uefi-keys: Clean the code.

c3e10c23 · Ophélie Gagnard · d3b0bc51 · c3e10c23 · c3e10c23
Commit c3e10c23 authored Mar 16, 2023 by Ophélie Gagnard
Hide whitespace changes
Inline Side-by-side

Showing with 19 additions and 22 deletions

uefi-keys/dependencies.sh uefi-keys/dependencies.sh +1 -1

uefi-keys/make_keys.sh uefi-keys/make_keys.sh +18 -21

No files found.
--- a/uefi-keys/dependencies.sh
+++ b/uefi-keys/dependencies.sh
@@ -3,7 +3,7 @@
 set -e

 # get the root of the git repository (requires git to be installed)
-GIT_ROOT=`git rev-parse --show-toplevel`
+GIT_ROOT=$(git rev-parse --show-toplevel)
 cd ${GIT_ROOT}/uefi-keys/

 # generate efi certificates

--- a/uefi-keys/make_keys.sh
+++ b/uefi-keys/make_keys.sh
@@ -13,8 +13,8 @@
 set -e

 # get the root of the git repository (requires git to be installed)
-GIT_ROOT=`git rev-parse --show-toplevel`
-PROJECT_DIR=$GIT_ROOT
+GIT_ROOT=$(git rev-parse --show-toplevel)
+PROJECT_DIR="$GIT_ROOT"

 SERVER_GROUP=douai

@@ -25,9 +25,6 @@ PRIVATE_KEYS_DIR=${PROJECT_DIR}/${KEYS_DIR}/${SERVER_GROUP}
 PUBLIC_CERT_DIR=$(realpath -m "$PUBLIC_CERT_DIR")
 PRIVATE_KEYS_DIR=$(realpath -m "$PRIVATE_KEYS_DIR")

-
-
-
 cd -

 if [ ! -d "$KEYS_DIR" ]; then
@@ -35,7 +32,7 @@ if [ ! -d "$KEYS_DIR" ]; then
 	exit
 fi

-mkdir -p ${PRIVATE_KEYS_DIR} ${PUBLIC_CERT_DIR}
+mkdir -p "$PRIVATE_KEYS_DIR" "$PUBLIC_CERT_DIR"


 echo -n "Enter a Common Name to embed in the keys: "
@@ -50,32 +47,32 @@ openssl req -new -x509 -newkey rsa:2048 -subj "/CN=$NAME db/" -keyout ${PRIVATE_
        -out ${PUBLIC_CERT_DIR}/db.crt -days 3650 -nodes -sha256

 # Convert certificates from PEM to DER format (needed for some UEFI).
-openssl x509 -in ${PUBLIC_CERT_DIR}/PK.crt -out ${PUBLIC_CERT_DIR}/PK.cer -outform DER
-openssl x509 -in ${PUBLIC_CERT_DIR}/KEK.crt -out ${PUBLIC_CERT_DIR}/KEK.cer -outform DER
-openssl x509 -in ${PUBLIC_CERT_DIR}/db.crt -out ${PUBLIC_CERT_DIR}/db.cer -outform DER
+openssl x509 -in "$PUBLIC_CERT_DIR"/PK.crt -out "$PUBLIC_CERT_DIR"/PK.cer -outform DER
+openssl x509 -in "$PUBLIC_CERT_DIR"/KEK.crt -out "$PUBLIC_CERT_DIR"/KEK.cer -outform DER
+openssl x509 -in "$PUBLIC_CERT_DIR"/db.crt -out "$PUBLIC_CERT_DIR"/db.cer -outform DER

-GUID=`python3 -c 'import uuid; print(str(uuid.uuid1()))'`
-echo $GUID > ${PUBLIC_CERT_DIR}/myGUID.txt
+GUID=$(python3 -c 'import uuid; print(str(uuid.uuid1()))')
+echo "$GUID" > "$PUBLIC_CERT_DIR"/myGUID.txt

 # Create EFI signature lists.
-cert-to-efi-sig-list -g $GUID ${PUBLIC_CERT_DIR}/PK.crt ${PUBLIC_CERT_DIR}/PK.esl
-cert-to-efi-sig-list -g $GUID ${PUBLIC_CERT_DIR}/KEK.crt ${PUBLIC_CERT_DIR}/KEK.esl
-cert-to-efi-sig-list -g $GUID ${PUBLIC_CERT_DIR}/db.crt ${PUBLIC_CERT_DIR}/db.esl
+cert-to-efi-sig-list -g "$GUID" "$PUBLIC_CERT_DIR"/PK.crt "$PUBLIC_CERT_DIR"/PK.esl
+cert-to-efi-sig-list -g "$GUID" "$PUBLIC_CERT_DIR"/KEK.crt "$PUBLIC_CERT_DIR"/KEK.esl
+cert-to-efi-sig-list -g "$GUID" "$PUBLIC_CERT_DIR"/db.crt "$PUBLIC_CERT_DIR"/db.esl

-rm -f ${PUBLIC_CERT_DIR}/noPK.esl
-touch ${PUBLIC_CERT_DIR}/noPK.esl
+rm -f "$PUBLIC_CERT_DIR"/noPK.esl
+touch "$PUBLIC_CERT_DIR"/noPK.esl

 # Create authentication headers for secure variables update (needed for some UEFI).
 sign-efi-sig-list -t "$(date --date='1 second' +'%Y-%m-%d %H:%M:%S')" \
-                  -k ${PRIVATE_KEYS_DIR}/PK.key -c ${PUBLIC_CERT_DIR}/PK.crt PK ${PUBLIC_CERT_DIR}/PK.esl ${PUBLIC_CERT_DIR}/PK.auth
+                  -k "$PRIVATE_KEYS_DIR"/PK.key -c "$PUBLIC_CERT_DIR"/PK.crt PK "$PUBLIC_CERT_DIR"/PK.esl "$PUBLIC_CERT_DIR"/PK.auth
 sign-efi-sig-list -t "$(date --date='1 second' +'%Y-%m-%d %H:%M:%S')" \
-                  -k ${PRIVATE_KEYS_DIR}/PK.key -c ${PUBLIC_CERT_DIR}/PK.crt PK ${PUBLIC_CERT_DIR}/noPK.esl ${PUBLIC_CERT_DIR}/noPK.auth
+                  -k "$PRIVATE_KEYS_DIR"/PK.key -c "$PUBLIC_CERT_DIR"/PK.crt PK "$PUBLIC_CERT_DIR"/noPK.esl "$PUBLIC_CERT_DIR"/noPK.auth
 sign-efi-sig-list -t "$(date --date='1 second' +'%Y-%m-%d %H:%M:%S')" \
-                  -k ${PRIVATE_KEYS_DIR}/PK.key -c ${PUBLIC_CERT_DIR}/PK.crt KEK ${PUBLIC_CERT_DIR}/KEK.esl ${PUBLIC_CERT_DIR}/KEK.auth
+                  -k "$PRIVATE_KEYS_DIR"/PK.key -c "$PUBLIC_CERT_DIR"/PK.crt KEK "$PUBLIC_CERT_DIR"/KEK.esl "$PUBLIC_CERT_DIR"/KEK.auth
 sign-efi-sig-list -t "$(date --date='1 second' +'%Y-%m-%d %H:%M:%S')" \
-                  -k ${PRIVATE_KEYS_DIR}/KEK.key -c ${PUBLIC_CERT_DIR}/KEK.crt db ${PUBLIC_CERT_DIR}/db.esl ${PUBLIC_CERT_DIR}/db.auth
+                  -k "$PRIVATE_KEYS_DIR"/KEK.key -c "$PUBLIC_CERT_DIR"/KEK.crt db "$PUBLIC_CERT_DIR"/db.esl "$PUBLIC_CERT_DIR"/db.auth

-chmod 0600 ${PRIVATE_KEYS_DIR}/*.key
+chmod 0600 "$PRIVATE_KEYS_DIR"/*.key

 echo ""
 echo ""