sep 17 00:00:00 2001
From: Wolfgang Müller
Date: Mon, 3 Feb 2025 20:05:25 +0100
Subject: boot-efi: Have app-crypt/sbctl automatically sign systemd-bootx64

This commit introduces a hook into the sys-apps/systemd installation
process which will automatically sign its bootloader with sbctl if
available. This makes updates of sys-apps/systemd work without manual
intervention.
---
 boot-efi/env/sys-apps/systemd | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

(limited to 'boot-efi/env/sys-apps')

diff --git a/boot-efi/env/sys-apps/systemd b/boot-efi/env/sys-apps/systemd
index 91b83b4..37a11c9 100644
--- a/boot-efi/env/sys-apps/systemd
+++ b/boot-efi/env/sys-apps/systemd
@@ -1,3 +1,7 @@
-if test "${EBUILD_PHASE}" = "postinst"; then
-	bootctl --no-variables --graceful update
-fi
+post_pkg_postinst() {
+	if [[ "$(bootctl is-installed)" == "yes" ]] && command -v sbctl &>/dev/null; then
+		ebegin "Signing systemd-bootx64"
+		sbctl sign -s -o /usr/lib/systemd/boot/efi/systemd-bootx64.efi.signed /usr/lib/systemd/boot/efi/systemd-bootx64.efi
+		eend ${?} || ewarn "Signing systemd-bootx64 failed"
+	fi
+}
-- 
cgit v1.2.3-2-gb3c3