From: Luca Boccassi <luca.boccassi@gmail.com>
Date: Mon, 17 Feb 2025 13:20:09 +0000 (+0000)
Subject: mkosi-obs: when building DDI + UKI, update ESP after signing
X-Git-Tag: v26~371^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bdd72fefc7963e7b8b6b0c6372f85b2c3645e108;p=thirdparty%2Fmkosi.git

mkosi-obs: when building DDI + UKI, update ESP after signing

If a DDI with an ESP is built, update the UKI after signing it
---

diff --git a/mkosi/resources/mkosi-obs/mkosi.build b/mkosi/resources/mkosi-obs/mkosi.build
index f297962ee..6031ee157 100755
--- a/mkosi/resources/mkosi-obs/mkosi.build
+++ b/mkosi/resources/mkosi-obs/mkosi.build
@@ -58,6 +58,23 @@ while read -r SIG; do
     fi
 
     rm -f "$(basename "${infile}").sattrs" "$SIG" "$infile"
+
+    # If there is a DDI with an ESP, add the UKI to it
+    if [ -f "${DEST%efi}raw" ] || [ -f "${DEST%efi}raw.zst" ]; then
+        if [ -f "${DEST%efi}raw.zst" ]; then
+            unzstd "${DEST%efi}raw.zst"
+        fi
+        offset="$(systemd-repart --json=short "${DEST%efi}raw" | jq -r '.[] | select(.type == "esp") | .offset')"
+        if [ "$offset" = "null" ]; then
+            rm -f "${DEST%efi}raw"
+            continue
+        fi
+        mcopy -o -i "${DEST%efi}raw@@${offset}" "$DEST" "::EFI/Linux/$(basename "$DEST")"
+        if [ -f "${DEST%efi}raw.zst" ]; then
+            zstd --force "${DEST%efi}raw"
+            rm -f "${DEST%efi}raw"
+        fi
+    fi
 done < <(find hashes/ukis hashes/kernels -type f \( -name '*efi.sig' -o -name 'vmlinu*.sig' \) -printf '%P\n')
 rm -rf nss-db "$OUTPUTDIR"/*.sig hashes/ukis