mirror of
https://gitlab.archlinux.org/tpowa/archboot.git
synced 2024-09-19 19:40:37 +02:00
don't rely on fedora infrastructure
This commit is contained in:
Tobias Powalowski
parent
48429ea921
commit
37f0ae849b
4 changed files with 29 additions and 53 deletions
|
|
@ -2,8 +2,7 @@
|
|||
# created by Tobias Powalowski <tpowa@archlinux.org>
|
||||
|
||||
_BASENAME="$(basename "${0}")"
|
||||
_SHIM_URL="https://kojipkgs.fedoraproject.org/packages/shim/15.4/5/aarch64"
|
||||
_SHIM_VERSION="shim-aa64-15.4-5.aarch64.rpm"
|
||||
_SHIM_URL="https://pkgbuild.com/~tpowa/archboot-helper/fedora-shim"
|
||||
_PRESET_DIR="/etc/archboot/presets"
|
||||
_GRUB_CONFIG="/usr/share/archboot/grub/grub.cfg"
|
||||
# covered by usage
|
||||
|
|
@ -13,7 +12,6 @@ _IMAGENAME=""
|
|||
_RELEASENAME=""
|
||||
# temporary directories
|
||||
_AARCH64="$(mktemp -d AARCH64.XXX)"
|
||||
_SHIM="$(mktemp -d shim.XXX)"
|
||||
|
||||
usage () {
|
||||
echo "${_BASENAME}: usage"
|
||||
|
|
@ -100,10 +98,8 @@ _prepare_efitools_uefi () {
|
|||
_prepare_fedora_shim_bootloaders () {
|
||||
# Details on shim https://www.rodsbooks.com/efi-bootloaders/secureboot.html#initial_shim
|
||||
# add shim aa64 signed files from fedora
|
||||
curl -s --create-dirs -L -O --output-dir "${_SHIM}" "${_SHIM_URL}/${_SHIM_VERSION}"
|
||||
bsdtar -C "${_SHIM}" -xf "${_SHIM}"/"${_SHIM_VERSION}"
|
||||
cp "${_SHIM}/boot/efi/EFI/fedora/mmaa64.efi" "${_AARCH64}/EFI/BOOT/mmaa64.efi"
|
||||
cp "${_SHIM}/boot/efi/EFI/fedora/shimaa64.efi" "${_AARCH64}/EFI/BOOT/BOOTAA64.efi"
|
||||
curl -s --create-dirs -L -O --output-dir "${_AARCH64}/EFI/BOOT/" "${_SHIM_URL}/mmaa64.efi"
|
||||
curl -s --create-dirs -L -O --output-dir "${_AARCH64}/EFI/BOOT/" "${_SHIM_URL}/BOOTAA64.efi"
|
||||
}
|
||||
|
||||
_prepare_uefi_image() {
|
||||
|
|
@ -150,7 +146,7 @@ rm -f "sha256sums.txt" || true
|
|||
cksum -a sha256 ./*.iso > "sha256sums.txt"
|
||||
|
||||
# cleanup
|
||||
echo "Cleanup remove ${_AARCH64} and ${_SHIM} ..."
|
||||
echo "Cleanup remove ${_AARCH64} ..."
|
||||
rm -rf "${_AARCH64}"
|
||||
rm -rf "${_SHIM}"
|
||||
echo "Finished ISO creation."
|
||||
|
|
|
|||
|
|
@ -1,6 +1,5 @@
|
|||
#!/bin/bash
|
||||
_FEDORA_SERVER="https://kojipkgs.fedoraproject.org"
|
||||
_FEDORA_DIR="boot/efi/EFI/fedora"
|
||||
_SHIM_VERSION="15.4"
|
||||
_SHIM_RELEASE="5"
|
||||
_SHIM_URL="${_FEDORA_SERVER}/packages/shim/${_SHIM_VERSION}/${_SHIM_RELEASE}"
|
||||
|
|
@ -38,11 +37,14 @@ bsdtar -C "${_SHIM32}" -xf "${_SHIM32}"/*.rpm
|
|||
bsdtar -C "${_SHIMAA64}" -xf "${_SHIMAA64}"/*.rpm
|
||||
echo "Copy shim files ..."
|
||||
mkdir -m 777 shim-fedora
|
||||
cp "${_SHIM}/${_FEDORA_DIR}/"{mmx64.efi,shimx64.efi} shim-fedora/
|
||||
cp "${_SHIM32}/${_FEDORA_DIR}/"{mmia32.efi,shimia32.efi} shim-fedora/
|
||||
cp "${_SHIMAA64}/${_FEDORA_DIR}/"{mmaa64.efi,shimaa64.efi} shim-fedora/
|
||||
cp "${_SHIM}"/boot/efi/EFI/fedora/{mmx64.efi,shimx64.efi} shim-fedora/
|
||||
cp "${_SHIM}/boot/efi/EFI/fedora/shimx64.efi" shim-fedora/BOOTX64.efi
|
||||
cp "${_SHIM32}"/boot/efi/EFI/fedora/{mmia32.efi,shimia32.efi} shim-fedora/
|
||||
cp "${_SHIM32}/boot/efi/EFI/fedora/shimia32.efi" shim-fedora/BOOTIA32.efi
|
||||
cp "${_SHIMAA64}"/boot/efi/EFI/fedora/{mmaa64.efi,shimaa64.efi} shim-fedora/
|
||||
cp "${_SHIMAA64}/boot/efi/EFI/fedora/shimaa64.efi" shim-fedora/BOOTAA64.efi
|
||||
# cleanup
|
||||
echo "Cleanup directories "$_SHIM}" "${_SHIM32}" "${_SHIMAA64}" ..."
|
||||
echo "Cleanup directories ${_SHIM} ${_SHIM32} ${_SHIMAA64} ..."
|
||||
rm -r "${_SHIM}" "${_SHIM32}" "${_SHIMAA64}"
|
||||
# sign files
|
||||
echo "Sign files and upload ..."
|
||||
|
|
@ -51,11 +53,12 @@ cd shim-fedora/ || exit 1
|
|||
chown "${_USER}" ./*
|
||||
chgrp "${_GROUP}" ./*
|
||||
for i in *.efi; do
|
||||
#shellcheck disable=SC2086
|
||||
[[ -f "${i}" ]] && sudo -u "${_USER}" gpg ${_GPG} "${i}" || exit 1
|
||||
[[ -f "${i}" ]] && cksum -a sha256 "${i}" >> sha256sum.txt
|
||||
[[ -f "${i}.sig" ]] && cksum -a sha256 "${i}.sig" >> sha256sum.txt
|
||||
done
|
||||
sudo -u "${_USER}" scp * ${_SERVER}:${_SHIM_ARCH_SERVERDIR} || exit 1
|
||||
sudo -u "${_USER}" scp ./* "${_SERVER}:${_SHIM_ARCH_SERVERDIR}" || exit 1
|
||||
# cleanup
|
||||
echo "Remove fedora-shim directory."
|
||||
cd ..
|
||||
|
|
|
|||
|
|
@ -3,9 +3,7 @@
|
|||
|
||||
_BASENAME="$(basename "${0}")"
|
||||
_PRESET_DIR="/etc/archboot/presets"
|
||||
_SHIM_URL="https://kojipkgs.fedoraproject.org/packages/shim/15.4/5/x86_64"
|
||||
_SHIM_VERSION="shim-x64-15.4-5.x86_64.rpm"
|
||||
_SHIM32_VERSION="shim-ia32-15.4-5.x86_64.rpm"
|
||||
_SHIM_URL="https://pkgbuild.com/~tpowa/archboot-helper/fedora-shim"
|
||||
_GRUB_CONFIG="/usr/share/archboot/grub/grub.cfg"
|
||||
# covered by usage
|
||||
_GENERATE=""
|
||||
|
|
@ -14,8 +12,6 @@ _IMAGENAME=""
|
|||
_RELEASENAME=""
|
||||
# temporary directories
|
||||
_X86_64="$(mktemp -d X86_64.XXX)"
|
||||
_SHIM="$(mktemp -d shim.XXX)"
|
||||
_SHIM32="$(mktemp -d shim32.XXX)"
|
||||
|
||||
usage () {
|
||||
echo "${_BASENAME}: usage"
|
||||
|
|
@ -97,17 +93,10 @@ _prepare_efitools_uefi () {
|
|||
_prepare_fedora_shim_bootloaders () {
|
||||
# Details on shim https://www.rodsbooks.com/efi-bootloaders/secureboot.html#initial_shim
|
||||
# add shim x64 signed files from fedora
|
||||
curl -s --create-dirs -L -O --output-dir "${_SHIM}" "${_SHIM_URL}/${_SHIM_VERSION}"
|
||||
bsdtar -C "${_SHIM}" -xf "${_SHIM}"/"${_SHIM_VERSION}"
|
||||
cp "${_SHIM}/boot/efi/EFI/fedora/mmx64.efi" "${_X86_64}/EFI/BOOT/mmx64.efi"
|
||||
cp "${_SHIM}/boot/efi/EFI/fedora/shimx64.efi" "${_X86_64}/EFI/BOOT/BOOTX64.efi"
|
||||
# add shim ia32 signed files from fedora
|
||||
curl -s --create-dirs -L -O --output-dir "${_SHIM32}" "${_SHIM_URL}/${_SHIM32_VERSION}"
|
||||
bsdtar -C "${_SHIM32}" -xf "${_SHIM32}/${_SHIM32_VERSION}"
|
||||
cp "${_SHIM32}/boot/efi/EFI/fedora/mmia32.efi" "${_X86_64}/EFI/BOOT/mmia32.efi"
|
||||
cp "${_SHIM32}/boot/efi/EFI/fedora/shimia32.efi" "${_X86_64}/EFI/BOOT/BOOTIA32.efi"
|
||||
### adding this causes boot loop in ovmf and only tries create a boot entry
|
||||
#cp "${SHIM}/boot/efi/EFI/BOOT/fbx64.efi" "${_X86_64}/EFI/BOOT/fbx64.efi"
|
||||
curl -s --create-dirs -L -O --output-dir "${_X86_64}/EFI/BOOT/" "${_SHIM_URL}/mmx64.efi"
|
||||
curl -s --create-dirs -L -O --output-dir "${_X86_64}/EFI/BOOT/" "${_SHIM_URL}/BOOTX64.efi"
|
||||
curl -s --create-dirs -L -O --output-dir "${_X86_64}/EFI/BOOT/" "${_SHIM_URL}/mmia32.efi"
|
||||
curl -s --create-dirs -L -O --output-dir "${_X86_64}/EFI/BOOT/" "${_SHIM_URL}/BOOTIA32.efi"
|
||||
}
|
||||
|
||||
_prepare_uefi_image() {
|
||||
|
|
@ -178,8 +167,6 @@ rm -f "sha256sums.txt" || true
|
|||
cksum -a sha256 ./*.iso > "sha256sums.txt"
|
||||
|
||||
# cleanup
|
||||
echo "Cleanup remove ${_X86_64}, ${_SHIM} and ${_SHIM32} ..."
|
||||
echo "Cleanup remove ${_X86_64} ..."
|
||||
rm -rf "${_X86_64}"
|
||||
rm -rf "${_SHIM}"
|
||||
rm -rf "${_SHIM32}"
|
||||
echo "Finished ISO creation."
|
||||
|
|
|
|||
|
|
@ -46,29 +46,19 @@ build ()
|
|||
add_file "/usr/share/efitools/efi/HashTool.efi"
|
||||
add_file "/usr/share/efitools/efi/KeyTool.efi"
|
||||
# add shim signed files from fedora
|
||||
_SHIM_URL="https://pkgbuild.com/~tpowa/archboot-helper/fedora-shim"
|
||||
_SHIM=$(mktemp -d /var/tmp/shim.XXXX)
|
||||
if [[ "$(uname -m)" == "x86_64" ]]; then
|
||||
_SHIM_URL="https://kojipkgs.fedoraproject.org/packages/shim/15.4/5/x86_64"
|
||||
_SHIM_VERSION="shim-x64-15.4-5.x86_64.rpm"
|
||||
_SHIM32_VERSION="shim-ia32-15.4-5.x86_64.rpm"
|
||||
SHIM=$(mktemp -d /var/tmp/shim.XXXX)
|
||||
curl -s --create-dirs -L -O --output-dir "${SHIM}" "${_SHIM_URL}/${_SHIM_VERSION}"
|
||||
bsdtar -C "${SHIM}" -xf "${SHIM}"/"${_SHIM_VERSION}"
|
||||
add_file "${SHIM}/boot/efi/EFI/fedora/mmx64.efi" "/usr/share/archboot/fedora-shim/mmx64.efi"
|
||||
add_file "${SHIM}/boot/efi/EFI/fedora/shimx64.efi" "/usr/share/archboot/fedora-shim/shimx64.efi"
|
||||
SHIM32=$(mktemp -d /var/tmp/shim32.XXXX)
|
||||
curl -s --create-dirs -L -O --output-dir "${SHIM32}" "${_SHIM_URL}/${_SHIM32_VERSION}"
|
||||
bsdtar -C "${SHIM32}" -xf "${SHIM32}/${_SHIM32_VERSION}"
|
||||
add_file "${SHIM32}/boot/efi/EFI/fedora/mmia32.efi" "/usr/share/archboot/fedora-shim/mmia32.efi"
|
||||
add_file "${SHIM32}/boot/efi/EFI/fedora/shimia32.efi" "/usr/share/archboot/fedora-shim/shimia32.efi"
|
||||
curl -s --create-dirs -L -O --output-dir "${_SHIM}" "${_SHIM_URL}"/{mmx64.efi,shimx64.efi,mmia32.efi,shimia32.efi}
|
||||
add_file "${_SHIM}/mmx64.efi" "/usr/share/archboot/fedora-shim/mmx64.efi"
|
||||
add_file "${_SHIM}/shimx64.efi" "/usr/share/archboot/fedora-shim/shimx64.efi"
|
||||
add_file "${_SHIM}/mmia32.efi" "/usr/share/archboot/fedora-shim/mmia32.efi"
|
||||
add_file "${_SHIM}/shimia32.efi" "/usr/share/archboot/fedora-shim/shimia32.efi"
|
||||
fi
|
||||
if [[ "$(uname -m)" == "aarch64" ]]; then
|
||||
_SHIM_AA64_URL="https://kojipkgs.fedoraproject.org/packages/shim/15.4/5/aarch64"
|
||||
_SHIM_AA64_VERSION="shim-aa64-15.4-5.aarch64.rpm"
|
||||
SHIMAA64=$(mktemp -d /var/tmp/shimaa64.XXXX)
|
||||
curl -s --create-dirs -L -O --output-dir "${SHIMAA64}" "${_SHIM_AA64_URL}/${_SHIM_AA64_VERSION}"
|
||||
bsdtar -C "${SHIMAA64}" -xf "${SHIMAA64}"/"${_SHIM_AA64_VERSION}"
|
||||
add_file "${SHIMAA64}/boot/efi/EFI/fedora/mmaa64.efi" "/usr/share/archboot/fedora-shim/mmaa64.efi"
|
||||
add_file "${SHIMAA64}/boot/efi/EFI/fedora/shimaa64.efi" "/usr/share/archboot/fedora-shim/shimaa64.efi"
|
||||
curl -s --create-dirs -L -O --output-dir "${_SHIM}" "${_SHIM_URL}"/{mmaa64.efi,shimaa64.efi}
|
||||
add_file "${_SHIM}/mmaa64.efi" "/usr/share/archboot/fedora-shim/mmaa64.efi"
|
||||
add_file "${_SHIM}/shimaa64.efi" "/usr/share/archboot/fedora-shim/shimaa64.efi"
|
||||
fi
|
||||
# add generate keys script
|
||||
add_file "/usr/bin/archboot-secureboot-keys.sh" "/usr/bin/secureboot-keys.sh"
|
||||
|
|
|
|||
Loading…
Reference in a new issue