| index : archiso32 | |
| Archlinux32 iso tools | gitolite user |
| summaryrefslogtreecommitdiff |
| author | David Runge <dvzrv@archlinux.org> | 2021-06-30 17:23:03 +0200 |
|---|---|---|
| committer | David Runge <dvzrv@archlinux.org> | 2021-06-30 17:23:03 +0200 |
| commit | 7d120315f19dba5e2be37fb082127a4c7d3e6c0d (patch) | |
| tree | 019bb0757b4c3df7776cf12cd1fc14369323d72e | |
| parent | 33e4ff6294cba8d9bb783adde611d9a273534437 (diff) | |
| parent | 97b7aebab8be430f2ce0e7fc307e95fe693f334c (diff) | |
| -rw-r--r-- | .gitlab-ci.yml | 3 | ||||
| -rwxr-xr-x | archiso/mkarchiso | 32 |
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 44fd2ca..2d615e7 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -44,8 +44,6 @@ build_short: extends: .build parallel: matrix: - # baseline does not support netboot with codesinging - # https://gitlab.archlinux.org/archlinux/archiso/-/issues/132 - BUILD_SCRIPT_ARGS: baseline bootstrap - BUILD_SCRIPT_ARGS: releng bootstrap @@ -56,5 +54,6 @@ build_long: parallel: matrix: - BUILD_SCRIPT_ARGS: baseline iso + - BUILD_SCRIPT_ARGS: baseline netboot - BUILD_SCRIPT_ARGS: releng iso - BUILD_SCRIPT_ARGS: releng netboot diff --git a/archiso/mkarchiso b/archiso/mkarchiso index 6d8c977..7cec3a9 100755 --- a/archiso/mkarchiso +++ b/archiso/mkarchiso @@ -37,6 +37,8 @@ airootfs_image_tool_options=() cert_list=() sign_netboot_artifacts="" declare -A file_permissions=() +# adapted from GRUB_EARLY_INITRD_LINUX_STOCK in https://git.savannah.gnu.org/cgit/grub.git/tree/util/grub-mkconfig.in +readonly ucodes=('intel-uc.img' 'intel-ucode.img' 'amd-uc.img' 'amd-ucode.img' 'early_ucode.cpio' 'microcode.cpio') # Show an INFO message @@ -395,7 +397,7 @@ _make_boot_on_iso9660() { install -m 0644 -- "${pacstrap_dir}/boot/initramfs-"*".img" "${isofs_dir}/${install_dir}/boot/${arch}/" install -m 0644 -- "${pacstrap_dir}/boot/vmlinuz-"* "${isofs_dir}/${install_dir}/boot/${arch}/" - for ucode_image in {intel-uc.img,intel-ucode.img,amd-uc.img,amd-ucode.img,early_ucode.cpio,microcode.cpio}; do + for ucode_image in "${ucodes[@]}"; do if [[ -e "${pacstrap_dir}/boot/${ucode_image}" ]]; then install -m 0644 -- "${pacstrap_dir}/boot/${ucode_image}" "${isofs_dir}/${install_dir}/boot/" if [[ -e "${pacstrap_dir}/usr/share/licenses/${ucode_image%.*}/" ]]; then @@ -494,11 +496,9 @@ _make_boot_on_fat() { "::/${install_dir}" "::/${install_dir}/boot" "::/${install_dir}/boot/${arch}" mcopy -i "${work_dir}/efiboot.img" "${pacstrap_dir}/boot/vmlinuz-"* \ "${pacstrap_dir}/boot/initramfs-"*".img" "::/${install_dir}/boot/${arch}/" - for ucode_image in \ - "${pacstrap_dir}/boot/"{intel-uc.img,intel-ucode.img,amd-uc.img,amd-ucode.img,early_ucode.cpio,microcode.cpio} - do - if [[ -e "${ucode_image}" ]]; then - all_ucode_images+=("${ucode_image}") + for ucode_image in "${ucodes[@]}"; do + if [[ -e "${pacstrap_dir}/boot/${ucode_image}" ]]; then + all_ucode_images+=("${pacstrap_dir}/boot/${ucode_image}") fi done if (( ${#all_ucode_images[@]} )); then @@ -509,9 +509,15 @@ _make_boot_on_fat() { # Prepare efiboot.img::/EFI for EFI boot mode _make_bootmode_uefi-x64.systemd-boot.esp() { - local efiboot_imgsize="0" + local _file efiboot_imgsize="0" + local _available_ucodes=() _msg_info "Setting up systemd-boot for UEFI booting..." + for _file in "${ucodes[@]}"; do + if [[ -e "${pacstrap_dir}/boot/${_file}" ]]; then + _available_ucodes+=("${pacstrap_dir}/boot/${_file}") + fi + done # the required image size in KiB (rounded up to the next full MiB with an additional MiB for reserved sectors) efiboot_imgsize="$(du -bc \ "${pacstrap_dir}/usr/lib/systemd/boot/efi/systemd-bootx64.efi" \ @@ -519,7 +525,7 @@ _make_bootmode_uefi-x64.systemd-boot.esp() { "${profile}/efiboot/" \ "${pacstrap_dir}/boot/vmlinuz-"* \ "${pacstrap_dir}/boot/initramfs-"*".img" \ - "${pacstrap_dir}/boot/"{intel-uc.img,intel-ucode.img,amd-uc.img,amd-ucode.img,early_ucode.cpio,microcode.cpio} \ + "${_available_ucodes[@]}" \ 2>/dev/null | awk 'function ceil(x){return int(x)+(x>int(x))} function byte_to_kib(x){return x/1024} function mib_to_kib(x){return x*1024} @@ -670,9 +676,15 @@ _export_netboot_artifacts() { # sign build artifacts for netboot _sign_netboot_artifacts() { local _file _dir + local _files_to_sign=() _msg_info "Signing netboot artifacts..." - _dir="${isofs_dir}/${install_dir}/" - for _file in "${_dir}/boot/"*ucode.img "${_dir}/boot/${arch}/vmlinuz-"* "${_dir}/boot/${arch}/initramfs-"*.img; do + _dir="${isofs_dir}/${install_dir}/boot/" + for _file in "${ucodes[@]}"; do + if [[ -e "${_dir}${_file}" ]]; then + _files_to_sign+=("${_dir}${_file}") + fi + done + for _file in "${_files_to_sign[@]}" "${_dir}${arch}/vmlinuz-"* "${_dir}${arch}/initramfs-"*.img; do openssl cms \ -sign \ -binary \ |