| #!/bin/bash -ex |
| |
| signed="test.signed" |
| unsigned="test.unsigned" |
| |
| "$sbsign" --cert "$cert" --key "$key" --output "$signed" "$image" |
| cp "$signed" "$unsigned" |
| "$sbattach" --remove "$unsigned" |
| |
| # ensure that there is no security directory |
| objdump -p $unsigned | grep -q '0\+ 0\+ Security Directory' |
| |
| ## |
| # somewhat tricky: i386 pecoff binaries can be too short, so we add padding |
| # when signing, so make sure the sizes match modulo the padding |
| ## |
| # ensure that the unsigned file is the same size as our original binary |
| [ $(( ($(stat --format=%s "$image")+7)&~7)) -eq $(( ($(stat --format=%s "$unsigned")+7)&~7)) ] |
| |