kernel-initramfs: Rework to use update-alternatives directly

- All valid initramfs types will be listed in INITRAMFS_FSTYPES so use that variable rather than open-coding a list of possibilities. - Since we're using the list of things that must exist now we don't need to test if the files exist anymore. And when signing, we can sign all of them now. - Add some python to do_package to update all of the ALTERNATIVES variables dynamically based on how we're configured. This introduces an alternative for the initramfs portion as well so there is a stable name. Signed-off-by: Tom Rini <trini@konsulko.com>
author: Tom Rini <trini@konsulko.com> 2018-05-05 09:38:03 -0400
committer: Jia Zhang <zhang.jia@linux.alibaba.com> 2018-05-06 18:59:55 +0800
commit: 4d27285e2874fdd112d1f0f06511ee68dcb145c4 (patch)
tree: 566d20006f2b7033d8302b31992390b4fd3f9f58
parent: e00aed3e080beac7907050524eb304f25bb039dd (diff)
download: meta-secure-core-4d27285e2874fdd112d1f0f06511ee68dcb145c4.tar.gz
2 files changed, 39 insertions, 63 deletions
diff --git a/meta-efi-secure-boot/recipes-kernel/linux/kernel-initramfs.bbappend b/meta-efi-secure-boot/recipes-kernel/linux/kernel-initramfs.bbappend
index 7a82aa7..bb61f70 100644
--- a/meta-efi-secure-boot/recipes-kernel/linux/kernel-initramfs.bbappend
+++ b/meta-efi-secure-boot/recipes-kernel/linux/kernel-initramfs.bbappend
@@ -4,56 +4,33 @@ inherit user-key-store deploy
 do_install[nostamp] = "1"
 fakeroot python do_sign() {
-    initramfs = None
    if d.getVar('BUNDLE', True) == '0':
-        initramfs = d.expand('${D}/boot/${INITRAMFS_IMAGE}${INITRAMFS_EXT_NAME}.cpio.gz')
+        for compr in d.getVar('INITRAMFS_FSTYPES').split():
+            uks_sel_sign(d.expand('${D}/boot/${INITRAMFS_IMAGE}${INITRAMFS_EXT_NAME}.') + compr, d)
    else:
-        initramfs = d.expand('${D}/boot/${KERNEL_IMAGETYPE}-initramfs${INITRAMFS_EXT_NAME}')
+        uks_sel_sign(d.expand('${D}/boot/${KERNEL_IMAGETYPE}-initramfs${INITRAMFS_EXT_NAME}'), d)
-    if initramfs == None or not os.path.exists(initramfs):
-        return
-    uks_sel_sign(initramfs, d)
 }
 addtask sign after do_install before do_deploy do_package
 do_sign[prefuncs] += "check_deploy_keys"
 do_deploy() {
-    initramfs=""
+    install -d "${DEPLOYDIR}"
-    initramfs_dest=""
+    for SIG in ${D}/boot/*.p7b; do
+        install -m 0644 ${SIG} ${DEPLOYDIR}
-    if [ "${BUNDLE}" = "0" ]; then
+    done
-        initramfs="${D}/boot/${INITRAMFS_IMAGE}${INITRAMFS_EXT_NAME}.cpio.gz"
-        initramfs_dest="${DEPLOYDIR}/${INITRAMFS_IMAGE}-${MACHINE}.cpio.gz"
-    else
-        initramfs="${D}/boot/${KERNEL_IMAGETYPE}-initramfs${INITRAMFS_EXT_NAME}"
-        initramfs_dest="${DEPLOYDIR}/${KERNEL_IMAGETYPE}-initramfs-${MACHINE}.bin"
-    fi
-    if [ -f "$initramfs.p7b" ]; then
-        install -d "${DEPLOYDIR}"
-        install -m 0644 "$initramfs.p7b" "$initramfs_dest.p7b"
-    fi
 }
 addtask deploy after do_install before do_build
-pkg_postinst_${PN}_append() {
+python do_package_prepend () {
-    if [ "${BUNDLE}" = "1" ] ; then
+    if d.getVar('BUNDLE') == '1':
-        update-alternatives --install "/boot/${KERNEL_IMAGETYPE}.p7b" \
+        d.appendVar(d.expand('ALTERNATIVE_${PN}'), ' ' + d.expand('${KERNEL_IMAGETYPE}' + '-initramfs.p7b'))
-            "${KERNEL_IMAGETYPE}.p7b" \
+        d.setVarFlag('ALTERNATIVE_LINK_NAME', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs.p7b', d.expand('/boot/${KERNEL_IMAGETYPE}-initramfs.p7b'))
-            "/boot/${KERNEL_IMAGETYPE}-initramfs${INITRAMFS_EXT_NAME}.p7b" 50101
+        d.setVarFlag('ALTERNATIVE_TARGET', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs.p7b', d.expand('/boot/${KERNEL_IMAGETYPE}-initramfs${INITRAMFS_EXT_NAME}.p7b'))
-    fi
+        d.setVarFlag('ALTERNATIVE_PRIORITY', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs.p7b', '50101')
+    else:
-    true
+        for compr in d.getVar('INITRAMFS_FSTYPES').split():
-}
+            d.appendVar(d.expand('ALTERNATIVE_${PN}'), ' ' + d.expand('${INITRAMFS_IMAGE}') + '.p7b')
+            d.setVarFlag('ALTERNATIVE_LINK_NAME', d.expand('${INITRAMFS_IMAGE}') + '.p7b', d.expand('/boot/${INITRAMFS_IMAGE}.p7b'))
-pkg_prerm_${PN}_append() {
+            d.setVarFlag('ALTERNATIVE_TARGET', d.expand('${INITRAMFS_IMAGE}') + '.p7b', d.expand('/boot/${INITRAMFS_IMAGE}${INITRAMFS_EXT_NAME}.' + compr + '.p7b'))
-    if [ "${BUNDLE}" = "1" ] ; then
+            d.setVarFlag('ALTERNATIVE_PRIORITY', d.expand('${INITRAMFS_IMAGE}') + '.p7b', '50101')
-        update-alternatives --remove "${KERNEL_IMAGETYPE}.p7b" \
-            "${KERNEL_IMAGETYPE}-initramfs${INITRAMFS_EXT_NAME}.p7b"
-    fi
-    true
 }
diff --git a/meta/recipes-core/images/kernel-initramfs.bb b/meta/recipes-core/images/kernel-initramfs.bb
index 5b17403..fd23e74 100644
--- a/meta/recipes-core/images/kernel-initramfs.bb
+++ b/meta/recipes-core/images/kernel-initramfs.bb
@@ -35,39 +35,38 @@ do_populate_lic[depends] += "virtual/kernel:do_deploy"
 do_install() {
    [ -z "${INITRAMFS_IMAGE}" ] && exit 0
+    install -d "${D}/boot"
    if [ "${BUNDLE}" = "0" ]; then
-        for suffix in cpio.gz cpio.lzo cpio.lzma cpio.xz; do
+        for suffix in ${INITRAMFS_FSTYPES}; do
            img="${DEPLOY_DIR_IMAGE}/${INITRAMFS_IMAGE}-${MACHINE}.$suffix"
-            if [ -s "$img" ]; then
+            install -m 0644 "$img" \
-                install -d "${D}/boot"
+                "${D}/boot/${INITRAMFS_IMAGE}${INITRAMFS_EXT_NAME}.$suffix"
-                install -m 0644 "$img" \
-                    "${D}/boot/${INITRAMFS_IMAGE}${INITRAMFS_EXT_NAME}.$suffix"
-                break
-            fi
        done
    else
        if [ -e "${DEPLOY_DIR_IMAGE}/${KERNEL_IMAGETYPE}-initramfs-${MACHINE}.bin" ]; then
-            install -d "${D}/boot"
            install -m 0644 "${DEPLOY_DIR_IMAGE}/${KERNEL_IMAGETYPE}-initramfs-${MACHINE}.bin" \
                "${D}/boot/${KERNEL_IMAGETYPE}-initramfs${INITRAMFS_EXT_NAME}"
        fi
    fi
 }
-pkg_postinst_${PN}() {
+inherit update-alternatives
-    if [ "${BUNDLE}" = "1" ]; then
-        update-alternatives --install "/boot/${KERNEL_IMAGETYPE}" \
+ALTERNATIVES_${PN} = ""
-            "${KERNEL_IMAGETYPE}" "/boot/${KERNEL_IMAGETYPE}-initramfs${INITRAMFS_EXT_NAME}" \
-            50101 || true
+python do_package_prepend () {
-    fi
+    if d.getVar('BUNDLE') == '1':
-}
+        d.appendVar(d.expand('ALTERNATIVE_${PN}'), ' ' + d.expand('${KERNEL_IMAGETYPE}' + '-initramfs'))
+        d.setVarFlag('ALTERNATIVE_LINK_NAME', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs', d.expand('/boot/${KERNEL_IMAGETYPE}-initramfs'))
-pkg_prerm_${PN}() {
+        d.setVarFlag('ALTERNATIVE_TARGET', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs', d.expand('/boot/${KERNEL_IMAGETYPE}-initramfs${INITRAMFS_EXT_NAME}'))
-    if [ "${BUNDLE}" = "1" ]; then
+        d.setVarFlag('ALTERNATIVE_PRIORITY', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs', '50101')
-        update-alternatives --remove "${KERNEL_IMAGETYPE}" \
+    else:
-            "${KERNEL_IMAGETYPE}-initramfs${INITRAMFS_EXT_NAME}" || true
+        for compr in d.getVar('INITRAMFS_FSTYPES').split():
-    fi
+            d.appendVar(d.expand('ALTERNATIVE_${PN}'), ' ' + d.expand('${INITRAMFS_IMAGE}'))
+            d.setVarFlag('ALTERNATIVE_LINK_NAME', d.expand('${INITRAMFS_IMAGE}'), d.expand('/boot/${INITRAMFS_IMAGE}'))
+            d.setVarFlag('ALTERNATIVE_TARGET', d.expand('${INITRAMFS_IMAGE}'), d.expand('/boot/${INITRAMFS_IMAGE}${INITRAMFS_EXT_NAME}.' + compr))
+            d.setVarFlag('ALTERNATIVE_PRIORITY', d.expand('${INITRAMFS_IMAGE}'), '50101')
 }
 PACKAGE_ARCH = "${MACHINE_ARCH}"
author	Tom Rini <trini@konsulko.com>	2018-05-05 09:38:03 -0400
committer	Jia Zhang <zhang.jia@linux.alibaba.com>	2018-05-06 18:59:55 +0800
commit	4d27285e2874fdd112d1f0f06511ee68dcb145c4 (patch)
tree	566d20006f2b7033d8302b31992390b4fd3f9f58
parent	e00aed3e080beac7907050524eb304f25bb039dd (diff)
download	meta-secure-core-4d27285e2874fdd112d1f0f06511ee68dcb145c4.tar.gz

diff --git a/meta-efi-secure-boot/recipes-kernel/linux/kernel-initramfs.bbappend b/meta-efi-secure-boot/recipes-kernel/linux/kernel-initramfs.bbappend index 7a82aa7..bb61f70 100644 --- a/meta-efi-secure-boot/recipes-kernel/linux/kernel-initramfs.bbappend +++ b/meta-efi-secure-boot/recipes-kernel/linux/kernel-initramfs.bbappend
@@ -4,56 +4,33 @@ inherit user-key-store deploy
4	do_install[nostamp] = "1"	4	do_install[nostamp] = "1"
5		5
6	fakeroot python do_sign() {	6	fakeroot python do_sign() {
7	initramfs = None
8
9	if d.getVar('BUNDLE', True) == '0':	7	if d.getVar('BUNDLE', True) == '0':
10	initramfs = d.expand('${D}/boot/${INITRAMFS_IMAGE}${INITRAMFS_EXT_NAME}.cpio.gz')	8	for compr in d.getVar('INITRAMFS_FSTYPES').split():
		9	uks_sel_sign(d.expand('${D}/boot/${INITRAMFS_IMAGE}${INITRAMFS_EXT_NAME}.') + compr, d)
11	else:	10	else:
12	initramfs = d.expand('${D}/boot/${KERNEL_IMAGETYPE}-initramfs${INITRAMFS_EXT_NAME}')	11	uks_sel_sign(d.expand('${D}/boot/${KERNEL_IMAGETYPE}-initramfs${INITRAMFS_EXT_NAME}'), d)
13
14	if initramfs == None or not os.path.exists(initramfs):
15	return
16
17	uks_sel_sign(initramfs, d)
18	}	12	}
19	addtask sign after do_install before do_deploy do_package	13	addtask sign after do_install before do_deploy do_package
20	do_sign[prefuncs] += "check_deploy_keys"	14	do_sign[prefuncs] += "check_deploy_keys"
21		15
22	do_deploy() {	16	do_deploy() {
23	initramfs=""	17	install -d "${DEPLOYDIR}"
24	initramfs_dest=""	18	for SIG in ${D}/boot/*.p7b; do
25		19	install -m 0644 ${SIG} ${DEPLOYDIR}
26	if [ "${BUNDLE}" = "0" ]; then	20	done
27	initramfs="${D}/boot/${INITRAMFS_IMAGE}${INITRAMFS_EXT_NAME}.cpio.gz"
28	initramfs_dest="${DEPLOYDIR}/${INITRAMFS_IMAGE}-${MACHINE}.cpio.gz"
29	else
30	initramfs="${D}/boot/${KERNEL_IMAGETYPE}-initramfs${INITRAMFS_EXT_NAME}"
31	initramfs_dest="${DEPLOYDIR}/${KERNEL_IMAGETYPE}-initramfs-${MACHINE}.bin"
32	fi
33
34	if [ -f "$initramfs.p7b" ]; then
35	install -d "${DEPLOYDIR}"
36
37	install -m 0644 "$initramfs.p7b" "$initramfs_dest.p7b"
38	fi
39	}	21	}
40	addtask deploy after do_install before do_build	22	addtask deploy after do_install before do_build
41		23
42	pkg_postinst_${PN}_append() {	24	python do_package_prepend () {
43	if [ "${BUNDLE}" = "1" ] ; then	25	if d.getVar('BUNDLE') == '1':
44	update-alternatives --install "/boot/${KERNEL_IMAGETYPE}.p7b" \	26	d.appendVar(d.expand('ALTERNATIVE_${PN}'), ' ' + d.expand('${KERNEL_IMAGETYPE}' + '-initramfs.p7b'))
45	"${KERNEL_IMAGETYPE}.p7b" \	27	d.setVarFlag('ALTERNATIVE_LINK_NAME', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs.p7b', d.expand('/boot/${KERNEL_IMAGETYPE}-initramfs.p7b'))
46	"/boot/${KERNEL_IMAGETYPE}-initramfs${INITRAMFS_EXT_NAME}.p7b" 50101	28	d.setVarFlag('ALTERNATIVE_TARGET', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs.p7b', d.expand('/boot/${KERNEL_IMAGETYPE}-initramfs${INITRAMFS_EXT_NAME}.p7b'))
47	fi	29	d.setVarFlag('ALTERNATIVE_PRIORITY', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs.p7b', '50101')
48		30	else:
49	true	31	for compr in d.getVar('INITRAMFS_FSTYPES').split():
50	}	32	d.appendVar(d.expand('ALTERNATIVE_${PN}'), ' ' + d.expand('${INITRAMFS_IMAGE}') + '.p7b')
51		33	d.setVarFlag('ALTERNATIVE_LINK_NAME', d.expand('${INITRAMFS_IMAGE}') + '.p7b', d.expand('/boot/${INITRAMFS_IMAGE}.p7b'))
52	pkg_prerm_${PN}_append() {	34	d.setVarFlag('ALTERNATIVE_TARGET', d.expand('${INITRAMFS_IMAGE}') + '.p7b', d.expand('/boot/${INITRAMFS_IMAGE}${INITRAMFS_EXT_NAME}.' + compr + '.p7b'))
53	if [ "${BUNDLE}" = "1" ] ; then	35	d.setVarFlag('ALTERNATIVE_PRIORITY', d.expand('${INITRAMFS_IMAGE}') + '.p7b', '50101')
54	update-alternatives --remove "${KERNEL_IMAGETYPE}.p7b" \
55	"${KERNEL_IMAGETYPE}-initramfs${INITRAMFS_EXT_NAME}.p7b"
56	fi
57
58	true
59	}	36	}


diff --git a/meta/recipes-core/images/kernel-initramfs.bb b/meta/recipes-core/images/kernel-initramfs.bb index 5b17403..fd23e74 100644 --- a/meta/recipes-core/images/kernel-initramfs.bb +++ b/meta/recipes-core/images/kernel-initramfs.bb
@@ -35,39 +35,38 @@ do_populate_lic[depends] += "virtual/kernel:do_deploy"
35	do_install() {	35	do_install() {
36	[ -z "${INITRAMFS_IMAGE}" ] && exit 0	36	[ -z "${INITRAMFS_IMAGE}" ] && exit 0
37		37
		38	install -d "${D}/boot"
38	if [ "${BUNDLE}" = "0" ]; then	39	if [ "${BUNDLE}" = "0" ]; then
39	for suffix in cpio.gz cpio.lzo cpio.lzma cpio.xz; do	40	for suffix in ${INITRAMFS_FSTYPES}; do
40	img="${DEPLOY_DIR_IMAGE}/${INITRAMFS_IMAGE}-${MACHINE}.$suffix"	41	img="${DEPLOY_DIR_IMAGE}/${INITRAMFS_IMAGE}-${MACHINE}.$suffix"
41		42
42	if [ -s "$img" ]; then	43	install -m 0644 "$img" \
43	install -d "${D}/boot"	44	"${D}/boot/${INITRAMFS_IMAGE}${INITRAMFS_EXT_NAME}.$suffix"
44	install -m 0644 "$img" \
45	"${D}/boot/${INITRAMFS_IMAGE}${INITRAMFS_EXT_NAME}.$suffix"
46	break
47	fi
48	done	45	done
49	else	46	else
50	if [ -e "${DEPLOY_DIR_IMAGE}/${KERNEL_IMAGETYPE}-initramfs-${MACHINE}.bin" ]; then	47	if [ -e "${DEPLOY_DIR_IMAGE}/${KERNEL_IMAGETYPE}-initramfs-${MACHINE}.bin" ]; then
51	install -d "${D}/boot"
52	install -m 0644 "${DEPLOY_DIR_IMAGE}/${KERNEL_IMAGETYPE}-initramfs-${MACHINE}.bin" \	48	install -m 0644 "${DEPLOY_DIR_IMAGE}/${KERNEL_IMAGETYPE}-initramfs-${MACHINE}.bin" \
53	"${D}/boot/${KERNEL_IMAGETYPE}-initramfs${INITRAMFS_EXT_NAME}"	49	"${D}/boot/${KERNEL_IMAGETYPE}-initramfs${INITRAMFS_EXT_NAME}"
54	fi	50	fi
55	fi	51	fi
56	}	52	}
57		53
58	pkg_postinst_${PN}() {	54	inherit update-alternatives
59	if [ "${BUNDLE}" = "1" ]; then	55
60	update-alternatives --install "/boot/${KERNEL_IMAGETYPE}" \	56	ALTERNATIVES_${PN} = ""
61	"${KERNEL_IMAGETYPE}" "/boot/${KERNEL_IMAGETYPE}-initramfs${INITRAMFS_EXT_NAME}" \	57
62	50101 \|\| true	58	python do_package_prepend () {
63	fi	59	if d.getVar('BUNDLE') == '1':
64	}	60	d.appendVar(d.expand('ALTERNATIVE_${PN}'), ' ' + d.expand('${KERNEL_IMAGETYPE}' + '-initramfs'))
65		61	d.setVarFlag('ALTERNATIVE_LINK_NAME', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs', d.expand('/boot/${KERNEL_IMAGETYPE}-initramfs'))
66	pkg_prerm_${PN}() {	62	d.setVarFlag('ALTERNATIVE_TARGET', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs', d.expand('/boot/${KERNEL_IMAGETYPE}-initramfs${INITRAMFS_EXT_NAME}'))
67	if [ "${BUNDLE}" = "1" ]; then	63	d.setVarFlag('ALTERNATIVE_PRIORITY', d.expand('${KERNEL_IMAGETYPE}') + '-initramfs', '50101')
68	update-alternatives --remove "${KERNEL_IMAGETYPE}" \	64	else:
69	"${KERNEL_IMAGETYPE}-initramfs${INITRAMFS_EXT_NAME}" \|\| true	65	for compr in d.getVar('INITRAMFS_FSTYPES').split():
70	fi	66	d.appendVar(d.expand('ALTERNATIVE_${PN}'), ' ' + d.expand('${INITRAMFS_IMAGE}'))
		67	d.setVarFlag('ALTERNATIVE_LINK_NAME', d.expand('${INITRAMFS_IMAGE}'), d.expand('/boot/${INITRAMFS_IMAGE}'))
		68	d.setVarFlag('ALTERNATIVE_TARGET', d.expand('${INITRAMFS_IMAGE}'), d.expand('/boot/${INITRAMFS_IMAGE}${INITRAMFS_EXT_NAME}.' + compr))
		69	d.setVarFlag('ALTERNATIVE_PRIORITY', d.expand('${INITRAMFS_IMAGE}'), '50101')
71	}	70	}
72		71
73	PACKAGE_ARCH = "${MACHINE_ARCH}"	72	PACKAGE_ARCH = "${MACHINE_ARCH}"