fix uki script

update CHANGELOG
2024-09-16 18:10:38 +02:00 · 2024-09-05 21:45:56 +02:00 · 2024-09-05 20:32:50 +02:00 · 2024-09-05 20:23:28 +02:00 · 2024-09-05 20:22:45 +02:00 · 2024-09-05 20:20:26 +02:00
6 changed files with 142 additions and 5 deletions
--- a/8
+++ b/8
@ -1,15 +1,17 @@
 On the road to 2024.09:
 - switched Europe domain from archboot.de to archboot.eu
 - added custom autorun script support
+- added archboot-x86_64-uki.sh script
+- added archboot-aarch64-uki.sh script
+setup:
+- switched to new limine 8.0 config layout (issue #4)
+- switched to mkinitcpio uki generation (issue #3)
 ---
 Highlights 2024.08:
 - added clean-blockdevice.sh script
 Environment:
 - updated and unified usage information in all scripts
 - added bash completion for restore-usbstick.sh and clean-blockdevice.sh
-setup:
- switched to mkinitcpio handle UKI creation #3
- added new limine config syntax issue #4
 ---
 Highlights 2024.07:
 - kernel 6.10.x
--- a/usr/bin/archboot-aarch64-uki.sh
+++ b/usr/bin/archboot-aarch64-uki.sh
@ -0,0 +1 @@
+../lib/archboot/run/uki.sh
--- a/usr/bin/archboot-x86_64-uki.sh
+++ b/usr/bin/archboot-x86_64-uki.sh
@ -0,0 +1 @@
+../lib/archboot/run/uki.sh
--- a/usr/lib/archboot/release.sh
+++ b/usr/lib/archboot/release.sh
@ -128,12 +128,10 @@ _create_iso() {
            # add INTEL ucode license
            mkdir -p licenses/intel-ucode
            cp /usr/share/licenses/intel-ucode/* licenses/intel-ucode/
-            _EFISTUB="/usr/lib/systemd/boot/efi/linuxx64.efi.stub"
            echo "console=ttyS0,115200 console=tty0 audit=0 systemd.show_status=auto" > ${_CMDLINE}
        fi
        if [[ "${_ARCH}" == "aarch64" ]]; then
            echo "nr_cpus=1 console=ttyAMA0,115200 console=tty0 loglevel=4 audit=0 systemd.show_status=auto" > ${_CMDLINE}
-            _EFISTUB="/usr/lib/systemd/boot/efi/linuxaa64.efi.stub"
            _INTEL_UCODE=""
            # replace aarch64 Image.gz with Image kernel for UKI, compressed image is not working at the moment
            cp "${_W_DIR}/boot/Image" "boot/Image-${_ARCH}"
--- a/usr/lib/archboot/run/uki.sh
+++ b/usr/lib/archboot/run/uki.sh
@ -0,0 +1,21 @@
+#!/usr/bin/env bash
+# SPDX-License-Identifier: GPL-3.0-or-later
+# created by Tobias Powalowski <tpowa@archlinux.org>
+. /usr/lib/archboot/common.sh
+. /usr/lib/archboot/uki.sh
+[[ -z "${1}" ]] && _usage
+_parameters "$@"
+[[ "${_GENERATE}" == "1" ]] || _usage
+_root_check
+_architecture_check
+_config
+echo "Starting UKI creation..."
+_prepare_kernel_initramfs || exit 1
+_prepare_ucode || exit 1
+_prepare_background || exit 1
+_prepare_osrelease || exit 1
+_reproducibility || exit 1
+_systemd_ukify || exit 1
+_create_cksum || exit 1
+_cleanup_uki || exit 1
+echo "Finished UKI creation."
--- a/usr/lib/archboot/uki.sh
+++ b/usr/lib/archboot/uki.sh
@ -0,0 +1,114 @@
+#!/usr/bin/env bash
+# SPDX-License-Identifier: GPL-3.0-or-later
+# created by Tobias Powalowski <tpowa@archlinux.org>
+. /etc/archboot/defaults
+_AMD_UCODE="/boot/amd-ucode.img"
+_INTEL_UCODE="/boot/intel-ucode.img"
+_SPLASH="/usr/share/archboot/uki/archboot-background.bmp"
+_OSREL="/usr/share/archboot/base/etc/os-release"
+_CONFIG_DIR="/etc/archboot"
+_UKIDIR="$(mktemp -d UKIDIR.XXX)"
+
+_usage () {
+    echo -e "\e[1m\e[36mArchboot\e[m\e[1m - Create ${_ARCH} UKI Image\e[m"
+    echo -e "\e[1m--------------------------------------\e[m"
+    echo "This will create an Archboot UKI image."
+    echo
+    echo "Options:"
+    echo -e " \e[1m-g\e[m              Starting generation of image."
+    echo -e " \e[1m-c=CONFIG\e[m       Which CONFIG should be used."
+    echo "                 ${_CONFIG_DIR} includes the config files"
+    echo "                 default=${_ARCH}.conf"
+    echo -e " \e[1m-cli='options'\e[m  Your custom kernel commandline options."
+    echo -e " \e[1m-i=IMAGENAME\e[m    Your IMAGENAME."
+    echo
+    echo -e "Usage: \e[1m${_BASENAME} <options>\e[m"
+    exit 0
+}
+
+_parameters() {
+    while [ $# -gt 0 ]; do
+        case ${1} in
+            -g|--g) export _GENERATE="1" ;;
+            -c=*|--c=*) _CONFIG="$(echo "${1}" | rg -o '=(.*)' -r '$1')" ;;
+            -cli=*) _CMDLINE="$(echo "${1}" | rg -o '=(.*)' -r '$1')" ;;
+            -i=*|--i=*) _UKI="$(echo "${1}" | rg -o '=(.*)' -r '$1')" ;;
+            *) _usage ;;
+        esac
+        shift
+    done
+}
+
+_config() {
+    # set defaults, if nothing given
+    [[ -z "${_CONFIG}" ]] && _CONFIG="${_ARCH}.conf"
+    _CONFIG="${_CONFIG_DIR}/${_CONFIG}"
+    #shellcheck disable=SC1090
+    . "${_CONFIG}"
+    #shellcheck disable=SC2116,2086
+    _KERNEL="$(echo ${_KERNEL})"
+    #shellcheck disable=SC2154
+    [[ -z "${_UKI}" ]] && _UKI="archboot-$(date +%Y.%m.%d-%H.%M)-$(_kver "${_KERNEL}")-${_ARCH}".efi
+}
+
+_prepare_kernel_initramfs() {
+    # needed to hash the kernel for secureboot enabled systems
+    echo "Preparing kernel and initramfs..."
+    install -m644 "${_KERNEL}" "${_UKIDIR}/kernel"
+    _INITRD="initrd-${_ARCH}.img"
+    echo "Running archboot-cpio.sh for ${_INITRD}..."
+    #shellcheck disable=SC2154
+    archboot-cpio.sh -c "${_CONFIG}" -k "${_KERNEL}" \
+                     -g "${_UKIDIR}/${_INITRD}" || exit 1
+}
+
+_prepare_ucode() {
+    # only x86_64
+    if [[ "${_ARCH}" == "x86_64" ]]; then
+        echo "Preparing intel-ucode..."
+        cp "${_INTEL_UCODE}" "${_UKIDIR}/"
+    fi
+    echo "Preparing amd-ucode..."
+    cp "${_AMD_UCODE}" "${_UKIDIR}/"
+}
+
+_prepare_background() {
+    echo "Preparing UKI splash..."
+    cp "${_SPLASH}" "${_UKIDIR}/splash.bmp"
+}
+
+_prepare_osrelease() {
+    echo "Preparing os-release..."
+    cp "${_OSREL}" "${_UKIDIR}/os-release"
+}
+
+_reproducibility() {
+    # Reproducibility: set all timestamps to 0
+    fd . "${_UKIDIR}" -u --min-depth 1 -X touch -hcd "@0"
+}
+
+_systemd_ukify() {
+    echo "Generating ${_ARCH} UKI image..."
+    pushd "${_UKIDIR}" &>"${_NO_LOG}" || exit 1
+    [[ "${_ARCH}" == "x86_64" && -z "${_CMDLINE}" ]] && _CMDLINE="console=ttyS0,115200 console=tty0 audit=0 systemd.show_status=auto"
+    [[ "${_ARCH}" == "aarch64" && -z "${_CMDLINE}" ]] && _CMDLINE="nr_cpus=1 console=ttyAMA0,115200 console=tty0 loglevel=4 audit=0 systemd.show_status=auto"
+    [[ -n "${_INTEL_UCODE}" ]] && _INTEL_UCODE="--initrd=intel-ucode.img"
+    [[ -n "${_AMD_UCODE}" ]] && _AMD_UCODE="--initrd=amd-ucode.img"
+    /usr/lib/systemd/ukify build --linux=kernel \
+        ${_INTEL_UCODE} ${_AMD_UCODE} --initrd="${_INITRD}" --cmdline="${_CMDLINE}" \
+        --os-release=@os-release --splash=splash.bmp --output="../${_UKI}" &>"${_NO_LOG}" || exit 1
+    popd &>"${_NO_LOG}" || exit 1
+}
+
+_create_cksum() {
+    ## create b2sums.txt
+    echo "Generating b2sum..."
+    [[ -f  "b2sums.txt" ]] && rm "b2sums.txt"
+    [[ "$(echo ./*.iso)" == "./*.efi" ]] || cksum -a blake2b ./*.efi > "b2sums.txt"
+}
+
+_cleanup_uki() {
+    # cleanup
+    echo "Removing ${_UKIDIR}..."
+    [[ -d "${_UKIDIR}" ]] && rm -r "${_UKIDIR}"
+}
Author	SHA1	Message	Date
Tobias Powalowski	f447614bc8	fix uki script	2024-09-05 21:45:56 +02:00
Tobias Powalowski	89fb6523c0	fix uki script	2024-09-05 20:32:50 +02:00
Tobias Powalowski	0bd4ffc0d1	update CHANGELOG	2024-09-05 20:23:28 +02:00
Tobias Powalowski	6dd1b497bc	update CHANGELOG	2024-09-05 20:22:45 +02:00
Tobias Powalowski	5eaeaa5211	shellcheck fixes	2024-09-05 20:20:26 +02:00
Tobias Powalowski	9fb9daf3db	add uki generator script, analogue to iso script	2024-09-05 20:14:48 +02:00