[thirdparty/systemd.git] / src / kernel-install / 60-ukify.install.in

#!/usr/bin/env python3
# SPDX-License-Identifier: LGPL-2.1-or-later
# -*- mode: python-mode -*-
#
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
#
# systemd is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License
# along with systemd; If not, see <https://www.gnu.org/licenses/>.

# pylint: disable=import-outside-toplevel,consider-using-with,disable=redefined-builtin

import argparse
import os
import shlex
import types
from shutil import which
from pathlib import Path
from typing import Optional

__version__ = '{{PROJECT_VERSION_FULL}} ({{VERSION_TAG}})'

try:
    VERBOSE = int(os.environ['KERNEL_INSTALL_VERBOSE']) > 0
except (KeyError, ValueError):
    VERBOSE = False

# Override location of ukify and the boot stub for testing and debugging.
UKIFY = os.getenv('KERNEL_INSTALL_UKIFY', which('ukify'))
BOOT_STUB = os.getenv('KERNEL_INSTALL_BOOT_STUB')


def shell_join(cmd):
    # TODO: drop in favour of shlex.join once shlex.join supports pathlib.Path.
    return ' '.join(shlex.quote(str(x)) for x in cmd)

def log(*args, **kwargs):
    if VERBOSE:
        print(*args, **kwargs)

def path_is_readable(p: Path, dir=False) -> None:
    """Verify access to a file or directory."""
    try:
        p.open().close()
    except IsADirectoryError:
        if dir:
            return
        raise

def mandatory_variable(name):
    try:
        return os.environ[name]
    except KeyError as e:
        raise KeyError(f'${name} must be set in the environment') from e

def parse_args(args=None):
    p = argparse.ArgumentParser(
        description='kernel-install plugin to build a Unified Kernel Image',
        allow_abbrev=False,
        usage='60-ukify.install COMMAND KERNEL_VERSION ENTRY_DIR KERNEL_IMAGE INITRD…',
    )

    # Suppress printing of usage synopsis on errors
    p.error = lambda message: p.exit(2, f'{p.prog}: error: {message}\n')

    p.add_argument('command',
                   metavar='COMMAND',
                   help="The action to perform. Only 'add' is supported.")
    p.add_argument('kernel_version',
                   metavar='KERNEL_VERSION',
                   help='Kernel version string')
    p.add_argument('entry_dir',
                   metavar='ENTRY_DIR',
                   type=Path,
                   nargs='?',
                   help='Type#1 entry directory (ignored)')
    p.add_argument('kernel_image',
                   metavar='KERNEL_IMAGE',
                   type=Path,
                   nargs='?',
                   help='Kernel binary')
    p.add_argument('initrd',
                   metavar='INITRD…',
                   type=Path,
                   nargs='*',
                   help='Initrd files')
    p.add_argument('--version',
                   action='version',
                   version=f'systemd {__version__}')

    opts = p.parse_args(args)

    if opts.command == 'add':
        opts.staging_area = Path(mandatory_variable('KERNEL_INSTALL_STAGING_AREA'))
        path_is_readable(opts.staging_area, dir=True)

        opts.entry_token = mandatory_variable('KERNEL_INSTALL_ENTRY_TOKEN')
        opts.machine_id = mandatory_variable('KERNEL_INSTALL_MACHINE_ID')

    return opts

def we_are_wanted() -> bool:
    KERNEL_INSTALL_LAYOUT = os.getenv('KERNEL_INSTALL_LAYOUT')

    if KERNEL_INSTALL_LAYOUT != 'uki':
        log(f'{KERNEL_INSTALL_LAYOUT=}, quitting.')
        return False

    KERNEL_INSTALL_UKI_GENERATOR = os.getenv('KERNEL_INSTALL_UKI_GENERATOR') or 'ukify'

    if KERNEL_INSTALL_UKI_GENERATOR != 'ukify':
        log(f'{KERNEL_INSTALL_UKI_GENERATOR=}, quitting.')
        return False

    log('KERNEL_INSTALL_LAYOUT and KERNEL_INSTALL_UKI_GENERATOR are good')
    return True


def input_file_location(
        filename: str,
        *search_directories: str) -> Optional[Path]:

    if root := os.getenv('KERNEL_INSTALL_CONF_ROOT'):
        search_directories = (root,)
    elif not search_directories:
        # This is the default search path.
        search_directories = ('/etc/kernel',
                              '/usr/lib/kernel')

    for dir in search_directories:
        p = Path(dir) / filename
        if p.exists():
            return p
    return None


def uki_conf_location() -> Optional[Path]:
    return input_file_location('uki.conf')


def devicetree_config_location() -> Optional[Path]:
    return input_file_location('devicetree')


def devicetree_file_location(opts) -> Optional[Path]:
    # This mirrors the logic in 90-loaderentry.install. Keep in sync.
    configfile = devicetree_config_location()
    if configfile is None:
        return None

    devicetree = configfile.read_text().strip()
    if not devicetree:
        raise ValueError(f'{configfile!r} is empty')

    path = input_file_location(
        devicetree,
        f'/usr/lib/firmware/{opts.kernel_version}/device-tree',
        f'/usr/lib/linux-image-{opts.kernel_version}',
        f'/usr/lib/modules/{opts.kernel_version}/dtb',
    )
    if path is None:
        raise FileNotFoundError(f'DeviceTree file {devicetree} not found')
    return path


def kernel_cmdline_base() -> list[str]:
    path = input_file_location('cmdline')
    if path:
        return path.read_text().split()

    # If we read /proc/cmdline, we need to do some additional filtering.
    options = Path('/proc/cmdline').read_text().split()
    return [opt for opt in options
            if not opt.startswith(('BOOT_IMAGE=', 'initrd='))]


def kernel_cmdline(opts) -> str:
    options = kernel_cmdline_base()

    # If the boot entries are named after the machine ID, then suffix the kernel
    # command line with the machine ID we use, so that the machine ID remains
    # stable, even during factory reset, in the initrd (where the system's machine
    # ID is not directly accessible yet), and if the root file system is volatile.
    if (opts.entry_token == opts.machine_id and
        not any(opt.startswith('systemd.machine_id=') for opt in options)):
        options += [f'systemd.machine_id={opts.machine_id}']

    # TODO: we unconditionally set the cmdline here, ignoring the setting in
    #       the config file. Should we not do that?

    # Prepend a space so that '@' does not get misinterpreted
    return ' ' + ' '.join(options)


def initrd_list(opts) -> list[Path]:
    microcode = sorted(opts.staging_area.glob('microcode*'))
    initrd = sorted(opts.staging_area.glob('initrd*'))

    # Order taken from 90-loaderentry.install
    return [*microcode, *opts.initrd, *initrd]


def load_module(name: str, path: str) -> types.ModuleType:
    module = types.ModuleType(name)
    text = open(path).read()
    exec(compile(text, path, 'exec'), module.__dict__)
    return module


def call_ukify(opts) -> None:
    ukify = load_module('ukify', UKIFY)

    # Create "empty" namespace. We want to override just a few settings, so it
    # doesn't make sense to configure everything. We pretend to parse an empty
    # argument set to prepopulate the namespace with the defaults.
    opts2 = ukify.create_parser().parse_args(['build'])

    opts2.config = uki_conf_location()
    opts2.uname = opts.kernel_version
    opts2.linux = opts.kernel_image
    opts2.initrd = initrd_list(opts)
    # Note that 'uki.efi' is the name required by 90-uki-copy.install.
    opts2.output = opts.staging_area / 'uki.efi'

    if devicetree := devicetree_file_location(opts):
        opts2.devicetree = devicetree

    opts2.cmdline = kernel_cmdline(opts)
    if BOOT_STUB:
        opts2.stub = BOOT_STUB

    ukify.apply_config(opts2)
    ukify.finalize_options(opts2)
    ukify.check_inputs(opts2)
    ukify.make_uki(opts2)

    log(f'{opts2.output} has been created')


def main():
    opts = parse_args()
    if opts.command != 'add':
        return
    if not we_are_wanted():
        return

    call_ukify(opts)


if __name__ == '__main__':
    main()
Commit	Line	Data
ca1abaa5 ZJS	1	#!/usr/bin/env python3
	2	# SPDX-License-Identifier: LGPL-2.1-or-later
	3	# -- mode: python-mode --
	4	#
	5	# This file is part of systemd.
	6	#
	7	# systemd is free software; you can redistribute it and/or modify it
	8	# under the terms of the GNU Lesser General Public License as published by
	9	# the Free Software Foundation; either version 2.1 of the License, or
	10	# (at your option) any later version.
	11	#
	12	# systemd is distributed in the hope that it will be useful, but
	13	# WITHOUT ANY WARRANTY; without even the implied warranty of
	14	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	15	# General Public License for more details.
	16	#
	17	# You should have received a copy of the GNU Lesser General Public License
	18	# along with systemd; If not, see <https://www.gnu.org/licenses/>.
	19
79f902eb	20	# pylint: disable=import-outside-toplevel,consider-using-with,disable=redefined-builtin
ca1abaa5 ZJS	21
	22	import argparse
	23	import os
ca1abaa5	24	import shlex
2060509d	25	import types
b99e4922	26	from shutil import which
ca1abaa5 ZJS	27	from pathlib import Path
	28	from typing import Optional
	29
76940e0a	30	__version__ = '{{PROJECT_VERSION_FULL}} ({{VERSION_TAG}})'
ca1abaa5 ZJS	31
	32	try:
	33	VERBOSE = int(os.environ['KERNEL_INSTALL_VERBOSE']) > 0
	34	except (KeyError, ValueError):
	35	VERBOSE = False
	36
	37	# Override location of ukify and the boot stub for testing and debugging.
b99e4922	38	UKIFY = os.getenv('KERNEL_INSTALL_UKIFY', which('ukify'))
ca1abaa5 ZJS	39	BOOT_STUB = os.getenv('KERNEL_INSTALL_BOOT_STUB')
	40
	41
	42	def shell_join(cmd):
	43	# TODO: drop in favour of shlex.join once shlex.join supports pathlib.Path.
	44	return ' '.join(shlex.quote(str(x)) for x in cmd)
	45
	46	def log(args, *kwargs):
	47	if VERBOSE:
	48	print(args, *kwargs)
	49
	50	def path_is_readable(p: Path, dir=False) -> None:
	51	"""Verify access to a file or directory."""
	52	try:
	53	p.open().close()
	54	except IsADirectoryError:
	55	if dir:
	56	return
	57	raise
	58
	59	def mandatory_variable(name):
	60	try:
	61	return os.environ[name]
	62	except KeyError as e:
	63	raise KeyError(f'${name} must be set in the environment') from e
	64
	65	def parse_args(args=None):
	66	p = argparse.ArgumentParser(
	67	description='kernel-install plugin to build a Unified Kernel Image',
	68	allow_abbrev=False,
	69	usage='60-ukify.install COMMAND KERNEL_VERSION ENTRY_DIR KERNEL_IMAGE INITRD…',
	70	)
	71
	72	# Suppress printing of usage synopsis on errors
	73	p.error = lambda message: p.exit(2, f'{p.prog}: error: {message}\n')
	74
	75	p.add_argument('command',
	76	metavar='COMMAND',
	77	help="The action to perform. Only 'add' is supported.")
	78	p.add_argument('kernel_version',
	79	metavar='KERNEL_VERSION',
	80	help='Kernel version string')
	81	p.add_argument('entry_dir',
	82	metavar='ENTRY_DIR',
	83	type=Path,
	84	nargs='?',
	85	help='Type#1 entry directory (ignored)')
	86	p.add_argument('kernel_image',
	87	metavar='KERNEL_IMAGE',
	88	type=Path,
	89	nargs='?',
	90	help='Kernel binary')
	91	p.add_argument('initrd',
	92	metavar='INITRD…',
	93	type=Path,
	94	nargs='*',
	95	help='Initrd files')
	96	p.add_argument('--version',
	97	action='version',
	98	version=f'systemd {__version__}')
	99
	100	opts = p.parse_args(args)
	101
	102	if opts.command == 'add':
103	opts.staging_area = Path(mandatory_variable('KERNEL_INSTALL_STAGING_AREA'))
104	path_is_readable(opts.staging_area, dir=True)
105
106	opts.entry_token = mandatory_variable('KERNEL_INSTALL_ENTRY_TOKEN')
107	opts.machine_id = mandatory_variable('KERNEL_INSTALL_MACHINE_ID')
108
109	return opts
110
111	def we_are_wanted() -> bool:
112	KERNEL_INSTALL_LAYOUT = os.getenv('KERNEL_INSTALL_LAYOUT')
113
114	if KERNEL_INSTALL_LAYOUT != 'uki':
115	log(f'{KERNEL_INSTALL_LAYOUT=}, quitting.')
116	return False
117
c82cc370	118	KERNEL_INSTALL_UKI_GENERATOR = os.getenv('KERNEL_INSTALL_UKI_GENERATOR') or 'ukify'
ca1abaa5 ZJS	119
	120	if KERNEL_INSTALL_UKI_GENERATOR != 'ukify':
	121	log(f'{KERNEL_INSTALL_UKI_GENERATOR=}, quitting.')
	122	return False
	123
	124	log('KERNEL_INSTALL_LAYOUT and KERNEL_INSTALL_UKI_GENERATOR are good')
	125	return True
	126
	127
40c0c9d4 ZJS	128	def input_file_location(
	129	filename: str,
	130	*search_directories: str) -> Optional[Path]:
	131
ca1abaa5	132	if root := os.getenv('KERNEL_INSTALL_CONF_ROOT'):
40c0c9d4 ZJS	133	search_directories = (root,)
	134	elif not search_directories:
	135	# This is the default search path.
	136	search_directories = ('/etc/kernel',
	137	'/usr/lib/kernel')
	138
	139	for dir in search_directories:
	140	p = Path(dir) / filename
	141	if p.exists():
	142	return p
ca1abaa5 ZJS	143	return None
	144
	145
40c0c9d4	146	def uki_conf_location() -> Optional[Path]:
fc7cdb2d	147	return input_file_location('uki.conf')
ca1abaa5	148
ca1abaa5	149
02d8d787 ZJS	150	def devicetree_config_location() -> Optional[Path]:
	151	return input_file_location('devicetree')
	152
	153
	154	def devicetree_file_location(opts) -> Optional[Path]:
	155	# This mirrors the logic in 90-loaderentry.install. Keep in sync.
	156	configfile = devicetree_config_location()
	157	if configfile is None:
	158	return None
	159
	160	devicetree = configfile.read_text().strip()
	161	if not devicetree:
	162	raise ValueError(f'{configfile!r} is empty')
	163
	164	path = input_file_location(
	165	devicetree,
	166	f'/usr/lib/firmware/{opts.kernel_version}/device-tree',
	167	f'/usr/lib/linux-image-{opts.kernel_version}',
	168	f'/usr/lib/modules/{opts.kernel_version}/dtb',
	169	)
	170	if path is None:
	171	raise FileNotFoundError(f'DeviceTree file {devicetree} not found')
	172	return path
	173
	174
40c0c9d4 ZJS	175	def kernel_cmdline_base() -> list[str]:
	176	path = input_file_location('cmdline')
	177	if path:
	178	return path.read_text().split()
	179
	180	# If we read /proc/cmdline, we need to do some additional filtering.
ca1abaa5 ZJS	181	options = Path('/proc/cmdline').read_text().split()
	182	return [opt for opt in options
	183	if not opt.startswith(('BOOT_IMAGE=', 'initrd='))]
	184
	185
	186	def kernel_cmdline(opts) -> str:
	187	options = kernel_cmdline_base()
	188
	189	# If the boot entries are named after the machine ID, then suffix the kernel
	190	# command line with the machine ID we use, so that the machine ID remains
	191	# stable, even during factory reset, in the initrd (where the system's machine
	192	# ID is not directly accessible yet), and if the root file system is volatile.
	193	if (opts.entry_token == opts.machine_id and
	194	not any(opt.startswith('systemd.machine_id=') for opt in options)):
	195	options += [f'systemd.machine_id={opts.machine_id}']
	196
	197	# TODO: we unconditionally set the cmdline here, ignoring the setting in
	198	# the config file. Should we not do that?
	199
	200	# Prepend a space so that '@' does not get misinterpreted
	201	return ' ' + ' '.join(options)
	202
	203
f3d1d760	204	def initrd_list(opts) -> list[Path]:
abca74cb	205	microcode = sorted(opts.staging_area.glob('microcode*'))
f3d1d760 MPB	206	initrd = sorted(opts.staging_area.glob('initrd*'))
f3d1d760 MPB	207
288cc268	208	# Order taken from 90-loaderentry.install
f3d1d760 MPB	209	return [microcode, opts.initrd, *initrd]
	210
	211
2060509d ZJS	212	def load_module(name: str, path: str) -> types.ModuleType:
	213	module = types.ModuleType(name)
	214	text = open(path).read()
	215	exec(compile(text, path, 'exec'), module.__dict__)
	216	return module
	217
	218
	219	def call_ukify(opts) -> None:
	220	ukify = load_module('ukify', UKIFY)
ca1abaa5	221
1df35a46 ZJS	222	# Create "empty" namespace. We want to override just a few settings, so it
	223	# doesn't make sense to configure everything. We pretend to parse an empty
	224	# argument set to prepopulate the namespace with the defaults.
2060509d	225	opts2 = ukify.create_parser().parse_args(['build'])
ca1abaa5	226
40c0c9d4	227	opts2.config = uki_conf_location()
ca1abaa5 ZJS	228	opts2.uname = opts.kernel_version
ca1abaa5 ZJS	229	opts2.linux = opts.kernel_image
f3d1d760	230	opts2.initrd = initrd_list(opts)
ca1abaa5 ZJS	231	# Note that 'uki.efi' is the name required by 90-uki-copy.install.
	232	opts2.output = opts.staging_area / 'uki.efi'
	233
02d8d787 ZJS	234	if devicetree := devicetree_file_location(opts):
	235	opts2.devicetree = devicetree
	236
ca1abaa5 ZJS	237	opts2.cmdline = kernel_cmdline(opts)
	238	if BOOT_STUB:
	239	opts2.stub = BOOT_STUB
	240
2060509d ZJS	241	ukify.apply_config(opts2)
	242	ukify.finalize_options(opts2)
	243	ukify.check_inputs(opts2)
	244	ukify.make_uki(opts2)
ca1abaa5 ZJS	245
	246	log(f'{opts2.output} has been created')
	247
	248
	249	def main():
	250	opts = parse_args()
	251	if opts.command != 'add':
	252	return
	253	if not we_are_wanted():
	254	return
	255
	256	call_ukify(opts)
	257
	258
	259	if __name__ == '__main__':
	260	main()