Verified Commit 7d120315 authored by David Runge's avatar David Runge
Browse files

Merge branch 'issues/132'

* issues/132:
  gitlab-ci: Also build a baseline netboot target
  archiso/mkarchiso: Generalize handling of ucodes
parents 33e4ff62 97b7aeba
Pipeline #9275 passed with stages
in 48 minutes and 32 seconds
...@@ -44,8 +44,6 @@ build_short: ...@@ -44,8 +44,6 @@ build_short:
extends: .build extends: .build
parallel: parallel:
matrix: matrix:
# baseline does not support netboot with codesinging
# https://gitlab.archlinux.org/archlinux/archiso/-/issues/132
- BUILD_SCRIPT_ARGS: baseline bootstrap - BUILD_SCRIPT_ARGS: baseline bootstrap
- BUILD_SCRIPT_ARGS: releng bootstrap - BUILD_SCRIPT_ARGS: releng bootstrap
...@@ -56,5 +54,6 @@ build_long: ...@@ -56,5 +54,6 @@ build_long:
parallel: parallel:
matrix: matrix:
- BUILD_SCRIPT_ARGS: baseline iso - BUILD_SCRIPT_ARGS: baseline iso
- BUILD_SCRIPT_ARGS: baseline netboot
- BUILD_SCRIPT_ARGS: releng iso - BUILD_SCRIPT_ARGS: releng iso
- BUILD_SCRIPT_ARGS: releng netboot - BUILD_SCRIPT_ARGS: releng netboot
...@@ -37,6 +37,8 @@ airootfs_image_tool_options=() ...@@ -37,6 +37,8 @@ airootfs_image_tool_options=()
cert_list=() cert_list=()
sign_netboot_artifacts="" sign_netboot_artifacts=""
declare -A file_permissions=() declare -A file_permissions=()
# adapted from GRUB_EARLY_INITRD_LINUX_STOCK in https://git.savannah.gnu.org/cgit/grub.git/tree/util/grub-mkconfig.in
readonly ucodes=('intel-uc.img' 'intel-ucode.img' 'amd-uc.img' 'amd-ucode.img' 'early_ucode.cpio' 'microcode.cpio')
# Show an INFO message # Show an INFO message
...@@ -395,7 +397,7 @@ _make_boot_on_iso9660() { ...@@ -395,7 +397,7 @@ _make_boot_on_iso9660() {
install -m 0644 -- "${pacstrap_dir}/boot/initramfs-"*".img" "${isofs_dir}/${install_dir}/boot/${arch}/" install -m 0644 -- "${pacstrap_dir}/boot/initramfs-"*".img" "${isofs_dir}/${install_dir}/boot/${arch}/"
install -m 0644 -- "${pacstrap_dir}/boot/vmlinuz-"* "${isofs_dir}/${install_dir}/boot/${arch}/" install -m 0644 -- "${pacstrap_dir}/boot/vmlinuz-"* "${isofs_dir}/${install_dir}/boot/${arch}/"
for ucode_image in {intel-uc.img,intel-ucode.img,amd-uc.img,amd-ucode.img,early_ucode.cpio,microcode.cpio}; do for ucode_image in "${ucodes[@]}"; do
if [[ -e "${pacstrap_dir}/boot/${ucode_image}" ]]; then if [[ -e "${pacstrap_dir}/boot/${ucode_image}" ]]; then
install -m 0644 -- "${pacstrap_dir}/boot/${ucode_image}" "${isofs_dir}/${install_dir}/boot/" install -m 0644 -- "${pacstrap_dir}/boot/${ucode_image}" "${isofs_dir}/${install_dir}/boot/"
if [[ -e "${pacstrap_dir}/usr/share/licenses/${ucode_image%.*}/" ]]; then if [[ -e "${pacstrap_dir}/usr/share/licenses/${ucode_image%.*}/" ]]; then
...@@ -494,11 +496,9 @@ _make_boot_on_fat() { ...@@ -494,11 +496,9 @@ _make_boot_on_fat() {
"::/${install_dir}" "::/${install_dir}/boot" "::/${install_dir}/boot/${arch}" "::/${install_dir}" "::/${install_dir}/boot" "::/${install_dir}/boot/${arch}"
mcopy -i "${work_dir}/efiboot.img" "${pacstrap_dir}/boot/vmlinuz-"* \ mcopy -i "${work_dir}/efiboot.img" "${pacstrap_dir}/boot/vmlinuz-"* \
"${pacstrap_dir}/boot/initramfs-"*".img" "::/${install_dir}/boot/${arch}/" "${pacstrap_dir}/boot/initramfs-"*".img" "::/${install_dir}/boot/${arch}/"
for ucode_image in \ for ucode_image in "${ucodes[@]}"; do
"${pacstrap_dir}/boot/"{intel-uc.img,intel-ucode.img,amd-uc.img,amd-ucode.img,early_ucode.cpio,microcode.cpio} if [[ -e "${pacstrap_dir}/boot/${ucode_image}" ]]; then
do all_ucode_images+=("${pacstrap_dir}/boot/${ucode_image}")
if [[ -e "${ucode_image}" ]]; then
all_ucode_images+=("${ucode_image}")
fi fi
done done
if (( ${#all_ucode_images[@]} )); then if (( ${#all_ucode_images[@]} )); then
...@@ -509,9 +509,15 @@ _make_boot_on_fat() { ...@@ -509,9 +509,15 @@ _make_boot_on_fat() {
# Prepare efiboot.img::/EFI for EFI boot mode # Prepare efiboot.img::/EFI for EFI boot mode
_make_bootmode_uefi-x64.systemd-boot.esp() { _make_bootmode_uefi-x64.systemd-boot.esp() {
local efiboot_imgsize="0" local _file efiboot_imgsize="0"
local _available_ucodes=()
_msg_info "Setting up systemd-boot for UEFI booting..." _msg_info "Setting up systemd-boot for UEFI booting..."
for _file in "${ucodes[@]}"; do
if [[ -e "${pacstrap_dir}/boot/${_file}" ]]; then
_available_ucodes+=("${pacstrap_dir}/boot/${_file}")
fi
done
# the required image size in KiB (rounded up to the next full MiB with an additional MiB for reserved sectors) # the required image size in KiB (rounded up to the next full MiB with an additional MiB for reserved sectors)
efiboot_imgsize="$(du -bc \ efiboot_imgsize="$(du -bc \
"${pacstrap_dir}/usr/lib/systemd/boot/efi/systemd-bootx64.efi" \ "${pacstrap_dir}/usr/lib/systemd/boot/efi/systemd-bootx64.efi" \
...@@ -519,7 +525,7 @@ _make_bootmode_uefi-x64.systemd-boot.esp() { ...@@ -519,7 +525,7 @@ _make_bootmode_uefi-x64.systemd-boot.esp() {
"${profile}/efiboot/" \ "${profile}/efiboot/" \
"${pacstrap_dir}/boot/vmlinuz-"* \ "${pacstrap_dir}/boot/vmlinuz-"* \
"${pacstrap_dir}/boot/initramfs-"*".img" \ "${pacstrap_dir}/boot/initramfs-"*".img" \
"${pacstrap_dir}/boot/"{intel-uc.img,intel-ucode.img,amd-uc.img,amd-ucode.img,early_ucode.cpio,microcode.cpio} \ "${_available_ucodes[@]}" \
2>/dev/null | awk 'function ceil(x){return int(x)+(x>int(x))} 2>/dev/null | awk 'function ceil(x){return int(x)+(x>int(x))}
function byte_to_kib(x){return x/1024} function byte_to_kib(x){return x/1024}
function mib_to_kib(x){return x*1024} function mib_to_kib(x){return x*1024}
...@@ -670,9 +676,15 @@ _export_netboot_artifacts() { ...@@ -670,9 +676,15 @@ _export_netboot_artifacts() {
# sign build artifacts for netboot # sign build artifacts for netboot
_sign_netboot_artifacts() { _sign_netboot_artifacts() {
local _file _dir local _file _dir
local _files_to_sign=()
_msg_info "Signing netboot artifacts..." _msg_info "Signing netboot artifacts..."
_dir="${isofs_dir}/${install_dir}/" _dir="${isofs_dir}/${install_dir}/boot/"
for _file in "${_dir}/boot/"*ucode.img "${_dir}/boot/${arch}/vmlinuz-"* "${_dir}/boot/${arch}/initramfs-"*.img; do for _file in "${ucodes[@]}"; do
if [[ -e "${_dir}${_file}" ]]; then
_files_to_sign+=("${_dir}${_file}")
fi
done
for _file in "${_files_to_sign[@]}" "${_dir}${arch}/vmlinuz-"* "${_dir}${arch}/initramfs-"*.img; do
openssl cms \ openssl cms \
-sign \ -sign \
-binary \ -binary \
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment