From 1ad9c175efc120aa359e3adb6c3c6e0b7d2ffe87 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sat, 10 Jan 2026 13:26:29 +0000 Subject: [PATCH 1/2] Initial plan From 361e1ced0f71fd20ab3ff741b9d00d85f0621803 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sat, 10 Jan 2026 13:32:12 +0000 Subject: [PATCH 2/2] Fix MOK enrollment task failure by correcting shebang and shell command invocations Co-authored-by: P4X-ng <223870169+P4X-ng@users.noreply.github.com> --- core.pf | 4 ++-- pf_parser.py | 2 +- secure.pf | 12 ++++++------ 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/core.pf b/core.pf index 5dab9ea..12d1e06 100644 --- a/core.pf +++ b/core.pf @@ -162,7 +162,7 @@ end # --- MOK (Machine Owner Key) Management --- task os-mok-enroll describe Enroll host MOK for module signing - shell bash -lc 'scripts/mok-management/enroll-mok.sh "${MOK_CERT_PEM:-out/keys/mok/PGMOK.crt}" "${MOK_CERT_DER:-out/keys/mok/PGMOK.der}" ${MOK_DRY_RUN:-0}' + shell bash scripts/mok-management/enroll-mok.sh "${MOK_CERT_PEM:-out/keys/mok/PGMOK.crt}" "${MOK_CERT_DER:-out/keys/mok/PGMOK.der}" "${MOK_DRY_RUN:-0}" end task os-mok-list-keys @@ -172,7 +172,7 @@ end task secure-mok-new describe Generate new PhoenixGuard MOK keypair (use NAME and CN env) - shell bash -lc 'scripts/mok-management/mok-new.sh "${NAME:-PGMOK}" "${CN:-PhoenixGuard Module Key}"' + shell bash scripts/mok-management/mok-new.sh "${NAME:-PGMOK}" "${CN:-PhoenixGuard Module Key}" end # --- Module Signing --- diff --git a/pf_parser.py b/pf_parser.py index 745c59d..c2aff74 100644 --- a/pf_parser.py +++ b/pf_parser.py @@ -1,4 +1,4 @@ -#!/home/punk/.venv/bin/python +#!/usr/bin/env python3 """ pf.py — single-file, symbol-free Fabric runner with a tiny DSL. diff --git a/secure.pf b/secure.pf index ff7f5b9..2e0c861 100644 --- a/secure.pf +++ b/secure.pf @@ -26,7 +26,7 @@ end task secure-mok-verify describe Verify MOK certificate details - shell bash -lc 'scripts/mok-management/mok-verify.sh "${MOK_CERT_PEM:-out/keys/mok/PGMOK.crt}" "${MOK_CERT_DER:-out/keys/mok/PGMOK.der}"' + shell bash scripts/mok-management/mok-verify.sh "${MOK_CERT_PEM:-out/keys/mok/PGMOK.crt}" "${MOK_CERT_DER:-out/keys/mok/PGMOK.der}" end task secure-mok-find-enrolled @@ -36,15 +36,15 @@ end task secure-enroll-mok describe Enroll PhoenixGuard MOK certificate - shell bash -lc 'scripts/mok-management/enroll-mok.sh "${MOK_CERT_PEM:-out/keys/mok/PGMOK.crt}" "${MOK_CERT_DER:-out/keys/mok/PGMOK.der}" ${MOK_DRY_RUN:-0}' + shell bash scripts/mok-management/enroll-mok.sh "${MOK_CERT_PEM:-out/keys/mok/PGMOK.crt}" "${MOK_CERT_DER:-out/keys/mok/PGMOK.der}" "${MOK_DRY_RUN:-0}" end # Note: secure-mok-new moved to core.pf to avoid duplication task secure-mok-enroll-new describe Generate + enroll PhoenixGuard MOK (reboot to complete) - shell bash -lc 'scripts/mok-management/mok-new.sh "${NAME:-PGMOK}" "${CN:-PhoenixGuard Module Key}"' - shell bash -lc 'scripts/mok-management/enroll-mok.sh "out/keys/${NAME:-PGMOK}.crt" "out/keys/${NAME:-PGMOK}.der" ${MOK_DRY_RUN:-0}' + shell bash scripts/mok-management/mok-new.sh "${NAME:-PGMOK}" "${CN:-PhoenixGuard Module Key}" + shell bash scripts/mok-management/enroll-mok.sh "out/keys/${NAME:-PGMOK}.crt" "out/keys/${NAME:-PGMOK}.der" "${MOK_DRY_RUN:-0}" end task secure-keys-centralize @@ -64,10 +64,10 @@ end task secure-unenroll-mok describe Remove PhoenixGuard MOK certificate - shell bash -lc 'scripts/mok-management/unenroll-mok.sh "${MOK_CERT_DER:-out/keys/mok/PGMOK.der}"' + shell bash scripts/mok-management/unenroll-mok.sh "${MOK_CERT_DER:-out/keys/mok/PGMOK.der}" end task secure-der-extract describe Convert DER/PKCS#12 bundle into PEM cert and key (set DER_PATH, OUT_DIR, NAME) - shell bash -lc 'scripts/secure-boot/der-extract.sh "${DER_PATH:-}" "${OUT_DIR:-out/keys}" "${NAME:-PGMOK}"' + shell bash scripts/secure-boot/der-extract.sh "${DER_PATH:-}" "${OUT_DIR:-out/keys}" "${NAME:-PGMOK}" end