fi
if [[ $uefi == "yes" ]]; then
+ if [[ -n "$uefi_secureboot_key" && -z "$uefi_secureboot_cert" ]] || [[ -z $uefi_secureboot_key && -n $uefi_secureboot_cert ]]; then
+ dfatal "Need 'uefi_secureboot_key' and 'uefi_secureboot_cert' both to be set."
+ exit 1
+ fi
+
+ if [[ -n "$uefi_secureboot_key" && -n "$uefi_secureboot_cert" ]] && !command -v sbsign &>/dev/null; then
+ dfatal "Need 'sbsign' to create a signed UEFI executable"
+ exit 1
+ fi
+
BUILD_ID=$(cat /etc/os-release /usr/lib/os-release \
| while read -r line || [[ $line ]]; do \
[[ $line =~ BUILD_ID\=* ]] && eval "$line" && echo "$BUILD_ID" && break; \
done)
if [[ -d /efi ]] && mountpoint -q /efi; then
- efidir=/efi
+ efidir=/efi/EFI
else
efidir=/boot/EFI
if [[ -d /boot/efi/EFI ]] && mountpoint -q /boot/efi; then
abs_outfile=$(readlink -f "$outfile") && outfile="$abs_outfile"
+
+[[ -d $systemdutildir ]] \
+ || systemdutildir=$(pkg-config systemd --variable=systemdutildir 2>/dev/null)
+
+if ! [[ -d "$systemdutildir" ]]; then
+ [[ -e /lib/systemd/systemd-udevd ]] && systemdutildir=/lib/systemd
+ [[ -e /usr/lib/systemd/systemd-udevd ]] && systemdutildir=/usr/lib/systemd
+fi
+
+
if [[ $no_kernel != yes ]] && [[ -d $srcmods ]]; then
if ! [[ -f $srcmods/modules.dep ]]; then
if [[ -n "$(find "$srcmods" -name '*.ko*')" ]]; then
[[ -e /usr/lib/udev/ata_id ]] && udevdir=/usr/lib/udev
fi
-[[ -d $systemdutildir ]] \
- || systemdutildir=$(pkg-config systemd --variable=systemdutildir 2>/dev/null)
-
-if ! [[ -d "$systemdutildir" ]]; then
- [[ -e /lib/systemd/systemd-udevd ]] && systemdutildir=/lib/systemd
- [[ -e /usr/lib/systemd/systemd-udevd ]] && systemdutildir=/usr/lib/systemd
-fi
-
[[ -d $systemdsystemunitdir ]] \
|| systemdsystemunitdir=$(pkg-config systemd --variable=systemdsystemunitdir 2>/dev/null)
for moddir in "$dracutbasedir/modules.d"/[0-9][0-9]*; do
_d_mod=${moddir##*/}; _d_mod=${_d_mod#[0-9][0-9]}
[[ ${_mods_to_print[$_d_mod]} ]] || continue
- module_cmdline "$_d_mod"
+ module_cmdline "$_d_mod" "$moddir"
done
unset moddir
}
dinfo "*** Including module: $_d_mod ***"
fi
if [[ $kernel_only == yes ]]; then
- module_installkernel "$_d_mod" || {
+ module_installkernel "$_d_mod" "$moddir" || {
dfatal "installkernel failed in module $_d_mod"
exit 1
}
else
- module_install "$_d_mod"
+ module_install "$_d_mod" "$moddir"
if [[ $no_kernel != yes ]]; then
- module_installkernel "$_d_mod" || {
+ module_installkernel "$_d_mod" "$moddir" || {
dfatal "installkernel failed in module $_d_mod"
exit 1
}
mv $initdir/$folder $squash_dir/$folder
done
- # Reinstall required files for the squash image setup script.
- # We have moved them inside the squashed image, but they need to be
- # accessible before mounting the image. Also install systemctl,
- # it's requires for switch-root, but we will umount the image before switch-root
- inst_multiple "echo" "sh" "mount" "modprobe" "mkdir" "systemctl"
- hostonly="" instmods "loop" "squashfs" "overlay"
-
- for folder in "${squash_candidate[@]}"; do
- # Remove duplicated files in squashfs image, save some more space
- [[ ! -d $initdir/$folder/ ]] && continue
- for file in $(find $initdir/$folder/ -not -type d);
- do
- if [[ -e $squash_dir${file#$initdir} ]]; then
- mv $squash_dir${file#$initdir} $file
- fi
- done
- done
-
# Move some files out side of the squash image, including:
# - Files required to boot and mount the squashfs image
# - Files need to be accessible without mounting the squash image
required_in_root $(dirname $file)
fi
- if [[ -d $_sqsh_file ]]; then
- if [[ -L $_sqsh_file ]]; then
- cp --preserve=all -P $_sqsh_file $_init_file
- else
- mkdir $_init_file
- fi
+ if [[ -L $_sqsh_file ]]; then
+ cp --preserve=all -P $_sqsh_file $_init_file
+ _sqsh_file=$(realpath $_sqsh_file 2>/dev/null)
+ if [[ -e $_sqsh_file ]] && [[ "$_sqsh_file" == "$squash_dir"* ]]; then
+ # Relative symlink
+ required_in_root ${_sqsh_file#$squash_dir/}
+ return
+ fi
+ if [[ -e $squash_dir$_sqsh_file ]]; then
+ # Absolute symlink
+ required_in_root ${_sqsh_file#/}
+ return
+ fi
+ required_in_root ${module_spec#$squash_dir/}
else
- if [[ -L $_sqsh_file ]]; then
- cp --preserve=all -P $_sqsh_file $_init_file
- _sqsh_file=$(realpath $_sqsh_file 2>/dev/null)
- if [[ -e $_sqsh_file ]] && [[ "$_sqsh_file" == "$squash_dir"* ]]; then
- # Relative symlink
- required_in_root ${_sqsh_file#$squash_dir/}
- return
- fi
- if [[ -e $squash_dir$_sqsh_file ]]; then
- # Absolute symlink
- required_in_root ${_sqsh_file#/}
- return
- fi
- required_in_root ${module_spec#$squash_dir/}
- else
- mv $_sqsh_file $_init_file
- fi
+ if [[ -d $_sqsh_file ]]; then
+ mkdir $_init_file
+ else
+ mv $_sqsh_file $_init_file
+ fi
fi
}
mv $initdir/init $initdir/init.stock
ln -s squash/init.sh $initdir/init
+ # Reinstall required files for the squash image setup script.
+ # We have moved them inside the squashed image, but they need to be
+ # accessible before mounting the image.
+ inst_multiple "echo" "sh" "mount" "modprobe" "mkdir"
+ hostonly="" instmods "loop" "squashfs" "overlay"
+
+ # Only keep systemctl outsite if we need switch root
+ if [[ ! -f "$initdir/lib/dracut/no-switch-root" ]]; then
+ inst "systemctl"
+ fi
+
+ for folder in "${squash_candidate[@]}"; do
+ # Remove duplicated files in squashfs image, save some more space
+ [[ ! -d $initdir/$folder/ ]] && continue
+ for file in $(find $initdir/$folder/ -not -type d);
+ do
+ if [[ -e $squash_dir${file#$initdir} ]]; then
+ mv $squash_dir${file#$initdir} $file
+ fi
+ done
+ done
+
mksquashfs $squash_dir $squash_img -comp xz -b 64K -Xdict-size 100% &> /dev/null
if [[ $? != 0 ]]; then
--add-section .cmdline="${uefi_outdir}/cmdline.txt" --change-section-vma .cmdline=0x30000 \
--add-section .linux="$kernel_image" --change-section-vma .linux=0x40000 \
--add-section .initrd="${DRACUT_TMPDIR}/initramfs.img" --change-section-vma .initrd=0x3000000 \
- "$uefi_stub" "${uefi_outdir}/linux.efi" \
- && cp --reflink=auto "${uefi_outdir}/linux.efi" "$outfile"; then
- dinfo "*** Creating UEFI image file '$outfile' done ***"
+ "$uefi_stub" "${uefi_outdir}/linux.efi"; then
+ if [[ -n "${uefi_secureboot_key}" && -n "${uefi_secureboot_cert}" ]]; then \
+ if sbsign \
+ --key "${uefi_secureboot_key}" \
+ --cert "${uefi_secureboot_cert}" \
+ --output "$outfile" "${uefi_outdir}/linux.efi"; then
+ dinfo "*** Creating signed UEFI image file '$outfile' done ***"
+ else
+ dfatal "*** Creating signed UEFI image file '$outfile' failed ***"
+ exit 1
+ fi
+ else
+ if cp --reflink=auto "${uefi_outdir}/linux.efi" "$outfile"; then
+ dinfo "*** Creating UEFI image file '$outfile' done ***"
+ fi
+ fi
else
rm -f -- "$outfile"
dfatal "*** Creating UEFI image file '$outfile' failed ***"