[thirdparty/systemd.git] / src / kernel-install / 60-ukify.install.in

#!/usr/bin/env python3
# SPDX-License-Identifier: LGPL-2.1-or-later
# -*- mode: python-mode -*-
#
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
#
# systemd is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License
# along with systemd; If not, see <https://www.gnu.org/licenses/>.

# pylint: disable=import-outside-toplevel,consider-using-with,disable=redefined-builtin

import argparse
import os
import shlex
import types
from shutil import which
from pathlib import Path
from typing import Optional

__version__ = '{{PROJECT_VERSION}} ({{GIT_VERSION}})'

try:
    VERBOSE = int(os.environ['KERNEL_INSTALL_VERBOSE']) > 0
except (KeyError, ValueError):
    VERBOSE = False

# Override location of ukify and the boot stub for testing and debugging.
UKIFY = os.getenv('KERNEL_INSTALL_UKIFY', which('ukify'))
BOOT_STUB = os.getenv('KERNEL_INSTALL_BOOT_STUB')


def shell_join(cmd):
    # TODO: drop in favour of shlex.join once shlex.join supports pathlib.Path.
    return ' '.join(shlex.quote(str(x)) for x in cmd)

def log(*args, **kwargs):
    if VERBOSE:
        print(*args, **kwargs)

def path_is_readable(p: Path, dir=False) -> None:
    """Verify access to a file or directory."""
    try:
        p.open().close()
    except IsADirectoryError:
        if dir:
            return
        raise

def mandatory_variable(name):
    try:
        return os.environ[name]
    except KeyError as e:
        raise KeyError(f'${name} must be set in the environment') from e

def parse_args(args=None):
    p = argparse.ArgumentParser(
        description='kernel-install plugin to build a Unified Kernel Image',
        allow_abbrev=False,
        usage='60-ukify.install COMMAND KERNEL_VERSION ENTRY_DIR KERNEL_IMAGE INITRD…',
    )

    # Suppress printing of usage synopsis on errors
    p.error = lambda message: p.exit(2, f'{p.prog}: error: {message}\n')

    p.add_argument('command',
                   metavar='COMMAND',
                   help="The action to perform. Only 'add' is supported.")
    p.add_argument('kernel_version',
                   metavar='KERNEL_VERSION',
                   help='Kernel version string')
    p.add_argument('entry_dir',
                   metavar='ENTRY_DIR',
                   type=Path,
                   nargs='?',
                   help='Type#1 entry directory (ignored)')
    p.add_argument('kernel_image',
                   metavar='KERNEL_IMAGE',
                   type=Path,
                   nargs='?',
                   help='Kernel binary')
    p.add_argument('initrd',
                   metavar='INITRD…',
                   type=Path,
                   nargs='*',
                   help='Initrd files')
    p.add_argument('--version',
                   action='version',
                   version=f'systemd {__version__}')

    opts = p.parse_args(args)

    if opts.command == 'add':
        opts.staging_area = Path(mandatory_variable('KERNEL_INSTALL_STAGING_AREA'))
        path_is_readable(opts.staging_area, dir=True)

        opts.entry_token = mandatory_variable('KERNEL_INSTALL_ENTRY_TOKEN')
        opts.machine_id = mandatory_variable('KERNEL_INSTALL_MACHINE_ID')

    return opts

def we_are_wanted() -> bool:
    KERNEL_INSTALL_LAYOUT = os.getenv('KERNEL_INSTALL_LAYOUT')

    if KERNEL_INSTALL_LAYOUT != 'uki':
        log(f'{KERNEL_INSTALL_LAYOUT=}, quitting.')
        return False

    KERNEL_INSTALL_UKI_GENERATOR = os.getenv('KERNEL_INSTALL_UKI_GENERATOR') or 'ukify'

    if KERNEL_INSTALL_UKI_GENERATOR != 'ukify':
        log(f'{KERNEL_INSTALL_UKI_GENERATOR=}, quitting.')
        return False

    log('KERNEL_INSTALL_LAYOUT and KERNEL_INSTALL_UKI_GENERATOR are good')
    return True


def input_file_location(
        filename: str,
        *search_directories: str) -> Optional[Path]:

    if root := os.getenv('KERNEL_INSTALL_CONF_ROOT'):
        search_directories = (root,)
    elif not search_directories:
        # This is the default search path.
        search_directories = ('/etc/kernel',
                              '/usr/lib/kernel')

    for dir in search_directories:
        p = Path(dir) / filename
        if p.exists():
            return p
    return None


def uki_conf_location() -> Optional[Path]:
    return input_file_location('uki.conf',
                               '/etc/kernel')


def devicetree_config_location() -> Optional[Path]:
    return input_file_location('devicetree')


def devicetree_file_location(opts) -> Optional[Path]:
    # This mirrors the logic in 90-loaderentry.install. Keep in sync.
    configfile = devicetree_config_location()
    if configfile is None:
        return None

    devicetree = configfile.read_text().strip()
    if not devicetree:
        raise ValueError(f'{configfile!r} is empty')

    path = input_file_location(
        devicetree,
        f'/usr/lib/firmware/{opts.kernel_version}/device-tree',
        f'/usr/lib/linux-image-{opts.kernel_version}',
        f'/usr/lib/modules/{opts.kernel_version}/dtb',
    )
    if path is None:
        raise FileNotFoundError(f'DeviceTree file {devicetree} not found')
    return path


def kernel_cmdline_base() -> list[str]:
    path = input_file_location('cmdline')
    if path:
        return path.read_text().split()

    # If we read /proc/cmdline, we need to do some additional filtering.
    options = Path('/proc/cmdline').read_text().split()
    return [opt for opt in options
            if not opt.startswith(('BOOT_IMAGE=', 'initrd='))]


def kernel_cmdline(opts) -> str:
    options = kernel_cmdline_base()

    # If the boot entries are named after the machine ID, then suffix the kernel
    # command line with the machine ID we use, so that the machine ID remains
    # stable, even during factory reset, in the initrd (where the system's machine
    # ID is not directly accessible yet), and if the root file system is volatile.
    if (opts.entry_token == opts.machine_id and
        not any(opt.startswith('systemd.machine_id=') for opt in options)):
        options += [f'systemd.machine_id={opts.machine_id}']

    # TODO: we unconditionally set the cmdline here, ignoring the setting in
    #       the config file. Should we not do that?

    # Prepend a space so that '@' does not get misinterpreted
    return ' ' + ' '.join(options)


def initrd_list(opts) -> list[Path]:
    microcode = sorted(opts.staging_area.glob('microcode*'))
    initrd = sorted(opts.staging_area.glob('initrd*'))

    # Order taken from 90-loaderentry.install
    return [*microcode, *opts.initrd, *initrd]


def load_module(name: str, path: str) -> types.ModuleType:
    module = types.ModuleType(name)
    text = open(path).read()
    exec(compile(text, path, 'exec'), module.__dict__)
    return module


def call_ukify(opts) -> None:
    ukify = load_module('ukify', UKIFY)

    # Create "empty" namespace. We want to override just a few settings, so it
    # doesn't make sense to configure everything. We pretend to parse an empty
    # argument set to prepopulate the namespace with the defaults.
    opts2 = ukify.create_parser().parse_args(['build'])

    opts2.config = uki_conf_location()
    opts2.uname = opts.kernel_version
    opts2.linux = opts.kernel_image
    opts2.initrd = initrd_list(opts)
    # Note that 'uki.efi' is the name required by 90-uki-copy.install.
    opts2.output = opts.staging_area / 'uki.efi'

    if devicetree := devicetree_file_location(opts):
        opts2.devicetree = devicetree

    opts2.cmdline = kernel_cmdline(opts)
    if BOOT_STUB:
        opts2.stub = BOOT_STUB

    ukify.apply_config(opts2)
    ukify.finalize_options(opts2)
    ukify.check_inputs(opts2)
    ukify.make_uki(opts2)

    log(f'{opts2.output} has been created')


def main():
    opts = parse_args()
    if opts.command != 'add':
        return
    if not we_are_wanted():
        return

    call_ukify(opts)


if __name__ == '__main__':
    main()
Commit	Line	Data
ca1abaa5 ZJS	1	#!/usr/bin/env python3
	2	# SPDX-License-Identifier: LGPL-2.1-or-later
	3	# -- mode: python-mode --
	4	#
	5	# This file is part of systemd.
	6	#
	7	# systemd is free software; you can redistribute it and/or modify it
	8	# under the terms of the GNU Lesser General Public License as published by
	9	# the Free Software Foundation; either version 2.1 of the License, or
	10	# (at your option) any later version.
	11	#
	12	# systemd is distributed in the hope that it will be useful, but
	13	# WITHOUT ANY WARRANTY; without even the implied warranty of
	14	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	15	# General Public License for more details.
	16	#
	17	# You should have received a copy of the GNU Lesser General Public License
	18	# along with systemd; If not, see <https://www.gnu.org/licenses/>.
	19
79f902eb	20	# pylint: disable=import-outside-toplevel,consider-using-with,disable=redefined-builtin
ca1abaa5 ZJS	21
	22	import argparse
	23	import os
ca1abaa5	24	import shlex
2060509d	25	import types
b99e4922	26	from shutil import which
ca1abaa5 ZJS	27	from pathlib import Path
	28	from typing import Optional
	29
	30	__version__ = '{{PROJECT_VERSION}} ({{GIT_VERSION}})'
	31
	32	try:
	33	VERBOSE = int(os.environ['KERNEL_INSTALL_VERBOSE']) > 0
	34	except (KeyError, ValueError):
	35	VERBOSE = False
	36
	37	# Override location of ukify and the boot stub for testing and debugging.
b99e4922	38	UKIFY = os.getenv('KERNEL_INSTALL_UKIFY', which('ukify'))
ca1abaa5 ZJS	39	BOOT_STUB = os.getenv('KERNEL_INSTALL_BOOT_STUB')
	40
	41
	42	def shell_join(cmd):
	43	# TODO: drop in favour of shlex.join once shlex.join supports pathlib.Path.
	44	return ' '.join(shlex.quote(str(x)) for x in cmd)
	45
	46	def log(args, *kwargs):
	47	if VERBOSE:
	48	print(args, *kwargs)
	49
	50	def path_is_readable(p: Path, dir=False) -> None:
	51	"""Verify access to a file or directory."""
	52	try:
	53	p.open().close()
	54	except IsADirectoryError:
	55	if dir:
	56	return
	57	raise
	58
	59	def mandatory_variable(name):
	60	try:
	61	return os.environ[name]
	62	except KeyError as e:
	63	raise KeyError(f'${name} must be set in the environment') from e
	64
	65	def parse_args(args=None):
	66	p = argparse.ArgumentParser(
	67	description='kernel-install plugin to build a Unified Kernel Image',
	68	allow_abbrev=False,
	69	usage='60-ukify.install COMMAND KERNEL_VERSION ENTRY_DIR KERNEL_IMAGE INITRD…',
	70	)
	71
	72	# Suppress printing of usage synopsis on errors
	73	p.error = lambda message: p.exit(2, f'{p.prog}: error: {message}\n')
	74
	75	p.add_argument('command',
	76	metavar='COMMAND',
	77	help="The action to perform. Only 'add' is supported.")
	78	p.add_argument('kernel_version',
	79	metavar='KERNEL_VERSION',
	80	help='Kernel version string')
	81	p.add_argument('entry_dir',
	82	metavar='ENTRY_DIR',
	83	type=Path,
	84	nargs='?',
	85	help='Type#1 entry directory (ignored)')
	86	p.add_argument('kernel_image',
	87	metavar='KERNEL_IMAGE',
	88	type=Path,
	89	nargs='?',
	90	help='Kernel binary')
	91	p.add_argument('initrd',
	92	metavar='INITRD…',
	93	type=Path,
	94	nargs='*',
	95	help='Initrd files')
	96	p.add_argument('--version',
	97	action='version',
	98	version=f'systemd {__version__}')
	99
	100	opts = p.parse_args(args)
	101
	102	if opts.command == 'add':
103	opts.staging_area = Path(mandatory_variable('KERNEL_INSTALL_STAGING_AREA'))
104	path_is_readable(opts.staging_area, dir=True)
105
106	opts.entry_token = mandatory_variable('KERNEL_INSTALL_ENTRY_TOKEN')
107	opts.machine_id = mandatory_variable('KERNEL_INSTALL_MACHINE_ID')
108
109	return opts
110
111	def we_are_wanted() -> bool:
112	KERNEL_INSTALL_LAYOUT = os.getenv('KERNEL_INSTALL_LAYOUT')
113
114	if KERNEL_INSTALL_LAYOUT != 'uki':
115	log(f'{KERNEL_INSTALL_LAYOUT=}, quitting.')
116	return False
117
c82cc370	118	KERNEL_INSTALL_UKI_GENERATOR = os.getenv('KERNEL_INSTALL_UKI_GENERATOR') or 'ukify'
ca1abaa5 ZJS	119
	120	if KERNEL_INSTALL_UKI_GENERATOR != 'ukify':
	121	log(f'{KERNEL_INSTALL_UKI_GENERATOR=}, quitting.')
	122	return False
	123
	124	log('KERNEL_INSTALL_LAYOUT and KERNEL_INSTALL_UKI_GENERATOR are good')
	125	return True
	126
	127
40c0c9d4 ZJS	128	def input_file_location(
	129	filename: str,
	130	*search_directories: str) -> Optional[Path]:
	131
ca1abaa5	132	if root := os.getenv('KERNEL_INSTALL_CONF_ROOT'):
40c0c9d4 ZJS	133	search_directories = (root,)
	134	elif not search_directories:
	135	# This is the default search path.
	136	search_directories = ('/etc/kernel',
	137	'/usr/lib/kernel')
	138
	139	for dir in search_directories:
	140	p = Path(dir) / filename
	141	if p.exists():
	142	return p
ca1abaa5 ZJS	143	return None
	144
	145
40c0c9d4 ZJS	146	def uki_conf_location() -> Optional[Path]:
	147	return input_file_location('uki.conf',
	148	'/etc/kernel')
ca1abaa5	149
ca1abaa5	150
02d8d787 ZJS	151	def devicetree_config_location() -> Optional[Path]:
	152	return input_file_location('devicetree')
	153
	154
	155	def devicetree_file_location(opts) -> Optional[Path]:
	156	# This mirrors the logic in 90-loaderentry.install. Keep in sync.
	157	configfile = devicetree_config_location()
	158	if configfile is None:
	159	return None
	160
	161	devicetree = configfile.read_text().strip()
	162	if not devicetree:
	163	raise ValueError(f'{configfile!r} is empty')
	164
	165	path = input_file_location(
	166	devicetree,
	167	f'/usr/lib/firmware/{opts.kernel_version}/device-tree',
	168	f'/usr/lib/linux-image-{opts.kernel_version}',
	169	f'/usr/lib/modules/{opts.kernel_version}/dtb',
	170	)
	171	if path is None:
	172	raise FileNotFoundError(f'DeviceTree file {devicetree} not found')
	173	return path
	174
	175
40c0c9d4 ZJS	176	def kernel_cmdline_base() -> list[str]:
	177	path = input_file_location('cmdline')
	178	if path:
	179	return path.read_text().split()
	180
	181	# If we read /proc/cmdline, we need to do some additional filtering.
ca1abaa5 ZJS	182	options = Path('/proc/cmdline').read_text().split()
	183	return [opt for opt in options
	184	if not opt.startswith(('BOOT_IMAGE=', 'initrd='))]
	185
	186
	187	def kernel_cmdline(opts) -> str:
	188	options = kernel_cmdline_base()
	189
	190	# If the boot entries are named after the machine ID, then suffix the kernel
	191	# command line with the machine ID we use, so that the machine ID remains
	192	# stable, even during factory reset, in the initrd (where the system's machine
	193	# ID is not directly accessible yet), and if the root file system is volatile.
	194	if (opts.entry_token == opts.machine_id and
	195	not any(opt.startswith('systemd.machine_id=') for opt in options)):
	196	options += [f'systemd.machine_id={opts.machine_id}']
	197
	198	# TODO: we unconditionally set the cmdline here, ignoring the setting in
	199	# the config file. Should we not do that?
	200
	201	# Prepend a space so that '@' does not get misinterpreted
	202	return ' ' + ' '.join(options)
	203
	204
f3d1d760	205	def initrd_list(opts) -> list[Path]:
abca74cb	206	microcode = sorted(opts.staging_area.glob('microcode*'))
f3d1d760 MPB	207	initrd = sorted(opts.staging_area.glob('initrd*'))
f3d1d760 MPB	208
288cc268	209	# Order taken from 90-loaderentry.install
f3d1d760 MPB	210	return [microcode, opts.initrd, *initrd]
	211
	212
2060509d ZJS	213	def load_module(name: str, path: str) -> types.ModuleType:
	214	module = types.ModuleType(name)
	215	text = open(path).read()
	216	exec(compile(text, path, 'exec'), module.__dict__)
	217	return module
	218
	219
	220	def call_ukify(opts) -> None:
	221	ukify = load_module('ukify', UKIFY)
ca1abaa5	222
1df35a46 ZJS	223	# Create "empty" namespace. We want to override just a few settings, so it
	224	# doesn't make sense to configure everything. We pretend to parse an empty
	225	# argument set to prepopulate the namespace with the defaults.
2060509d	226	opts2 = ukify.create_parser().parse_args(['build'])
ca1abaa5	227
40c0c9d4	228	opts2.config = uki_conf_location()
ca1abaa5 ZJS	229	opts2.uname = opts.kernel_version
ca1abaa5 ZJS	230	opts2.linux = opts.kernel_image
f3d1d760	231	opts2.initrd = initrd_list(opts)
ca1abaa5 ZJS	232	# Note that 'uki.efi' is the name required by 90-uki-copy.install.
	233	opts2.output = opts.staging_area / 'uki.efi'
	234
02d8d787 ZJS	235	if devicetree := devicetree_file_location(opts):
	236	opts2.devicetree = devicetree
	237
ca1abaa5 ZJS	238	opts2.cmdline = kernel_cmdline(opts)
	239	if BOOT_STUB:
	240	opts2.stub = BOOT_STUB
	241
2060509d ZJS	242	ukify.apply_config(opts2)
	243	ukify.finalize_options(opts2)
	244	ukify.check_inputs(opts2)
	245	ukify.make_uki(opts2)
ca1abaa5 ZJS	246
	247	log(f'{opts2.output} has been created')
	248
	249
	250	def main():
	251	opts = parse_args()
	252	if opts.command != 'add':
	253	return
	254	if not we_are_wanted():
	255	return
	256
	257	call_ukify(opts)
	258
	259
	260	if __name__ == '__main__':
	261	main()