* morten/fix-signing:
sbctl: ensure output is correct before using saved entry
keys: ensure we compare the input/output files
sbctl: always enroll files before we do signing operations
switch to errors.New() for error messages without formatting to avoid this lint error:
> printf-style function with dynamic format string and no further arguments should use print-style function instead (SA1006)
`PersistentPreRun` was being overwritten later in `main()`, causing
`logging.PrintOff()` to never be called.
Signed-off-by: Andrew Gunnerson <accounts+github@chiller3.com>
This partially undoes 5106d1ef8a, but
avoids that problem by ignoring non-zero exit statuses from
`sbctl remove-file`. That commit stopped the script from failing when
uninstalling a kernel where the UKI wasn't in sbctl's database. However,
it causes the UKI to never be removed from the database if UKI removal
is done by a script that runs before `91-sbctl.install`.
This is the case with systemd-ukify's `60-ukify.install` and systemd's
`90-uki-copy.install`. By the time that `91-sbctl.install` runs during
kernel removal, `90-uki-copy.install` will have already deleted the UKI.
Signed-off-by: Andrew Gunnerson <accounts+github@chiller3.com>
We don't need to run --migrate if there is no sbctl installed, so check
that first and then check the keydir if there is something there
already.
Signed-off-by: Morten Linderud <morten@linderud.pw>
