From: Lennart Poettering Date: Wed, 3 Jul 2024 14:21:34 +0000 (+0200) Subject: ukify: bring order of EFI sections in man + --help into same order as spec X-Git-Tag: v257-rc1~967^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F33567%2Fhead;p=thirdparty%2Fsystemd.git ukify: bring order of EFI sections in man + --help into same order as spec Previously, the order was quite chaotic, even sometimes interleaved with entirely unrelated switches. Let's clean this up and use the same order as in the spec. This doesn't change anything real, but I think it's a worthy clean-up in particular as this order is documented as the PCR measurement order of these sections, hence there's actually a bit of relevance to always communicate the same order everywhere. --- diff --git a/man/ukify.xml b/man/ukify.xml index bf6f3285364..68c72b0ba1d 100644 --- a/man/ukify.xml +++ b/man/ukify.xml @@ -292,6 +292,29 @@ + + OSRelease=TEXT|@PATH + + + The os-release description (the .osrel section). The argument + may be a literal string, or @ followed by a path name. If not specified, the + os-release5 file + will be picked up from the host system. + + + + + + Cmdline=TEXT|@PATH + + + The kernel command line (the .cmdline section). The argument may + be a literal string, or @ followed by a path name. If not specified, no command + line will be embedded. + + + + Initrd=INITRD... @@ -314,48 +337,55 @@ - Cmdline=TEXT|@PATH - + Splash=PATH + - The kernel command line (the .cmdline section). The argument may - be a literal string, or @ followed by a path name. If not specified, no command - line will be embedded. + A picture to display during boot (the .splash section). The + argument is a path to a BMP file. If not specified, the section will not be present. + - OSRelease=TEXT|@PATH - + DeviceTree=PATH + - The os-release description (the .osrel section). The argument - may be a literal string, or @ followed by a path name. If not specified, the - os-release5 file - will be picked up from the host system. + The devicetree description (the .dtb section). The argument is a + path to a compiled binary DeviceTree file. If not specified, the section will not be present. + - DeviceTree=PATH - + Uname=VERSION + - The devicetree description (the .dtb section). The argument is a - path to a compiled binary DeviceTree file. If not specified, the section will not be present. - + Specify the kernel version (as in uname -r, the + .uname section). If not specified, an attempt will be made to extract the + version string from the kernel image. It is recommended to pass this explicitly if known, because + the extraction is based on heuristics and not very reliable. If not specified and extraction fails, + the section will not be present. - Splash=PATH - + SBAT=TEXT|@PATH + - A picture to display during boot (the .splash section). The - argument is a path to a BMP file. If not specified, the section will not be present. + SBAT metadata associated with the UKI or addon. SBAT policies are useful to revoke + whole groups of UKIs or addons with a single, static policy update that does not take space in + DBX/MOKX. If not specified manually, a default metadata entry consisting of + uki,1,UKI,uki,1,https://uapi-group.org/specifications/specs/unified_kernel_image/ + for UKIs and + uki-addon,1,UKI Addon,addon,1,https://www.freedesktop.org/software/systemd/man/latest/systemd-stub.html + for addons will be used, to ensure it is always possible to revoke them. For more information on + SBAT see Shim documentation. - + @@ -370,19 +400,6 @@ - - Uname=VERSION - - - Specify the kernel version (as in uname -r, the - .uname section). If not specified, an attempt will be made to extract the - version string from the kernel image. It is recommended to pass this explicitly if known, because - the extraction is based on heuristics and not very reliable. If not specified and extraction fails, - the section will not be present. - - - - PCRBanks=PATH @@ -488,23 +505,6 @@ - - - SBAT=TEXT|@PATH - - - SBAT metadata associated with the UKI or addon. SBAT policies are useful to revoke - whole groups of UKIs or addons with a single, static policy update that does not take space in - DBX/MOKX. If not specified manually, a default metadata entry consisting of - uki,1,UKI,uki,1,https://uapi-group.org/specifications/specs/unified_kernel_image/ - for UKIs and - uki-addon,1,UKI Addon,addon,1,https://www.freedesktop.org/software/systemd/man/latest/systemd-stub.html - for addons will be used, to ensure it is always possible to revoke them. For more information on - SBAT see Shim documentation. - - - - diff --git a/src/ukify/ukify.py b/src/ukify/ukify.py index 76437f25e59..5a36ce06eea 100755 --- a/src/ukify/ukify.py +++ b/src/ukify/ukify.py @@ -1264,6 +1264,13 @@ CONFIG_ITEMS = [ action = 'store_true', ), + ConfigItem( + ('--config', '-c'), + metavar = 'PATH', + type = pathlib.Path, + help = 'configuration file', + ), + ConfigItem( '--linux', type = pathlib.Path, @@ -1271,6 +1278,20 @@ CONFIG_ITEMS = [ config_key = 'UKI/Linux', ), + ConfigItem( + '--os-release', + metavar = 'TEXT|@PATH', + help = 'path to os-release file [.osrel section]', + config_key = 'UKI/OSRelease', + ), + + ConfigItem( + '--cmdline', + metavar = 'TEXT|@PATH', + help = 'kernel command line [.cmdline section]', + config_key = 'UKI/Cmdline', + ), + ConfigItem( '--initrd', metavar = 'INITRD', @@ -1290,24 +1311,11 @@ CONFIG_ITEMS = [ ), ConfigItem( - ('--config', '-c'), - metavar = 'PATH', + '--splash', + metavar = 'BMP', type = pathlib.Path, - help = 'configuration file', - ), - - ConfigItem( - '--cmdline', - metavar = 'TEXT|@PATH', - help = 'kernel command line [.cmdline section]', - config_key = 'UKI/Cmdline', - ), - - ConfigItem( - '--os-release', - metavar = 'TEXT|@PATH', - help = 'path to os-release file [.osrel section]', - config_key = 'UKI/OSRelease', + help = 'splash image bitmap file [.splash section]', + config_key = 'UKI/Splash', ), ConfigItem( @@ -1317,13 +1325,23 @@ CONFIG_ITEMS = [ help = 'Device Tree file [.dtb section]', config_key = 'UKI/DeviceTree', ), + ConfigItem( - '--splash', - metavar = 'BMP', - type = pathlib.Path, - help = 'splash image bitmap file [.splash section]', - config_key = 'UKI/Splash', + '--uname', + metavar='VERSION', + help='"uname -r" information [.uname section]', + config_key = 'UKI/Uname', ), + + ConfigItem( + '--sbat', + metavar = 'TEXT|@PATH', + help = 'SBAT policy [.sbat section]', + default = [], + action = 'append', + config_key = 'UKI/SBAT', + ), + ConfigItem( '--pcrpkey', metavar = 'KEY', @@ -1331,11 +1349,14 @@ CONFIG_ITEMS = [ help = 'embedded public key to seal secrets to [.pcrpkey section]', config_key = 'UKI/PCRPKey', ), + ConfigItem( - '--uname', - metavar='VERSION', - help='"uname -r" information [.uname section]', - config_key = 'UKI/Uname', + '--section', + dest = 'sections', + metavar = 'NAME:TEXT|@PATH', + action = 'append', + default = [], + help = 'section as name and contents [NAME section] or section to print', ), ConfigItem( @@ -1353,24 +1374,6 @@ CONFIG_ITEMS = [ config_key = 'UKI/Stub', ), - ConfigItem( - '--sbat', - metavar = 'TEXT|@PATH', - help = 'SBAT policy [.sbat section]', - default = [], - action = 'append', - config_key = 'UKI/SBAT', - ), - - ConfigItem( - '--section', - dest = 'sections', - metavar = 'NAME:TEXT|@PATH', - action = 'append', - default = [], - help = 'section as name and contents [NAME section] or section to print', - ), - ConfigItem( '--pcr-banks', metavar = 'BANK…',