pacman hook does not execute correctly but command does in my terminal

freddyg · 2023-02-20 19:56:12

Hey all, I've had a pacman hook setup for secureboot so that when the kernel changes it will sign it. This had been working fine until I added a line for systemd-boot which updates itself with another hook. The offending line is

/usr/bin/find '/boot/' -maxdepth 1 -name 'vmlinuz-*' -exec /usr/bin/sh -c 'if ! /usr/bin/sbverify --list {} 2>/dev/null | /usr/bin/grep -q "signature certificates"; then /usr/bin/sbsign --key /usr/share/MokKeys/MOK.key --cert /usr/share/MokKeys/MOK.crt --output {} {}; fi' \; ; /usr/bin/find '/efi/EFI/systemd/' -maxdepth 1 -type f \( -name 'grubx64*' -a -name 'systemd*' \) -exec /usr/bin/sh -c 'if ! /usr/bin/sbverify --list {} 2>/dev/null | /usr/bin/grep -q "signature certificates"; then /usr/bin/sbsign --key /usr/share/MokKeys/MOK.key --cert /usr/share/MokKeys/MOK.crt --output {} {}; fi' \; && sudo cp -f /efi/EFI/systemd/systemd-bootx64.efi /efi/EFI/systemd/grubx64.efi

I am mostly just copying the section on the archwiki page about secure boot as I knew it worked no issues previously. No matter what minor changes I make to make it more syntax friendly I get the same two errors at update:

/usr/bin/find: paths must precede expression: `/usr/bin/find'
/usr/bin/find: possible unquoted pattern after predicate `-exec'?

Any help with getting this to run would be greatly appreciated as I've been smashing my head against a wall reading about this issue for hours. I just want to be done pissing with secureboot lol. It runs fine in my terminal but never at update now. I am not sure of an easier way to test it other than updating linux or systemd-boot like its purpose. This however makes it quite tedious to test.

Lone_Wolf · 2023-02-21 13:31:26

https://wiki.archlinux.org/title/Unifie … m_with_key is the example where you got this from ?

That looks like your addition.

&& sudo cp -f /efi/EFI/systemd/systemd-bootx64.efi /efi/EFI/systemd/grubx64.efi

pacman hooks typically run as root, so sudo should not be used. I doubt that's what failing though.

The exec= functionality of alpm hooks is ~~rather simple~~ not a shell ~~and if I remember correctly only handles one command~~.
Try putting those commands in a script and call that.

Edited for clarity & accuracy after Trilby's post #3 .

Last edited by Lone_Wolf (2023-02-22 09:37:37)

Trilby · 2023-02-21 15:08:59

Lone_Wolf wrote:

The exec= functionality of alpm hooks is rather simple...

It's not about it being simple, it's about it being an "exec" call, not a shell. So the error is clear, you are calling /bin/find with every other element of that string dumped into it's argv array. Theoretically you could use something like the following:

Exec = /bin/sh -c "find ..."

But that would be ugly and error-prone due to quoting issues. Just use a script.

freddyg · 2023-02-22 18:48:18

My bad on the sudo ending up in there. It was there when I ran the command in shell to get my system back to functional while the hook was erroring out and I copy pasted it into the post somehow. Its not in the final hook pacman is calling though and is still not functional. I will attempt putting it in a script to be called shortly.

freddyg · 2023-02-22 19:00:32

Update: it does now work after being moved to a script that the hook calls via /usr/bin/sh -c /usr/local/bin/sbhook.sh thanks all for the help.

Trilby · 2023-02-22 20:26:11

If sbhook.sh is executable and has a proper shebang, you don't need the extra "/usr/bin/sh -c"

Arch Linux

#1 2023-02-20 19:56:12

pacman hook does not execute correctly but command does in my terminal

#2 2023-02-21 13:31:26

Re: pacman hook does not execute correctly but command does in my terminal

#3 2023-02-21 15:08:59

Re: pacman hook does not execute correctly but command does in my terminal

#4 2023-02-22 18:48:18

Re: pacman hook does not execute correctly but command does in my terminal

#5 2023-02-22 19:00:32

Re: pacman hook does not execute correctly but command does in my terminal

#6 2023-02-22 20:26:11

Re: pacman hook does not execute correctly but command does in my terminal

Board footer