#!/bin/bash

PROJECT=home:okir:FDE
PACKAGE=/var/tmp/build-root/15.4-x86_64/home/abuild/rpmbuild/RPMS/noarch/grub2-x86_64-efi-2.06-0.noarch.rpm
CERTCOPY=fde.cert

if [ $# -gt 0 ]; then
	PACKAGE=$1
	shift
fi

case "$PACKAGE" in
https:*|http:*)
	wget -O grub2-x86_64-efi.noarch.rpm $PACKAGE
	PACKAGE=grub2-x86_64-efi.noarch.rpm;;
esac

if [ ! -f $CERTCOPY ]; then
	echo "Fetching project SSL certificate"
	osc signkey --sslcert $PROJECT > $CERTCOPY || exit 1
fi

echo "Trying to extract grub-tpm.efi from $PACKAGE"
rpm2cpio $PACKAGE | cpio -id ./usr/share/grub2/x86_64-efi/*
cp ./usr/share/grub2/x86_64-efi/grub-tpm.efi bootx64.efi
rm -rf ./usr

echo "Verifying Secure Boot signature using $CERTCOPY"
openssl x509 -in $CERTCOPY -subject -noout
/usr/bin/sbverify --cert $CERTCOPY bootx64.efi || exit 1
