From: Daan De Meyer Date: Tue, 1 Oct 2024 12:46:24 +0000 (+0200) Subject: Simplify run_ukify() and related functions a little X-Git-Tag: v25~241^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e6ff2b4f6f8982ad801d73236c55c6bb960ae5c0;p=thirdparty%2Fmkosi.git Simplify run_ukify() and related functions a little --- diff --git a/mkosi/__init__.py b/mkosi/__init__.py index d81d23e4e..28c24eaf5 100644 --- a/mkosi/__init__.py +++ b/mkosi/__init__.py @@ -1481,16 +1481,26 @@ def want_signed_pcrs(config: Config) -> bool: def run_ukify( context: Context, - arch: str, stub: Path, output: Path, - arguments: list[PathString], - options: list[PathString], + *, + cmdline: str = "", + arguments: Sequence[PathString] = (), + options: Sequence[PathString] = (), ) -> None: ukify = context.config.find_binary("ukify", "/usr/lib/systemd/ukify") if not ukify: die("Could not find ukify") + if not (arch := context.config.architecture.to_efi()): + die(f"Architecture {context.config.architecture} does not support UEFI") + + cmdline = cmdline.strip() + + # Older versions of systemd-stub expect the cmdline section to be null terminated. We can't + # embed NUL terminators in argv so let's communicate the cmdline via a file instead. + (context.workspace / "cmdline").write_text(f"{cmdline}\x00") + cmd = [ python_binary(context.config, binary=ukify), ukify, @@ -1499,11 +1509,13 @@ def run_ukify( "--efi-arch", arch, "--stub", stub, "--output", workdir(output), + *(["--cmdline", f"@{context.workspace / 'cmdline'}"] if cmdline else []), ] # fmt: skip - options += [ + opt: list[PathString] = [ "--ro-bind", stub, stub, "--bind", output.parent, workdir(output.parent), + "--ro-bind", context.workspace / "cmdline", context.workspace / "cmdline", ] # fmt: skip if context.config.secure_boot: @@ -1516,14 +1528,14 @@ def run_ukify( "--secureboot-private-key", context.config.secure_boot_key, "--secureboot-certificate", context.config.secure_boot_certificate, ] # fmt: skip - options += [ + opt += [ "--ro-bind", context.config.secure_boot_certificate, context.config.secure_boot_certificate, ] # fmt: skip if context.config.secure_boot_key_source.type == KeySourceType.engine: cmd += ["--signing-engine", context.config.secure_boot_key_source.source] - options += ["--bind-try", "/run/pcscd", "/run/pcscd"] + opt += ["--bind-try", "/run/pcscd", "/run/pcscd"] if context.config.secure_boot_key.exists(): - options += ["--ro-bind", context.config.secure_boot_key, context.config.secure_boot_key] + opt += ["--ro-bind", context.config.secure_boot_key, context.config.secure_boot_key] else: pesign_prepare(context) cmd += [ @@ -1533,13 +1545,13 @@ def run_ukify( "--secureboot-certificate-name", certificate_common_name(context, context.config.secure_boot_certificate), ] # fmt: skip - options += ["--ro-bind", context.workspace / "pesign", context.workspace / "pesign"] + opt += ["--ro-bind", context.workspace / "pesign", context.workspace / "pesign"] run( cmd, sandbox=context.sandbox( binary=ukify, - options=options, + options=[*opt, *options], devices=context.config.secure_boot_key_source.type != KeySourceType.file, ), ) @@ -1555,18 +1567,10 @@ def build_uki( cmdline: Sequence[str], output: Path, ) -> None: - # Older versions of systemd-stub expect the cmdline section to be null terminated. We can't - # embed NUL terminators in argv so let's communicate the cmdline via a file instead. - (context.workspace / "cmdline").write_text(f"{' '.join(cmdline).strip()}\x00") - - if not (arch := context.config.architecture.to_efi()): - die(f"Architecture {context.config.architecture} does not support UEFI") - if not (ukify := context.config.find_binary("ukify", "/usr/lib/systemd/ukify")): die("Could not find ukify") arguments: list[PathString] = [ - *(["--cmdline", f"@{context.workspace / 'cmdline'}"] if cmdline else []), "--os-release", f"@{context.root / 'usr/lib/os-release'}", "--uname", kver, "--linux", kimg, @@ -1626,7 +1630,7 @@ def build_uki( options += ["--ro-bind", initrd, initrd] with complete_step(f"Generating unified kernel image for kernel version {kver}"): - run_ukify(context, arch, stub, output, arguments, options) + run_ukify(context, stub, output, cmdline=" ".join(cmdline), arguments=arguments, options=options) def systemd_stub_binary(context: Context) -> Path: @@ -1938,26 +1942,10 @@ def install_uki( f.write("fi\n") -def build_pe_addon(context: Context, arch: str, stub: Path, config: Path, output: Path) -> None: - arguments: list[PathString] = [ - "--config", config, - ] # fmt: skip - - options: list[PathString] = [ - "--ro-bind", config, config, - ] # fmt: skip - - with complete_step(f"Generating PE addon /{output.relative_to(context.root)}"): - run_ukify(context, arch, stub, output, arguments, options) - - def install_pe_addons(context: Context) -> None: if not context.config.pe_addons: return - if not (arch := context.config.architecture.to_efi()): - die(f"Architecture {context.config.architecture} does not support UEFI") - stub = systemd_addon_stub_binary(context) if not stub.exists(): die(f"sd-stub not found at /{stub.relative_to(context.root)} in the image") @@ -1968,7 +1956,15 @@ def install_pe_addons(context: Context) -> None: for addon in context.config.pe_addons: output = addon_dir / addon.with_suffix(".addon.efi").name - build_pe_addon(context, arch, stub, config=addon, output=output) + + with complete_step(f"Generating PE addon /{output.relative_to(context.root)}"): + run_ukify( + context, + stub, + output, + arguments=["--config", addon], + options=["--ro-bind", addon, addon], + ) def systemd_addon_stub_binary(context: Context) -> Path: