Verified Commit 19861e47 authored by David Runge's avatar David Runge
Browse files

archiso/mkarchiso: Generalize handling of ucodes

archiso/mkarchiso:
Generalize the handling of ucode files (e.g. copying, signing, size calculation) by introducing the global readonly
array of expected ucode names instead of hardcoding them in various functions.
When making use of ucode files in `_make_boot_on_iso9660()`, `_make_bootmode_uef-x86.systemd-boot.esp()` and
`_sign_netboot_artifacts()` create a list of files that is guaranteed to contain existing files.

Fixes #132
parent 33e4ff62
......@@ -37,6 +37,8 @@ airootfs_image_tool_options=()
cert_list=()
sign_netboot_artifacts=""
declare -A file_permissions=()
# adapted from GRUB_EARLY_INITRD_LINUX_STOCK in https://git.savannah.gnu.org/cgit/grub.git/tree/util/grub-mkconfig.in
readonly ucodes=('intel-uc.img' 'intel-ucode.img' 'amd-uc.img' 'amd-ucode.img' 'early_ucode.cpio' 'microcode.cpio')
# Show an INFO message
......@@ -395,7 +397,7 @@ _make_boot_on_iso9660() {
install -m 0644 -- "${pacstrap_dir}/boot/initramfs-"*".img" "${isofs_dir}/${install_dir}/boot/${arch}/"
install -m 0644 -- "${pacstrap_dir}/boot/vmlinuz-"* "${isofs_dir}/${install_dir}/boot/${arch}/"
for ucode_image in {intel-uc.img,intel-ucode.img,amd-uc.img,amd-ucode.img,early_ucode.cpio,microcode.cpio}; do
for ucode_image in "${ucodes[@]}"; do
if [[ -e "${pacstrap_dir}/boot/${ucode_image}" ]]; then
install -m 0644 -- "${pacstrap_dir}/boot/${ucode_image}" "${isofs_dir}/${install_dir}/boot/"
if [[ -e "${pacstrap_dir}/usr/share/licenses/${ucode_image%.*}/" ]]; then
......@@ -494,11 +496,9 @@ _make_boot_on_fat() {
"::/${install_dir}" "::/${install_dir}/boot" "::/${install_dir}/boot/${arch}"
mcopy -i "${work_dir}/efiboot.img" "${pacstrap_dir}/boot/vmlinuz-"* \
"${pacstrap_dir}/boot/initramfs-"*".img" "::/${install_dir}/boot/${arch}/"
for ucode_image in \
"${pacstrap_dir}/boot/"{intel-uc.img,intel-ucode.img,amd-uc.img,amd-ucode.img,early_ucode.cpio,microcode.cpio}
do
if [[ -e "${ucode_image}" ]]; then
all_ucode_images+=("${ucode_image}")
for ucode_image in "${ucodes[@]}"; do
if [[ -e "${pacstrap_dir}/boot/${ucode_image}" ]]; then
all_ucode_images+=("${pacstrap_dir}/boot/${ucode_image}")
fi
done
if (( ${#all_ucode_images[@]} )); then
......@@ -509,9 +509,15 @@ _make_boot_on_fat() {
# Prepare efiboot.img::/EFI for EFI boot mode
_make_bootmode_uefi-x64.systemd-boot.esp() {
local efiboot_imgsize="0"
local _file efiboot_imgsize="0"
local _available_ucodes=()
_msg_info "Setting up systemd-boot for UEFI booting..."
for _file in "${ucodes[@]}"; do
if [[ -e "${pacstrap_dir}/boot/${_file}" ]]; then
_available_ucodes+=("${pacstrap_dir}/boot/${_file}")
fi
done
# the required image size in KiB (rounded up to the next full MiB with an additional MiB for reserved sectors)
efiboot_imgsize="$(du -bc \
"${pacstrap_dir}/usr/lib/systemd/boot/efi/systemd-bootx64.efi" \
......@@ -519,7 +525,7 @@ _make_bootmode_uefi-x64.systemd-boot.esp() {
"${profile}/efiboot/" \
"${pacstrap_dir}/boot/vmlinuz-"* \
"${pacstrap_dir}/boot/initramfs-"*".img" \
"${pacstrap_dir}/boot/"{intel-uc.img,intel-ucode.img,amd-uc.img,amd-ucode.img,early_ucode.cpio,microcode.cpio} \
"${_available_ucodes[@]}" \
2>/dev/null | awk 'function ceil(x){return int(x)+(x>int(x))}
function byte_to_kib(x){return x/1024}
function mib_to_kib(x){return x*1024}
......@@ -670,9 +676,15 @@ _export_netboot_artifacts() {
# sign build artifacts for netboot
_sign_netboot_artifacts() {
local _file _dir
local _files_to_sign=()
_msg_info "Signing netboot artifacts..."
_dir="${isofs_dir}/${install_dir}/"
for _file in "${_dir}/boot/"*ucode.img "${_dir}/boot/${arch}/vmlinuz-"* "${_dir}/boot/${arch}/initramfs-"*.img; do
_dir="${isofs_dir}/${install_dir}/boot/"
for _file in "${ucodes[@]}"; do
if [[ -e "${_dir}${_file}" ]]; then
_files_to_sign+=("${_dir}${_file}")
fi
done
for _file in "${_files_to_sign[@]}" "${_dir}${arch}/vmlinuz-"* "${_dir}${arch}/initramfs-"*.img; do
openssl cms \
-sign \
-binary \
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment