From 39fbf2749e2981e4d527f4bb83b98f8b14f17251 Mon Sep 17 00:00:00 2001 From: Tobias Powalowski Date: Sat, 7 Sep 2024 12:29:19 +0200 Subject: [PATCH] code cleanup, remove redundant parts --- usr/lib/archboot/common.sh | 62 ++++++++++++++++++++++--------------- usr/lib/archboot/iso.sh | 4 +-- usr/lib/archboot/release.sh | 60 ++++++++++++++--------------------- usr/lib/archboot/run/uki.sh | 4 --- usr/lib/archboot/uki.sh | 48 +++++++--------------------- 5 files changed, 75 insertions(+), 103 deletions(-) diff --git a/usr/lib/archboot/common.sh b/usr/lib/archboot/common.sh index 50f97d5a7..c01b68069 100644 --- a/usr/lib/archboot/common.sh +++ b/usr/lib/archboot/common.sh @@ -2,19 +2,38 @@ # SPDX-License-Identifier: GPL-3.0-or-later # created by Tobias Powalowski . /etc/archboot/defaults -_BASENAME=${0##*/} -_RUNNING_ARCH="$(uname -m)" -_RUNNING_KERNEL="$(uname -r)" -_LOG="/dev/tty11" -_NO_LOG="/dev/null" -_VC_NUM="${_LOG/\/dev\/tty/}" -_VC="VC${_VC_NUM}" -_ANSWER="/.${_BASENAME}" -_LABEL="Exit" +_AMD_UCODE="boot/amd-ucode.img" +_CACHEDIR="/var/cache/pacman/pkg" +_CONFIG_DIR="/etc/archboot" _DLPROG="curl -L -s" +_FIX_PACKAGES="libelf libevent talloc gcc-libs glibc glib2 icu pcre2 nss terminus-font" +_INTEL_UCODE="boot/intel-ucode.img" _KERNELPKG="linux" _KEYRING="archlinux-keyring" +_LABEL="Exit" +_LOCAL_DB="${_CACHEDIR}/archboot.db" +_LOG="/dev/tty11" +_MAN_INFO_PACKAGES="man-db man-pages texinfo" _MEM_TOTAL="$(rg -o 'MemTotal.* (\d+)' -r '$1' /proc/meminfo)" +_NO_LOG="/dev/null" +_OSREL="/usr/share/archboot/base/etc/os-release" +_PACMAN_CONF="/etc/pacman.conf" +_PACMAN_LIB="/var/lib/pacman" +_PACMAN_MIRROR="/etc/pacman.d/mirrorlist" +_PUB="public_html" +_RSYNC="rsync -a -q --delete --delete-delay" +_RUNNING_ARCH="$(uname -m)" +_RUNNING_KERNEL="$(uname -r)" +_SPLASH="/usr/share/archboot/uki/archboot-background.bmp" +_STANDARD_PACKAGES="gparted xorg-xhost mtools noto-fonts" +_VNC_PACKAGE="tigervnc" +_WAYLAND_PACKAGE="egl-wayland" +_XORG_PACKAGE="xorg" + +_BASENAME=${0##*/} +_ANSWER="/.${_BASENAME}" +_VC_NUM="${_LOG/\/dev\/tty/}" +_VC="VC${_VC_NUM}" if echo "${_BASENAME}" | rg -qw aarch64; then _ARCHBOOT="archboot-arm" _KEYRING="${_KEYRING} archlinuxarm-keyring" @@ -26,21 +45,6 @@ else _ARCHBOOT="archboot" _ARCH="x86_64" fi -_CONFIG_DIR="/etc/archboot" -_AMD_UCODE="/boot/amd-ucode.img" -_INTEL_UCODE="/boot/intel-ucode.img" -_PACMAN_MIRROR="/etc/pacman.d/mirrorlist" -_PACMAN_CONF="/etc/pacman.conf" -_PACMAN_LIB="/var/lib/pacman" -_CACHEDIR="/var/cache/pacman/pkg" -_LOCAL_DB="${_CACHEDIR}/archboot.db" -_PUB="public_html" -_RSYNC="rsync -a -q --delete --delete-delay" -_FIX_PACKAGES="libelf libevent talloc gcc-libs glibc glib2 icu pcre2 nss terminus-font" -_XORG_PACKAGE="xorg" -_VNC_PACKAGE="tigervnc" -_WAYLAND_PACKAGE="egl-wayland" -_STANDARD_PACKAGES="gparted xorg-xhost mtools noto-fonts" # chromium is now working on riscv64 [[ "${_RUNNING_ARCH}" == "riscv64" ]] && _STANDARD_BROWSER="firefox" if [[ -d "${_ISO_HOME}" ]]; then @@ -48,7 +52,15 @@ if [[ -d "${_ISO_HOME}" ]]; then else _NSPAWN="systemd-nspawn -q -D" fi -_MAN_INFO_PACKAGES="man-db man-pages texinfo" + +if [[ "${_ARCH}" == "x86_64" ]]; then + _CMDLINE="console=ttyS0,115200 console=tty0 audit=0 systemd.show_status=auto" +elif [[ "${_ARCH}" == "aarch64" ]]; then + _INTEL_UCODE="" + _CMDLINE="nr_cpus=1 console=ttyAMA0,115200 console=tty0 loglevel=4 audit=0 systemd.show_status=auto" +fi +[[ -n "${_INTEL_UCODE}" ]] && _UKI_INTEL_UCODE="--initrd=${_INTEL_UCODE}" +_UKI_AMD_UCODE="--initrd=${_AMD_UCODE}" ### check for root _root_check() { diff --git a/usr/lib/archboot/iso.sh b/usr/lib/archboot/iso.sh index 018c68850..e45c0dc16 100644 --- a/usr/lib/archboot/iso.sh +++ b/usr/lib/archboot/iso.sh @@ -106,14 +106,14 @@ _prepare_ucode() { # only x86_64 if [[ "${_ARCH}" == "x86_64" ]]; then echo "Preparing intel-ucode..." - cp "${_INTEL_UCODE}" "${_ISODIR}/boot/" + cp "/${_INTEL_UCODE}" "${_ISODIR}/boot/" mkdir -p "${_ISODIR}"/licenses/intel-ucode cp /usr/share/licenses/intel-ucode/LICENSE "${_ISODIR}/licenses/intel-ucode" fi # both x86_64 and aarch64 if ! [[ "${_ARCH}" == "riscv64" ]]; then echo "Preparing amd-ucode..." - cp "${_AMD_UCODE}" "${_ISODIR}/boot/" + cp "/${_AMD_UCODE}" "${_ISODIR}/boot/" mkdir -p "${_ISODIR}"/licenses/amd-ucode cp /usr/share/licenses/amd-ucode/LICENSE.amd-ucode "${_ISODIR}/licenses/amd-ucode" fi diff --git a/usr/lib/archboot/release.sh b/usr/lib/archboot/release.sh index e1bc64b81..0d540ff8a 100644 --- a/usr/lib/archboot/release.sh +++ b/usr/lib/archboot/release.sh @@ -5,11 +5,6 @@ _INITRD="boot/initrd-${_ARCH}.img" _INITRD_LATEST="boot/initrd-latest-${_ARCH}.img" _INITRD_LOCAL="boot/initrd-local-${_ARCH}.img" -if [[ "${_ARCH}" == "aarch64" ]]; then - _KERNEL_ARCHBOOT="boot/Image-${_ARCH}.gz" -else - _KERNEL_ARCHBOOT="boot/vmlinuz-${_ARCH}" -fi _CONFIG_LATEST="${_ARCH}-latest.conf" _CONFIG_LOCAL="${_ARCH}-local.conf" _W_DIR="$(mktemp -u archboot-release.XXX)" @@ -38,8 +33,8 @@ _create_iso() { #shellcheck disable=SC1090 . "${_W_DIR}/etc/archboot/${_ARCH}.conf" #shellcheck disable=SC2116,SC2046,2086 - _KVER="$(_kver $(echo ${_W_DIR}${_KERNEL}))" - _NAME="archboot-$(date +%Y.%m.%d-%H.%M)-${_KVER}" + _KERNEL="$(echo ${_W_DIR}${_KERNEL})" + _NAME="archboot-$(date +%Y.%m.%d-%H.%M)-$(_kver ${_KERNEL})" if ! [[ "${_RUNNING_ARCH}" == "${_ARCH}" ]]; then ### to speedup build for riscv64 and aarch64 on x86_64, run compressor on host system echo "Generating initramdisks..." @@ -88,7 +83,7 @@ _create_iso() { if [[ "${_ARCH}" == "riscv64" ]]; then for i in *.img; do if echo "${i}" | rg -v 'local' | rg -vq 'latest'; then - mcopy -m -i "${i}"@@1048576 ::/"${_KERNEL_ARCHBOOT}" ./"${_KERNEL_ARCHBOOT}" + mv ${_KERNEL} boot/ mcopy -m -i "${i}"@@1048576 ::/"${_INITRD}" ./"${_INITRD}" elif echo "${i}" | rg -q 'latest'; then mcopy -m -i "${i}"@@1048576 ::/"${_INITRD}" ./"${_INITRD_LATEST}" @@ -99,11 +94,18 @@ _create_iso() { else for i in *.iso; do if echo "${i}" | rg -v 'local' | rg -vq 'latest'; then + mv "${_W_DIR}/${_AMD_UCODE}" boot/ + mv "${_W_DIR}/${_KERNEL}" boot/ + if [[ "${_ARCH}" == "aarch64" ]]; then + # replace aarch64 Image.gz with Image kernel for UKI + # compressed image is not working at the moment + _KERNEL="$(echo ${_KERNEL} | sd '\.gz' '')" + mv "${_KERNEL}" boot/ + else + mv "${_W_DIR}/${_INTEL_UCODE}" boot/ + fi isoinfo -R -i "${i}" -x /efi.img 2>"${_NO_LOG}" > efi.img - mcopy -m -i efi.img ::"${_AMD_UCODE}" ."${_AMD_UCODE}" - [[ "${_ARCH}" == "aarch64" ]] || mcopy -m -i efi.img ::"${_INTEL_UCODE}" ."${_INTEL_UCODE}" mcopy -m -i efi.img ::/"${_INITRD}" ./"${_INITRD}" - mcopy -m -i efi.img ::/"${_KERNEL_ARCHBOOT}" ./"${_KERNEL_ARCHBOOT}" elif echo "${i}" | rg -q 'latest'; then isoinfo -R -i "${i}" -x /efi.img 2>"${_NO_LOG}" > efi.img mcopy -m -i efi.img ::/"${_INITRD}" ./"${_INITRD_LATEST}" @@ -113,30 +115,17 @@ _create_iso() { fi rm efi.img done - echo "Generating Unified Kernel Images..." - # create unified kernel image UKI, code adapted from wiki - # https://wiki.archlinux.org/title/Unified_kernel_image - _SPLASH="/usr/share/archboot/uki/archboot-background.bmp" - _OSREL="/usr/share/archboot/base/etc/os-release" - # add AMD ucode license - mkdir -p licenses/amd-ucode - cp /usr/share/licenses/amd-ucode/* licenses/amd-ucode/ - _CMDLINE="boot/cmdline.txt" + # add ucode licenses if [[ "${_ARCH}" == "x86_64" ]]; then - # add INTEL ucode license - mkdir -p licenses/intel-ucode - cp /usr/share/licenses/intel-ucode/* licenses/intel-ucode/ - echo "console=ttyS0,115200 console=tty0 audit=0 systemd.show_status=auto" > ${_CMDLINE} + mkdir -p licenses/ + mv "${_W_DIR}/usr/share/licenses/intel-ucode" licenses/ fi - if [[ "${_ARCH}" == "aarch64" ]]; then - echo "nr_cpus=1 console=ttyAMA0,115200 console=tty0 loglevel=4 audit=0 systemd.show_status=auto" > ${_CMDLINE} - _INTEL_UCODE="" - # replace aarch64 Image.gz with Image kernel for UKI, compressed image is not working at the moment - cp "${_W_DIR}/boot/Image" "boot/Image-${_ARCH}" - _KERNEL_ARCHBOOT="boot/Image-${_ARCH}" - fi - [[ -n "${_INTEL_UCODE}" ]] && _INTEL_UCODE="--initrd=.${_INTEL_UCODE}" - [[ -n "${_AMD_UCODE}" ]] && _AMD_UCODE="--initrd=.${_AMD_UCODE}" + mkdir -p licenses/amd-ucode + mv "${_W_DIR}/usr/share/licenses/amd-ucode" licenses/ + echo "Generating Unified Kernel Images..." + _KERNEL="boot/${_KERNEL##*/})" + [[ -n "${_INTEL_UCODE}" ]] && _INTEL_UCODE="--initrd=${_INTEL_UCODE}" + _AMD_UCODE="--initrd=${_AMD_UCODE}" rm -r "${_W_DIR:?}"/boot mv boot "${_W_DIR}" for initrd in ${_INITRD} ${_INITRD_LATEST} ${_INITRD_LOCAL}; do @@ -144,13 +133,12 @@ _create_iso() { [[ "${initrd}" == "${_INITRD_LATEST}" ]] && _UKI="boot/${_NAME}-latest-${_ARCH}.efi" [[ "${initrd}" == "${_INITRD_LOCAL}" ]] && _UKI="boot/${_NAME}-local-${_ARCH}.efi" #shellcheck disable=SC2086 - ${_NSPAWN} "${_W_DIR}" /usr/lib/systemd/ukify build --linux=${_KERNEL_ARCHBOOT} \ - ${_INTEL_UCODE} ${_AMD_UCODE} --initrd=${initrd} --cmdline=@${_CMDLINE} \ + ${_NSPAWN} "${_W_DIR}" /usr/lib/systemd/ukify build --linux=${_KERNEL} \ + ${_INTEL_UCODE} ${_AMD_UCODE} --initrd=${initrd} --cmdline="${_CMDLINE}" \ --os-release=@${_OSREL} --splash=${_SPLASH} --output=${_UKI} &>"${_NO_LOG}" || exit 1 done # fix permission and timestamp mv "${_W_DIR}"/boot ./ - rm "${_CMDLINE}" chmod 644 boot/*.efi fi touch boot/* diff --git a/usr/lib/archboot/run/uki.sh b/usr/lib/archboot/run/uki.sh index a9d042ff0..b69d3f316 100755 --- a/usr/lib/archboot/run/uki.sh +++ b/usr/lib/archboot/run/uki.sh @@ -11,10 +11,6 @@ _architecture_check _config echo "Starting UKI creation..." _prepare_kernel_initramfs || exit 1 -_prepare_ucode || exit 1 -_prepare_splash || exit 1 -_prepare_osrelease || exit 1 -_reproducibility "${_UKIDIR}" _systemd_ukify || exit 1 _create_cksum || exit 1 _cleanup_uki || exit 1 diff --git a/usr/lib/archboot/uki.sh b/usr/lib/archboot/uki.sh index e67ff386f..e55e2996d 100644 --- a/usr/lib/archboot/uki.sh +++ b/usr/lib/archboot/uki.sh @@ -2,8 +2,6 @@ # SPDX-License-Identifier: GPL-3.0-or-later # created by Tobias Powalowski . /etc/archboot/defaults -_SPLASH="/usr/share/archboot/uki/archboot-background.bmp" -_OSREL="/usr/share/archboot/base/etc/os-release" _UKIDIR="$(mktemp -d UKIDIR.XXX)" _usage () { @@ -43,53 +41,31 @@ _config() { #shellcheck disable=SC1090 . "${_CONFIG}" #shellcheck disable=SC2116,2086 - _KERNEL="$(echo ${_KERNEL})" + # aarch64 .gz kernel is not supported! + _KERNEL="$(echo ${_KERNEL} | sd '\.gz' '')" #shellcheck disable=SC2154 [[ -z "${_UKI}" ]] && _UKI="archboot-$(date +%Y.%m.%d-%H.%M)-$(_kver "${_KERNEL}")-${_ARCH}".efi } -_prepare_kernel_initramfs() { +_prepare_initramfs() { # needed to hash the kernel for secureboot enabled systems - echo "Preparing kernel and initramfs..." - install -m644 "${_KERNEL}" "${_UKIDIR}/kernel" - _INITRD="initrd-${_ARCH}.img" + echo "Preparing initramfs..." + _INITRD="${_UKIDIR}/initrd.img" echo "Running archboot-cpio.sh for ${_INITRD}..." #shellcheck disable=SC2154 archboot-cpio.sh -c "${_CONFIG}" -k "${_KERNEL}" \ - -g "${_UKIDIR}/${_INITRD}" || exit 1 -} - -_prepare_ucode() { - # only x86_64 - if [[ "${_ARCH}" == "x86_64" ]]; then - echo "Preparing intel-ucode..." - cp "${_INTEL_UCODE}" "${_UKIDIR}/" - fi - echo "Preparing amd-ucode..." - cp "${_AMD_UCODE}" "${_UKIDIR}/" -} - -_prepare_splash() { - echo "Preparing UKI splash..." - cp "${_SPLASH}" "${_UKIDIR}/splash.bmp" -} - -_prepare_osrelease() { - echo "Preparing os-release..." - cp "${_OSREL}" "${_UKIDIR}/os-release" + -g "${_INITRD}" || exit 1 } _systemd_ukify() { echo "Generating ${_ARCH} UKI image..." - pushd "${_UKIDIR}" &>"${_NO_LOG}" || exit 1 - [[ "${_ARCH}" == "x86_64" && -z "${_CMDLINE}" ]] && _CMDLINE="console=ttyS0,115200 console=tty0 audit=0 systemd.show_status=auto" - [[ "${_ARCH}" == "aarch64" && -z "${_CMDLINE}" ]] && _CMDLINE="nr_cpus=1 console=ttyAMA0,115200 console=tty0 loglevel=4 audit=0 systemd.show_status=auto" - [[ -n "${_INTEL_UCODE}" ]] && _INTEL_UCODE="--initrd=intel-ucode.img" - [[ -n "${_AMD_UCODE}" ]] && _AMD_UCODE="--initrd=amd-ucode.img" - /usr/lib/systemd/ukify build --linux=kernel \ + cd "${_UKIDIR}" &>"${_NO_LOG}" || exit 1 + [[ -n "/${_INTEL_UCODE}" ]] && _INTEL_UCODE="--initrd=/${_INTEL_UCODE}" + _AMD_UCODE="--initrd=/${_AMD_UCODE}" + /usr/lib/systemd/ukify build --linux=${_KERNEL} \ ${_INTEL_UCODE} ${_AMD_UCODE} --initrd="${_INITRD}" --cmdline="${_CMDLINE}" \ - --os-release=@os-release --splash=splash.bmp --output="../${_UKI}" &>"${_NO_LOG}" || exit 1 - popd &>"${_NO_LOG}" || exit 1 + --os-release=@${_OSREL} --splash=${_SPLASH} --output="../${_UKI}" &>"${_NO_LOG}" || exit 1 + cd ../ &>"${_NO_LOG}" || exit 1 } _create_cksum() {