From: Jan Janssen Date: Fri, 26 Nov 2021 13:00:02 +0000 (+0100) Subject: meson: Default to sbat-distro=auto X-Git-Tag: v250-rc1~126^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=252b6b1bfd5912ffd11db095b6675086e1f9b3d2;p=thirdparty%2Fsystemd.git meson: Default to sbat-distro=auto Any recent shim will refuse starting an image that does not have an sbat section and will do so with a generic "Security Violation" message. And it is very easy to forget passing -Dsbat-distro=auto to meson when creating a fresh build dir. Adding sbat info when shim is not used or secure boot is disabled does not hurt anyone, so default to auto. This still ensures to not add auto-detected info in case we are cross building. --- diff --git a/meson_options.txt b/meson_options.txt index c09a23dc03e..1e91bf1fd2b 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -417,7 +417,7 @@ option('efi-libdir', type : 'string', description : 'path to the EFI lib directory') option('efi-includedir', type : 'string', value : '/usr/include/efi', description : 'path to the EFI header directory') -option('sbat-distro', type : 'string', +option('sbat-distro', type : 'string', value : 'auto', description : 'SBAT distribution ID, e.g. fedora, or auto for autodetection') option('sbat-distro-generation', type : 'integer', value : 1, description : 'SBAT distribution generation') diff --git a/src/boot/efi/meson.build b/src/boot/efi/meson.build index 06e42d979d6..a32948a9c26 100644 --- a/src/boot/efi/meson.build +++ b/src/boot/efi/meson.build @@ -162,7 +162,9 @@ foreach ctype : ['color-normal', 'color-entry', 'color-highlight', 'color-edit'] 'EFI_' + c[1].strip().underscorify().to_upper())) endforeach -if get_option('sbat-distro') != '' +if meson.is_cross_build() and get_option('sbat-distro') == 'auto' + warning('Auto detection of SBAT information not supported when cross-building, disabling SBAT.') +elif get_option('sbat-distro') != '' efi_conf.set_quoted('SBAT_PROJECT', meson.project_name()) efi_conf.set_quoted('PROJECT_VERSION', meson.project_version()) efi_conf.set('PROJECT_URL', conf.get('PROJECT_URL')) @@ -174,7 +176,7 @@ if get_option('sbat-distro') != '' ['sbat-distro-summary', 'NAME'], ['sbat-distro-url', 'BUG_REPORT_URL']] value = get_option(sbatvar[0]) - if (value == '' and not meson.is_cross_build()) or value == 'auto' + if (value == '' or value == 'auto') and not meson.is_cross_build() cmd = 'if [ -e /etc/os-release ]; then . /etc/os-release; else . /usr/lib/os-release; fi; echo $@0@'.format(sbatvar[1]) value = run_command(sh, '-c', cmd).stdout().strip() message('@0@ (from @1@): @2@'.format(sbatvar[0], sbatvar[1], value))