tegra-linux-noble/debian/scripts/checks/final-checks

#!/bin/bash

debian="$1"
abi="$2"

archs=$(awk '/^Architecture:/ { $1=""; for (i=1; i<=NF; i++) { if ($i != "all") { print $i }}}' debian/control | sort -u)

fail=0

failure()
{
	echo "EE: $*" 1>&2
	fail=1
}

for arch in $archs
do
	if [ ! -f "$debian/rules.d/$arch.mk" ]; then
		continue
	fi

	image_pkg=$(awk -F '\\s*=\\s*' '$1 == "do_flavour_image_package" { print $2 }' "$debian/rules.d/$arch.mk")
	if [ "$image_pkg" = "false" ]; then
		continue
	fi

	flavours=$(
		awk '/^\s*flavours\s*=/{
			sub(/^\s*flavours\s*=\s*/, "");
			print
		}' "$debian/rules.d/$arch.mk")
	for flavour in $flavours
	do
		if [ -d debian/certs ]; then
			if ! python3 debian/scripts/misc/annotations --export -c CONFIG_SYSTEM_TRUSTED_KEYS --arch "$arch" --flavour "$flavour" | grep -q '^CONFIG_SYSTEM_TRUSTED_KEYS="debian/canonical-certs.pem"$' ; then
				failure "'CONFIG_SYSTEM_TRUSTED_KEYS=\"debian/canonical-certs.pem\"' is required"
			fi
		fi
		if [ -d debian/revoked-certs ]; then
			if ! python3 debian/scripts/misc/annotations --export -c CONFIG_SYSTEM_REVOCATION_KEYS --arch "$arch" --flavour "$flavour" | grep -q '^CONFIG_SYSTEM_REVOCATION_KEYS="debian/canonical-revoked-certs.pem"$' ; then
				failure "'CONFIG_SYSTEM_REVOCATION_KEYS=\"debian/canonical-revoked-certs.pem\"' is required"
			fi
		fi
	done
done

exit "$fail"