[secureboot] Fix some installation behavior for secureboot (#4980)
This commit is contained in:
Samuel Angebault
GitHub
parent
04615ca98c
commit
d8a79bc71e
@ -76,6 +76,7 @@ fi
|
|||||||
image_path="$target_path/$image_name"
|
image_path="$target_path/$image_name"
|
||||||
hook_path="$image_path/platform/hooks"
|
hook_path="$image_path/platform/hooks"
|
||||||
data_path="$image_path/platform/data"
|
data_path="$image_path/platform/data"
|
||||||
|
boot_image_path="$image_path/$boot_image"
|
||||||
installer_image_path="$image_path/$installer_image"
|
installer_image_path="$image_path/$installer_image"
|
||||||
|
|
||||||
boot_config="$target_path/boot-config"
|
boot_config="$target_path/boot-config"
|
||||||
@ -106,6 +107,7 @@ clean_flash() {
|
|||||||
for f in $(ls -A $target_path); do
|
for f in $(ls -A $target_path); do
|
||||||
if [ $f != "${swipath##*/}" ] &&
|
if [ $f != "${swipath##*/}" ] &&
|
||||||
[ $f != "boot-config" ] &&
|
[ $f != "boot-config" ] &&
|
||||||
|
[ $f != "preserve-installer" ] &&
|
||||||
[ $f != "$kernel_params" ] &&
|
[ $f != "$kernel_params" ] &&
|
||||||
[ $f != "aquota.user" ] &&
|
[ $f != "aquota.user" ] &&
|
||||||
[ $f != "old_config" ] &&
|
[ $f != "old_config" ] &&
|
||||||
@ -254,9 +256,47 @@ cleanup_swi_tmpfs() {
|
|||||||
clean_tmpfs "$(dirname "$swipath")"
|
clean_tmpfs "$(dirname "$swipath")"
|
||||||
}
|
}
|
||||||
|
|
||||||
extract_image() {
|
|
||||||
mkdir -p "$image_path"
|
|
||||||
|
|
||||||
|
SWI_ALREADY_INSTALLED=0
|
||||||
|
SWI_NOT_INSTALLED=1
|
||||||
|
SWI_VERSION_MISMATCH=2
|
||||||
|
SWI_OTHER_VARIANT_INSTALLED=3
|
||||||
|
|
||||||
|
is_swi_installed() {
|
||||||
|
local swi_path="$1"
|
||||||
|
local swi_version="$(unzip -qp "$swi_path" .imagehash)"
|
||||||
|
local local_version="$(cat $image_path/.imagehash 2>/dev/null || :)"
|
||||||
|
|
||||||
|
if [ -z "$local_version" ]; then
|
||||||
|
# no image installed for this version
|
||||||
|
return $SWI_NOT_INSTALLED
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "$swi_version" != "$local_version" ]; then
|
||||||
|
warn "Installed image has a different version than $swipath"
|
||||||
|
return $SWI_VERSION_MISMATCH
|
||||||
|
fi
|
||||||
|
|
||||||
|
if $secureboot; then
|
||||||
|
if [ -s "$installer_image_path" ]; then
|
||||||
|
# secureboot image already installed
|
||||||
|
return $SWI_ALREADY_INSTALLED
|
||||||
|
else
|
||||||
|
# regular image of the same version already installed
|
||||||
|
return $SWI_OTHER_VARIANT_INSTALLED
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
if [ -s "$boot_image_path" ]; then
|
||||||
|
# regular image already installed
|
||||||
|
return $SWI_ALREADY_INSTALLED
|
||||||
|
else
|
||||||
|
# secureboot image of the same version already installed
|
||||||
|
return $SWI_OTHER_VARIANT_INSTALLED
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
extract_image() {
|
||||||
info "Moving swi to a tmpfs"
|
info "Moving swi to a tmpfs"
|
||||||
## Avoid problematic flash usage spike on older systems, also improves I/O
|
## Avoid problematic flash usage spike on older systems, also improves I/O
|
||||||
swipath="$(move_swi_to_tmpfs "$swipath")"
|
swipath="$(move_swi_to_tmpfs "$swipath")"
|
||||||
@ -308,7 +348,6 @@ extract_image() {
|
|||||||
|
|
||||||
extract_image_secureboot() {
|
extract_image_secureboot() {
|
||||||
info "Extracting necessary swi content"
|
info "Extracting necessary swi content"
|
||||||
mkdir "$image_path"
|
|
||||||
unzip -oq "$swipath" platform/firsttime .imagehash -d "$image_path"
|
unzip -oq "$swipath" platform/firsttime .imagehash -d "$image_path"
|
||||||
|
|
||||||
info "Installing image as $installer_image_path"
|
info "Installing image as $installer_image_path"
|
||||||
@ -608,15 +647,20 @@ run_kexec() {
|
|||||||
|
|
||||||
secureboot_install() {
|
secureboot_install() {
|
||||||
if [ -e "$image_path" ]; then
|
if [ -e "$image_path" ]; then
|
||||||
warn "Image folder $image_path already exist, wiping..."
|
warn "Image folder $image_path already exist (likely regular install)"
|
||||||
rm -rf "$image_path"
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
mkdir -p "$image_path"
|
||||||
|
|
||||||
info "Installing image as $installer_image_path"
|
info "Installing image as $installer_image_path"
|
||||||
extract_image_secureboot
|
extract_image_secureboot
|
||||||
}
|
}
|
||||||
|
|
||||||
regular_install() {
|
regular_install() {
|
||||||
|
if [ -e "$image_path" ]; then
|
||||||
|
warn "Image folder $image_path already exist (likely secureboot install)"
|
||||||
|
fi
|
||||||
|
|
||||||
mkdir -p $image_path
|
mkdir -p $image_path
|
||||||
|
|
||||||
info "Generating boot-config, machine.conf and cmdline"
|
info "Generating boot-config, machine.conf and cmdline"
|
||||||
@ -670,6 +714,9 @@ elif [ ! -z "$kexec" ]; then
|
|||||||
do_clean=false
|
do_clean=false
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# Make sure boot-config exists to avoid noise
|
||||||
|
touch "$boot_config"
|
||||||
|
|
||||||
# Verbosity can be defined by the caller, default to false otherwise
|
# Verbosity can be defined by the caller, default to false otherwise
|
||||||
verbose=${verbose:-false}
|
verbose=${verbose:-false}
|
||||||
debug=${debug:-false}
|
debug=${debug:-false}
|
||||||
@ -693,7 +740,12 @@ if [ -z "$secureboot" ]; then
|
|||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# preserve original installer during regular install when set
|
||||||
preserve_installer=false
|
preserve_installer=false
|
||||||
|
if [ -f "$target_path/preserve-installer" ] ||
|
||||||
|
[ "$(get_boot_config PRESERVE_INSTALLER)" = "1" ]; then
|
||||||
|
preserve_installer=true
|
||||||
|
fi
|
||||||
|
|
||||||
# enable shell debug mode to get the most verbosity
|
# enable shell debug mode to get the most verbosity
|
||||||
if $verbose; then
|
if $verbose; then
|
||||||
@ -702,21 +754,23 @@ fi
|
|||||||
|
|
||||||
# install the image if newer
|
# install the image if newer
|
||||||
if $do_install; then
|
if $do_install; then
|
||||||
if ! unzip -l "$swipath" 2>&1 > /dev/null; then
|
if ! unzip -ql "$swipath" 2>&1 > /dev/null; then
|
||||||
err "The swipath= environment variable does not point to a valid SWI"
|
err "The swipath= environment variable does not point to a valid SWI"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# check the hash file in the image, and determine to install or just skip
|
swi_installed=0
|
||||||
GIT_REVISION="$(unzip -p "$swipath" .imagehash)"
|
is_swi_installed "$swipath" || swi_installed=$?
|
||||||
LOCAL_IMAGEHASH="$(cat $image_path/.imagehash 2>/dev/null || true)"
|
|
||||||
|
|
||||||
if [ "$GIT_REVISION" != "$LOCAL_IMAGEHASH" ] || [ ! -z "$force" ]; then
|
if [ "$swi_installed" -ne $SWI_ALREADY_INSTALLED ] || [ -n "$force" ]; then
|
||||||
if $do_clean; then
|
if [ "$swi_installed" -eq $SWI_VERSION_MISMATCH ] || [ -n "$force" ]; then
|
||||||
|
warn "Removing existing installation folder $image_path"
|
||||||
|
rm -rf $image_path
|
||||||
|
fi
|
||||||
|
if [ "$swi_installed" -ne $SWI_OTHER_VARIANT_INSTALLED ] && $do_clean; then
|
||||||
info "Cleaning flash content $target_path"
|
info "Cleaning flash content $target_path"
|
||||||
clean_flash
|
clean_flash
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if $secureboot; then
|
if $secureboot; then
|
||||||
secureboot_install
|
secureboot_install
|
||||||
else
|
else
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user