fix: correct dependency checks for efitools and sbsign by Xapier14 · Pull Request #1 · schmayterling/opencore-secureboot-tool

Xapier14 · 2026-05-28T12:45:17Z

Summary

Fixed a mismatched dependency check where efitools was being tested by looking for sbsign, which is provided by a completely separate package (sbsigntool/sbsigntools). The check now correctly tests for sign-efi-sig-list, which is the command actually provided by efitools.
Added a missing dependency check for sbsign (used when signing EFI binaries), which was left uncovered by the original check.
Extended check_and_install to accept optional per-manager package names (args 3–5 for apt/dnf/pacman), since sbsign ships under different package names across distros (sbsigntool on Debian/Ubuntu, sbsigntools on Fedora and Arch).

The original line check_and_install efitools sbsign was broken in two ways:

It probed for sbsign to decide whether efitools was installed — but sbsign belongs to a different package entirely. A system with efitools but without sbsigntool would pass the check silently, then fail later when sign-efi-sig-list or cert-to-efi-sig-list was called.
After fixing the efitools check, sbsign itself (called at the EFI binary signing step) had no check at all, meaning it could be missing on a fresh system with no clear error.

Command	Debian/Ubuntu	Fedora	Arch
sign-efi-sig-list, cert-to-efi-sig-list	efitools	efitools	efitools
sbsign	sbsigntool	sbsigntools	sbsigntools

fix: correct dependency checks for efitools and sbsign

5291368

pull-request-size Bot added the size/S label May 28, 2026