commit b4f4ca7a0e96ca28033a1ce23cc1945d70f0f79e
Author: Alexandre CATTEAU <alexandre.catteau@gmail.com>
Date:   Sun Jun 25 12:28:34 2023 +0200

    Initial commit

diff --git a/99build-uki b/99build-uki
new file mode 100644
index 0000000..a8843a9
--- /dev/null
+++ b/99build-uki
@@ -0,0 +1,2 @@
+# Invoke script to build and sign UKI
+DPkg::Post-Invoke {"PH_PATH"};
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..97ab022
--- /dev/null
+++ b/README.md
@@ -0,0 +1,18 @@
+# Debian UKI
+
+The purpose is automatize building and signing of a Unified Kernel Image on Debian and derivatives after kernel or
+initramfs update.
+
+### Important
+The auto-update of this script should be disabled! Make sure to create `.disabled` file.
+
+### Files
+* `build-uki.sh` is the main script, which builds and signs the UKI.
+* `99build-uki` is an APT hook to invoke the main script.
+* `variables.conf.template` contains examples variables definitions, and should be copied locally to `variables.conf`
+  (with any required modifications).
+#### Installation
+* `install.sh` script copies APT hook to its destination, so the script is invoked after updates.
+
+### TODO
+* find a way to invoke script **only** on kernel or initramfs update
diff --git a/build-uki.sh b/build-uki.sh
new file mode 100755
index 0000000..53d089b
--- /dev/null
+++ b/build-uki.sh
@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+
+run_directory=$(dirname $(readlink -f "$0"))
+source "$run_directory/variables.conf"
+
+# Build UKI
+objcopy \
+  --add-section .osrel=/etc/os-release --change-section-vma .osrel=0x20000 \
+  --add-section .cmdline="/etc/kernel/cmdline" --change-section-vma .cmdline=0x30000 \
+  --add-section .linux="$path_to_vmlinuz_link/vmlinuz" --change-section-vma .linux=0x40000 \
+  --add-section .initrd="$path_to_vmlinuz_link/initrd.img" --change-section-vma .initrd=0x3000000 \
+  /usr/lib/systemd/boot/efi/linuxx64.efi.stub $path_to_uki
+
+# TODO Sign UKI
+
+exit 0
diff --git a/install.sh b/install.sh
new file mode 100755
index 0000000..819b127
--- /dev/null
+++ b/install.sh
@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+
+run_directory=$(dirname $(readlink -f "$0"))
+user=$(whoami)
+
+source "$run_directory/variables.conf"
+
+if [ -f $run_directory/.disabled ]; then
+  echo "Installation is disabled. Exiting..."
+  exit 0
+fi
+
+if [[ $user != 'root' ]]; then
+  sudo="sudo"
+else
+  sudo=""
+fi
+
+echo "Copying APT hook to APT conf directory..."
+$sudo cp $run_directory/99build-uki /etc/apt/apt.conf.d/99build-uki
+$sudo sed -i -e "s:PH_PATH:$run_directory/build-uki.sh:g" /etc/apt/apt.conf.d/99build-uki
+
+echo "Finished install. Exiting..."
+exit 0
diff --git a/variables.conf.template b/variables.conf.template
new file mode 100644
index 0000000..186fa3e
--- /dev/null
+++ b/variables.conf.template
@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+
+# Copy this file as variables.conf, with the correct values
+
+path_to_vmlinuz_link=/boot # /boot in Ubuntu 22.04, / in Debian 11
+path_to_uki=/efi/EFI/debian/debian-linux.efi