install.fish

@@ -2,9 +2,6 @@
 cp ./src/snap-pac-uki.fish /usr/local/bin/snap-pac-uki
 echo "installed creation script."
 
-cp ./src/config.fish /etc/snap-pac-uki/config.fish
-echo "installed config script."
-
 cp ./pacman/* /usr/share/libalpm/hooks/
 echo "installed pacman hooks."
 

src/config.fish

@@ -1,44 +0,0 @@
-function config -d "sets some configuration variables"
-
-    # A directory where ukis can be built.
-    #
-    # It is recommended to keep this within /tmp, as the generated data will not
-    # be needed later.
-    # It is recommended to not set this to a path with data inside. This program
-    # will sometimes remove all content of specific subfolders.
-    set -g CFG_BUILD_DIR "/tmp/snap-pac-uki"
-
-    # The subvolume to use on the kernel command line when generating current
-    # images.
-    set -g CFG_DEFAULT_SUBVOL "@"
-
-    # The device the EFI partition resides on
-    set -g CFG_EFI_DEV "/dev/nvme0n1"
-
-    # The "efi directory" that will contain the ukis
-    set -g CFG_EFI_PATH "\EFI\Linux"
-
-    # The efi partitions number on the device
-    set -g CFG_EFI_PART "1"
-
-    # The snapper config name
-    set -g CFG_SNAPSHOT_CONFIG "root"
-
-    # The linux fs path containing all snapshot data
-    set -g CFG_SNAPSHOT_PATH "/.snapshots"
-
-    # The name of the subvolume containing all snapshots
-    set -g CFG_SNAPSHOT_SUBVOL "@snapshots"
-
-    # The directory to put uki files in
-    set -g CFG_UKI_DIR "/efi/EFI/Linux"
-
-    # Whether generated uki files should be signed
-    set -g CFG_SECUREBOOT "yes"
-
-    # The path to the .key file with which to sign uki files
-    set -g CFG_SECUREBOOT_KEY "/etc/secureboot/keys/db/db.key"
-
-    # The path to the .crt file with which to sign uki files
-    set -g CFG_SECUREBOOT_CERT "/etc/secureboot/keys/db/db.crt"
-end

src/snap-pac-uki.fish

@@ -9,8 +9,6 @@ function check_deps -d "checks if all dependencies are available"
     set -l dependencies \
         "efibootmgr" \
         "jq" \
-        "rg" \
-        "sbsign" \
         "sed" \
         "snapper" \
 
@@ -23,6 +21,18 @@ function check_deps -d "checks if all dependencies are available"
     end
 end
 
+function config -d "sets some configuration variables"
+    set -g CFG_BUILD_DIR "/tmp/snap-pac-uki"
+    set -g CFG_DEFAULT_SUBVOL "@"
+    set -g CFG_EFI_DEV "/dev/nvme0n1"
+    set -g CFG_EFI_PATH "\EFI\Linux"
+    set -g CFG_EFI_PART "1"
+    set -g CFG_SNAPSHOT_CONFIG "root"
+    set -g CFG_SNAPSHOT_PATH "/.snapshots"
+    set -g CFG_SNAPSHOT_SUBVOL "@snapshots"
+    set -g CFG_UKI_DIR "/efi/EFI/Linux"
+end
+
 function find_tasks -d "finds out what the program needs to do"
     set -ge TASK_UKI
 
@@ -60,17 +70,7 @@ function create_uki -d "creates a new uki" -a variant id
         --add-section .splash="$prefix/usr/share/systemd/bootctl/splash-arch.bmp" --change-section-vma .splash=0x40000 \
         --add-section .linux="$prefix/boot/vmlinuz-linux" --change-section-vma .linux=0x2000000 \
         --add-section .initrd="$prefix/boot/initramfs-linux$fallback.img" --change-section-vma .initrd=0x3000000 \
-        "$prefix/usr/lib/systemd/boot/efi/linuxx64.efi.stub" "$bd/arch-linux$fallback$snid.efi.unsigned"
+        "$prefix/usr/lib/systemd/boot/efi/linuxx64.efi.stub" "$bd/arch-linux$fallback$snid.efi"
-
-    # sign
-    if test "$CFG_SECUREBOOT" = "yes"
-        sbsign --key $CFG_SECUREBOOT_KEY \
-            --cert $CFG_SECUREBOOT_CERT \
-            --output "$bd/arch-linux$fallback$snid.efi" \
-            "$bd/arch-linux$fallback$snid.efi.unsigned"
-    else # otherwise move unsigned efi to location
-        mv "$bd/arch-linux$fallback$snid.efi.unsigned" "$bd/arch-linux$fallback$snid.efi"
-    end
 end
 
 function create_snapshot_uki -d "creates an uki for a snapshot" -a id
@@ -123,7 +123,6 @@ end
 function main
     # prepare for execution
     check_deps
-    source "/etc/snap-pac-uki/config.fish"
     config
 
     switch $argv[1]