archiso/mkarchiso: Generalize handling of ucodes
archiso/mkarchiso: Generalize the handling of ucode files (e.g. copying, signing, size calculation) by introducing the global readonly array of expected ucode names instead of hardcoding them in various functions. When making use of ucode files in `_make_boot_on_iso9660()`, `_make_bootmode_uef-x86.systemd-boot.esp()` and `_sign_netboot_artifacts()` create a list of files that is guaranteed to contain existing files. Fixes #132
This commit is contained in:
parent
33e4ff6294
commit
19861e4742
@ -37,6 +37,8 @@ airootfs_image_tool_options=()
|
|||||||
cert_list=()
|
cert_list=()
|
||||||
sign_netboot_artifacts=""
|
sign_netboot_artifacts=""
|
||||||
declare -A file_permissions=()
|
declare -A file_permissions=()
|
||||||
|
# adapted from GRUB_EARLY_INITRD_LINUX_STOCK in https://git.savannah.gnu.org/cgit/grub.git/tree/util/grub-mkconfig.in
|
||||||
|
readonly ucodes=('intel-uc.img' 'intel-ucode.img' 'amd-uc.img' 'amd-ucode.img' 'early_ucode.cpio' 'microcode.cpio')
|
||||||
|
|
||||||
|
|
||||||
# Show an INFO message
|
# Show an INFO message
|
||||||
@ -395,7 +397,7 @@ _make_boot_on_iso9660() {
|
|||||||
install -m 0644 -- "${pacstrap_dir}/boot/initramfs-"*".img" "${isofs_dir}/${install_dir}/boot/${arch}/"
|
install -m 0644 -- "${pacstrap_dir}/boot/initramfs-"*".img" "${isofs_dir}/${install_dir}/boot/${arch}/"
|
||||||
install -m 0644 -- "${pacstrap_dir}/boot/vmlinuz-"* "${isofs_dir}/${install_dir}/boot/${arch}/"
|
install -m 0644 -- "${pacstrap_dir}/boot/vmlinuz-"* "${isofs_dir}/${install_dir}/boot/${arch}/"
|
||||||
|
|
||||||
for ucode_image in {intel-uc.img,intel-ucode.img,amd-uc.img,amd-ucode.img,early_ucode.cpio,microcode.cpio}; do
|
for ucode_image in "${ucodes[@]}"; do
|
||||||
if [[ -e "${pacstrap_dir}/boot/${ucode_image}" ]]; then
|
if [[ -e "${pacstrap_dir}/boot/${ucode_image}" ]]; then
|
||||||
install -m 0644 -- "${pacstrap_dir}/boot/${ucode_image}" "${isofs_dir}/${install_dir}/boot/"
|
install -m 0644 -- "${pacstrap_dir}/boot/${ucode_image}" "${isofs_dir}/${install_dir}/boot/"
|
||||||
if [[ -e "${pacstrap_dir}/usr/share/licenses/${ucode_image%.*}/" ]]; then
|
if [[ -e "${pacstrap_dir}/usr/share/licenses/${ucode_image%.*}/" ]]; then
|
||||||
@ -494,11 +496,9 @@ _make_boot_on_fat() {
|
|||||||
"::/${install_dir}" "::/${install_dir}/boot" "::/${install_dir}/boot/${arch}"
|
"::/${install_dir}" "::/${install_dir}/boot" "::/${install_dir}/boot/${arch}"
|
||||||
mcopy -i "${work_dir}/efiboot.img" "${pacstrap_dir}/boot/vmlinuz-"* \
|
mcopy -i "${work_dir}/efiboot.img" "${pacstrap_dir}/boot/vmlinuz-"* \
|
||||||
"${pacstrap_dir}/boot/initramfs-"*".img" "::/${install_dir}/boot/${arch}/"
|
"${pacstrap_dir}/boot/initramfs-"*".img" "::/${install_dir}/boot/${arch}/"
|
||||||
for ucode_image in \
|
for ucode_image in "${ucodes[@]}"; do
|
||||||
"${pacstrap_dir}/boot/"{intel-uc.img,intel-ucode.img,amd-uc.img,amd-ucode.img,early_ucode.cpio,microcode.cpio}
|
if [[ -e "${pacstrap_dir}/boot/${ucode_image}" ]]; then
|
||||||
do
|
all_ucode_images+=("${pacstrap_dir}/boot/${ucode_image}")
|
||||||
if [[ -e "${ucode_image}" ]]; then
|
|
||||||
all_ucode_images+=("${ucode_image}")
|
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
if (( ${#all_ucode_images[@]} )); then
|
if (( ${#all_ucode_images[@]} )); then
|
||||||
@ -509,9 +509,15 @@ _make_boot_on_fat() {
|
|||||||
|
|
||||||
# Prepare efiboot.img::/EFI for EFI boot mode
|
# Prepare efiboot.img::/EFI for EFI boot mode
|
||||||
_make_bootmode_uefi-x64.systemd-boot.esp() {
|
_make_bootmode_uefi-x64.systemd-boot.esp() {
|
||||||
local efiboot_imgsize="0"
|
local _file efiboot_imgsize="0"
|
||||||
|
local _available_ucodes=()
|
||||||
_msg_info "Setting up systemd-boot for UEFI booting..."
|
_msg_info "Setting up systemd-boot for UEFI booting..."
|
||||||
|
|
||||||
|
for _file in "${ucodes[@]}"; do
|
||||||
|
if [[ -e "${pacstrap_dir}/boot/${_file}" ]]; then
|
||||||
|
_available_ucodes+=("${pacstrap_dir}/boot/${_file}")
|
||||||
|
fi
|
||||||
|
done
|
||||||
# the required image size in KiB (rounded up to the next full MiB with an additional MiB for reserved sectors)
|
# the required image size in KiB (rounded up to the next full MiB with an additional MiB for reserved sectors)
|
||||||
efiboot_imgsize="$(du -bc \
|
efiboot_imgsize="$(du -bc \
|
||||||
"${pacstrap_dir}/usr/lib/systemd/boot/efi/systemd-bootx64.efi" \
|
"${pacstrap_dir}/usr/lib/systemd/boot/efi/systemd-bootx64.efi" \
|
||||||
@ -519,7 +525,7 @@ _make_bootmode_uefi-x64.systemd-boot.esp() {
|
|||||||
"${profile}/efiboot/" \
|
"${profile}/efiboot/" \
|
||||||
"${pacstrap_dir}/boot/vmlinuz-"* \
|
"${pacstrap_dir}/boot/vmlinuz-"* \
|
||||||
"${pacstrap_dir}/boot/initramfs-"*".img" \
|
"${pacstrap_dir}/boot/initramfs-"*".img" \
|
||||||
"${pacstrap_dir}/boot/"{intel-uc.img,intel-ucode.img,amd-uc.img,amd-ucode.img,early_ucode.cpio,microcode.cpio} \
|
"${_available_ucodes[@]}" \
|
||||||
2>/dev/null | awk 'function ceil(x){return int(x)+(x>int(x))}
|
2>/dev/null | awk 'function ceil(x){return int(x)+(x>int(x))}
|
||||||
function byte_to_kib(x){return x/1024}
|
function byte_to_kib(x){return x/1024}
|
||||||
function mib_to_kib(x){return x*1024}
|
function mib_to_kib(x){return x*1024}
|
||||||
@ -670,9 +676,15 @@ _export_netboot_artifacts() {
|
|||||||
# sign build artifacts for netboot
|
# sign build artifacts for netboot
|
||||||
_sign_netboot_artifacts() {
|
_sign_netboot_artifacts() {
|
||||||
local _file _dir
|
local _file _dir
|
||||||
|
local _files_to_sign=()
|
||||||
_msg_info "Signing netboot artifacts..."
|
_msg_info "Signing netboot artifacts..."
|
||||||
_dir="${isofs_dir}/${install_dir}/"
|
_dir="${isofs_dir}/${install_dir}/boot/"
|
||||||
for _file in "${_dir}/boot/"*ucode.img "${_dir}/boot/${arch}/vmlinuz-"* "${_dir}/boot/${arch}/initramfs-"*.img; do
|
for _file in "${ucodes[@]}"; do
|
||||||
|
if [[ -e "${_dir}${_file}" ]]; then
|
||||||
|
_files_to_sign+=("${_dir}${_file}")
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
for _file in "${_files_to_sign[@]}" "${_dir}${arch}/vmlinuz-"* "${_dir}${arch}/initramfs-"*.img; do
|
||||||
openssl cms \
|
openssl cms \
|
||||||
-sign \
|
-sign \
|
||||||
-binary \
|
-binary \
|
||||||
|
Loading…
Reference in New Issue
Block a user