root/archboot
1
0
Fork 0
mirror of https://gitlab.archlinux.org/tpowa/archboot.git synced 2024-09-20 03:50:37 +02:00
Code Issues Projects Releases Packages Wiki Activity

more grub/shim fixes

Browse source
This commit is contained in:
Tobias Powalowski 2021-10-16 00:08:11 +02:00
parent 16b7d4bbda
commit 7c77e465b3
1 changed files with 23 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

52
usr/bin/archboot-setup.sh
View file

@ -65,11 +65,11 @@ chroot_mount()
[[ -e "${DESTDIR}/proc" ]] || mkdir -m 555 "${DESTDIR}/proc" [[ -e "${DESTDIR}/proc" ]] || mkdir -m 555 "${DESTDIR}/proc"
[[ -e "${DESTDIR}/sys" ]] || mkdir -m 555 "${DESTDIR}/sys" [[ -e "${DESTDIR}/sys" ]] || mkdir -m 555 "${DESTDIR}/sys"
[[ -e "${DESTDIR}/dev" ]] || mkdir -m 755 "${DESTDIR}/dev" [[ -e "${DESTDIR}/dev" ]] || mkdir -m 755 "${DESTDIR}/dev"
mount --make-runbindable /sys/fs/cgroup mount proc "${DESTDIR}/proc" -t proc -o nosuid,noexec,nodev
mount --make-runbindable /proc/sys/fs/binfmt_misc mount sys "${DESTDIR}/sys" -t sysfs -o nosuid,noexec,nodev,ro
mount --rbind "/proc" "${DESTDIR}/proc" mount udev "${DESTDIR}/dev" -t devtmpfs -o mode=0755,nosuid
mount --rbind "/sys" "${DESTDIR}/sys" mount devpts "${DESTDIR}/dev/pts" -t devpts -o mode=0620,gid=5,nosuid,noexec
mount --rbind "/dev" "${DESTDIR}/dev" mount shm "${DESTDIR}/dev/shm" -t tmpfs -o mode=1777,nosuid,nodev
} }
# chroot_umount() # chroot_umount()
@ -80,8 +80,6 @@ chroot_umount()
umount -R "${DESTDIR}/proc" umount -R "${DESTDIR}/proc"
umount -R "${DESTDIR}/sys" umount -R "${DESTDIR}/sys"
umount -R "${DESTDIR}/dev" umount -R "${DESTDIR}/dev"
mount --make-rshared /sys/fs/cgroup
mount --make-rshared /proc/sys/fs/binfmt_misc
} }
getfstype() getfstype()
@ -3083,7 +3081,7 @@ detect_uefi_secure_boot() {
if [[ "${_DETECTED_UEFI_BOOT}" == "1" ]]; then if [[ "${_DETECTED_UEFI_BOOT}" == "1" ]]; then
uefi_mount_efivarfs uefi_mount_efivarfs
if [[ "$(echo $(bootctl | grep 'Secure' | cut -d : -f2))" == "enabled" ]]; then if [[ "$(echo $(bootctl | grep 'Secure Boot:' | cut -d : -f2))" == "enabled" ]]; then
export _DETECTED_UEFI_SECURE_BOOT="1" export _DETECTED_UEFI_SECURE_BOOT="1"
fi fi
fi fi
@ -3125,7 +3123,8 @@ do_uefi_common() {
[[ ! -f "${DESTDIR}/usr/bin/efivar" ]] && PACKAGES="${PACKAGES} efivar" [[ ! -f "${DESTDIR}/usr/bin/efivar" ]] && PACKAGES="${PACKAGES} efivar"
[[ ! -f "${DESTDIR}/usr/bin/efibootmgr" ]] && PACKAGES="${PACKAGES} efibootmgr" [[ ! -f "${DESTDIR}/usr/bin/efibootmgr" ]] && PACKAGES="${PACKAGES} efibootmgr"
if [[ "${_DETECTED_UEFI_SECURE_BOOT}" == "1" ]]; then if [[ "${_DETECTED_UEFI_SECURE_BOOT}" == "1" ]]; then
PACKAGES="${PACKAGES} efitools mokutil" [[ ! -f "${DESTDIR}/usr/bin/mokutil" ]] && PACKAGES="${PACKAGES} mokutil"
[[ ! -f "${DESTDIR}//usr/bin/efi-readvar" ]] && PACKAGES="${PACKAGES} efitools"
fi fi
! [[ "${PACKAGES}" == "" ]] && run_pacman ! [[ "${PACKAGES}" == "" ]] && run_pacman
unset PACKAGES unset PACKAGES
@ -3138,10 +3137,8 @@ do_uefi_efibootmgr() {
uefi_mount_efivarfs uefi_mount_efivarfs
chroot_mount if [[ "$(/usr/bin/efivar -l)" ]]; then
cat << EFIBEOF > "/tmp/efibootmgr_run.sh"
if [[ "$(chroot ${DESTDIR} /usr/bin/efivar -l)" ]]; then
cat << EFIBEOF > "${DESTDIR}/efibootmgr_run.sh"
#!/usr/bin/env bash #!/usr/bin/env bash
_EFIBOOTMGR_LOADER_PARAMETERS="${_EFIBOOTMGR_LOADER_PARAMETERS}" _EFIBOOTMGR_LOADER_PARAMETERS="${_EFIBOOTMGR_LOADER_PARAMETERS}"
@ -3158,15 +3155,12 @@ fi
EFIBEOF EFIBEOF
chmod a+x "${DESTDIR}/efibootmgr_run.sh" chmod a+x "/tmp/efibootmgr_run.sh"
chroot "${DESTDIR}" "/usr/bin/bash" "/efibootmgr_run.sh" &>"/tmp/efibootmgr_run.log" /tmp/efibootmgr_run.sh &>"/tmp/efibootmgr_run.log"
mv "${DESTDIR}/efibootmgr_run.sh" "/tmp/efibootmgr_run.sh"
else else
DIALOG --msgbox "Boot entry could not be created. Check whether you have booted in UEFI boot mode and create a boot entry for ${UEFISYS_MOUNTPOINT}/${_EFIBOOTMGR_LOADER_PATH} using efibootmgr." 0 0 DIALOG --msgbox "Boot entry could not be created. Check whether you have booted in UEFI boot mode and create a boot entry for ${UEFISYS_MOUNTPOINT}/${_EFIBOOTMGR_LOADER_PATH} using efibootmgr." 0 0
fi fi
chroot_umount
unset _EFIBOOTMGR_LABEL unset _EFIBOOTMGR_LABEL
unset _EFIBOOTMGR_DISC unset _EFIBOOTMGR_DISC
unset _EFIBOOTMGR_PART_NUM unset _EFIBOOTMGR_PART_NUM
@ -3833,7 +3827,7 @@ do_grub_config() {
else else
subdir="" subdir=""
# on btrfs we need to check on subvol # on btrfs we need to check on subvol
if [[ $(mount | "${DESTDIR}/boot " | grep btrfs | grep subvol) ]]; then if [[ $(mount | grep "${DESTDIR}/boot " | grep btrfs | grep subvol) ]]; then
subdir="/$(echo $(btrfs subvolume show "${DESTDIR}/boot" | grep Name | cut -d ":" -f2))" subdir="/$(echo $(btrfs subvolume show "${DESTDIR}/boot" | grep Name | cut -d ":" -f2))"
fi fi
fi fi
@ -4223,12 +4217,11 @@ do_grub_uefi() {
do_grub_common_before do_grub_common_before
chroot_mount chroot_mount
if [[ "${_DETECTED_UEFI_SECURE_BOOT}" == "1" ]]; then if [[ "${_DETECTED_UEFI_SECURE_BOOT}" == "1" ]]; then
[[ ! -d ${UEFISYS_MOUNTPOINT}/EFI/Boot/ ]] && mkdir -p ${UEFISYS_MOUNTPOINT}/EFI/BOOT/ [[ ! -d ${DESTDIR}/${UEFISYS_MOUNTPOINT}/EFI/BOOT ]] && mkdir -p ${DESTDIR}/${UEFISYS_MOUNTPOINT}/EFI/BOOT/
cp /usr/share/archboot/fedora-shim/shim${_SPEC_UEFI_ARCH}.efi ${UEFISYS_MOUNTPOINT}/EFI/BOOT/BOOT${_UEFI_ARCH}.efi cp /usr/share/archboot/fedora-shim/shim${_SPEC_UEFI_ARCH}.efi ${DESTDIR}/${UEFISYS_MOUNTPOINT}/EFI/BOOT/BOOT${_UEFI_ARCH}.efi
cp /usr/share/archboot/fedora-shim/mmx${_SPEC_UEFI_ARCH}.efi ${UEFISYS_MOUNTPOINT}/EFI/BOOT/ cp /usr/share/archboot/fedora-shim/mm${_SPEC_UEFI_ARCH}.efi ${DESTDIR}/${UEFISYS_MOUNTPOINT}/EFI/BOOT/
cp /usr/share/archboot/grub/grub${_SPEC_UEFI_ARCH}.efi ${UEFISYS_MOUNTPOINT}/EFI/BOOT/ cp /usr/share/archboot/grub/grub${_SPEC_UEFI_ARCH}.efi ${DESTDIR}/${UEFISYS_MOUNTPOINT}/EFI/BOOT/
GRUB_PREFIX_DIR=${UEFISYS_MOUNTPOINT}/EFI/BOOT/ GRUB_PREFIX_DIR=${UEFISYS_MOUNTPOINT}/EFI/BOOT/
else else
## Create GRUB Standalone EFI image - https://wiki.archlinux.org/index.php/GRUB#GRUB_Standalone ## Create GRUB Standalone EFI image - https://wiki.archlinux.org/index.php/GRUB#GRUB_Standalone
@ -4260,7 +4253,7 @@ do_grub_uefi() {
cat "/tmp/grub_uefi_${_UEFI_ARCH}_install.log" >> "${LOG}" cat "/tmp/grub_uefi_${_UEFI_ARCH}_install.log" >> "${LOG}"
GRUB_PREFIX_DIR="/boot/grub/" GRUB_PREFIX_DIR="/boot/grub/"
fi fi
chroot_umount
GRUB_UEFI="1" GRUB_UEFI="1"
do_grub_config do_grub_config
GRUB_UEFI="" GRUB_UEFI=""
@ -4288,16 +4281,16 @@ do_grub_uefi() {
cp -f "${DESTDIR}/${UEFISYS_MOUNTPOINT}/EFI/grub/grub${_SPEC_UEFI_ARCH}.efi" "${DESTDIR}/${UEFISYS_MOUNTPOINT}/EFI/BOOT/boot${_SPEC_UEFI_ARCH}.efi" cp -f "${DESTDIR}/${UEFISYS_MOUNTPOINT}/EFI/grub/grub${_SPEC_UEFI_ARCH}.efi" "${DESTDIR}/${UEFISYS_MOUNTPOINT}/EFI/BOOT/boot${_SPEC_UEFI_ARCH}.efi"
fi fi
elif [[ -e "${DESTDIR}/${UEFISYS_MOUNTPOINT}/EFI/BOOT/grub${_SPEC_UEFI_ARCH}.efi" ]]; then elif [[ -e "${DESTDIR}/${UEFISYS_MOUNTPOINT}/EFI/BOOT/grub${_SPEC_UEFI_ARCH}.efi" ]]; then
do_uefi_secure_boot_efitools
_BOOTMGR_LABEL="SHIM/GRUB Secure Boot" _BOOTMGR_LABEL="SHIM/GRUB Secure Boot"
_BOOTMGR_LOADER_DIR="/EFI/BOOT/shim${_SPEC_UEFI_ARCH}.efi" _BOOTMGR_LOADER_DIR="/EFI/BOOT/shim${_SPEC_UEFI_ARCH}.efi"
do_uefi_bootmgr_setup do_uefi_bootmgr_setup
do_uefi_secure_boot_efitools DIALOG --msgbox "SHIM/GRUB Secure Boot for ${_UEFI_ARCH} UEFI has been installed successfully." 0 0
### TODO: Add sign of grub and kernel image with MOK key ### TODO: Add sign of grub and kernel image with MOK key
else else
DIALOG --msgbox "Error installing GRUB(2) for ${_UEFI_ARCH} UEFI.\nCheck /tmp/grub_uefi_${_UEFI_ARCH}_install.log for more info.\n\nYou probably need to install it manually by chrooting into ${DESTDIR}.\nDon't forget to bind mount /dev, /sys and /proc into ${DESTDIR} before chrooting." 0 0 DIALOG --msgbox "Error installing GRUB(2) for ${_UEFI_ARCH} UEFI.\nCheck /tmp/grub_uefi_${_UEFI_ARCH}_install.log for more info.\n\nYou probably need to install it manually by chrooting into ${DESTDIR}.\nDon't forget to bind mount /dev, /sys and /proc into ${DESTDIR} before chrooting." 0 0
return 1 return 1
fi fi
} }
select_source() { select_source() {
@ -4799,19 +4792,20 @@ install_bootloader() {
_ANOTHER="1" _ANOTHER="1"
if [[ "${_DETECTED_UEFI_BOOT}" == "1" ]]; then if [[ "${_DETECTED_UEFI_BOOT}" == "1" ]]; then
do_uefi_setup_env_vars do_uefi_setup_env_vars
_ANOTHER="0"
if [[ "${_DETECTED_UEFI_SECURE_BOOT}" == "1" ]]; then if [[ "${_DETECTED_UEFI_SECURE_BOOT}" == "1" ]]; then
install_bootloader_uefi install_bootloader_uefi
else else
DIALOG --yesno "Setup has detected that you are using ${_UEFI_ARCH} UEFI ...\nDo you like to install a ${_UEFI_ARCH} UEFI bootloader?" 0 0 && install_bootloader_uefi DIALOG --yesno "Setup has detected that you are using ${_UEFI_ARCH} UEFI ...\nDo you like to install a ${_UEFI_ARCH} UEFI bootloader?" 0 0 && install_bootloader_uefi
fi
_ANOTHER="0"
DIALOG --defaultno --yesno "Do you want to install another bootloader?" 0 0 && _ANOTHER="1" DIALOG --defaultno --yesno "Do you want to install another bootloader?" 0 0 && _ANOTHER="1"
fi fi
fi
while [[ "${_ANOTHER}" == "1" ]]; do while [[ "${_ANOTHER}" == "1" ]]; do
install_bootloader_menu install_bootloader_menu
_ANOTHER="0" _ANOTHER="0"
DIALOG --defaultno --yesno "Do you want to install another bootloader?" 0 0 && _ANOTHER="1" DIALOG --defaultno --yesno "Do you want to install another bootloader?" 0 0 && _ANOTHER="1"
done done
NEXTITEM="8"
} }
install_bootloader_menu() { install_bootloader_menu() {