1 files changed, 68 insertions, 22 deletions

diff --git a/parabolaiso/mkparabolaiso b/parabolaiso/mkparabolaiso
index de48fae..6f04947 100755
--- a/parabolaiso/mkparabolaiso
+++ b/parabolaiso/mkparabolaiso
@@ -94,7 +94,7 @@ usage: ${app_name} [options] <profile_dir>
                       Default: '${iso_label}'
      -P <publisher>   Set the ISO publisher
                       Default: '${iso_publisher}'
-     -g <gpg_key>     Set the GPG key to be used for signing the squashfs image
+     -g <gpg_key>     Set the PGP key ID to be used for signing the rootfs image
      -h               This message
      -o <out_dir>     Set the output directory
                       Default: '${out_dir}'
@@ -154,6 +154,7 @@ _cleanup_airootfs() {
     # Delete package pacman related files.
     find "${work_dir}" \( -name '*.pacnew' -o -name '*.pacsave' -o -name '*.pacorig' \) -delete
     # Create an empty /etc/machine-id
+    rm -f -- "${airootfs_dir}/etc/machine-id"
     printf '' > "${airootfs_dir}/etc/machine-id"
 
     _msg_info "Done!"
@@ -230,12 +231,13 @@ _mkairootfs_erofs() {
 }
 
 _mksignature() {
-    _msg_info "Signing SquashFS image..."
+    _msg_info "Signing ${arch} rootfs image..."
     cd -- "${isofs_dir}/${install_dir}/${arch}"
+    # always use the .sig file extension, as that is what mkinitcpio-parabolaiso's hooks expect
     if [[ -e "${isofs_dir}/${install_dir}/${arch}/airootfs.sfs" ]]; then
-        gpg --detach-sign --default-key "${gpg_key}" airootfs.sfs
+        gpg --output airootfs.sfs.sig --detach-sign --default-key "${gpg_key}" airootfs.sfs
     elif [[ -e "${isofs_dir}/${install_dir}/${arch}/airootfs.erofs" ]]; then
-        gpg --detach-sign --default-key "${gpg_key}" airootfs.erofs
+        gpg --output airootfs.erofs.sig --detach-sign --default-key "${gpg_key}" airootfs.erofs
     fi
     cd -- "${OLDPWD}"
     _msg_info "Done!"
@@ -427,10 +429,10 @@ _make_bootmode_bios.syslinux.mbr() {
     if [[ -e "${isofs_dir}/syslinux/hdt.c32" ]]; then
         install -d -m 0755 -- "${isofs_dir}/syslinux/hdt"
         if [[ -e "${airootfs_dir}/usr/share/hwdata/pci.ids" ]]; then
-            gzip -c -9 "${airootfs_dir}/usr/share/hwdata/pci.ids" > \
+            gzip -cn9 "${airootfs_dir}/usr/share/hwdata/pci.ids" > \
                 "${isofs_dir}/syslinux/hdt/pciids.gz"
         fi
-        find "${airootfs_dir}/usr/lib/modules" -name 'modules.alias' -print -exec gzip -c -9 '{}' ';' -quit > \
+        find "${airootfs_dir}/usr/lib/modules" -name 'modules.alias' -print -exec gzip -cn9 '{}' ';' -quit > \
             "${isofs_dir}/syslinux/hdt/modalias.gz"
     fi
 
@@ -814,15 +816,10 @@ _add_xorrisofs_options_bios.syslinux.mbr() {
         '-isohybrid-mbr' "${isofs_dir}/syslinux/isohdpfx.bin"
         # When GPT is used, create an additional partition in the MBR (besides 0xEE) for sectors 0–1 (MBR
         # bootstrap code area) and mark it as bootable
-        # This violates the UEFI specification, but may allow booting on some systems
+        # May allow booting on some systems
         # https://wiki.archlinux.org/index.php/Partitioning#Tricking_old_BIOS_into_booting_from_GPT
         '--mbr-force-bootable'
-        # Set the ISO 9660 partition's type to "Linux filesystem data"
-        # When only MBR is present, the partition type ID will be 0x83 "Linux" as xorriso translates all
-        # GPT partition type GUIDs except for the ESP GUID to MBR type ID 0x83
-        '-iso_mbr_part_type' '0FC63DAF-8483-4772-8E79-3D69D8477DE4'
-        # Move the first partition away from the start of the ISO to match the expectations of partition
-        # editors
+        # Move the first partition away from the start of the ISO to match the expectations of partition editors
         # May allow booting on some systems
         # https://dev.lovelyhq.com/libburnia/libisoburn/src/branch/master/doc/partition_offset.wiki
         '-partition_offset' '16'
@@ -835,12 +832,26 @@ _add_xorrisofs_options_uefi-x64.systemd-boot.esp() {
     # partition will not be mountable
     # shellcheck disable=SC2076
     [[ " ${xorrisofs_options[*]} " =~ ' -partition_offset ' ]] || xorrisofs_options+=('-partition_offset' '16')
-    xorrisofs_options+=(
-        # Attach efiboot.img as a second partition and set its partition type to "EFI system partition"
-        '-append_partition' '2' 'C12A7328-F81F-11D2-BA4B-00A0C93EC93B' "${work_dir}/efiboot.img"
-        # Ensure GPT is used as some systems do not support UEFI booting without it
-        '-appended_part_as_gpt'
-    )
+    # Attach efiboot.img as a second partition and set its partition type to "EFI system partition"
+    xorrisofs_options+=('-append_partition' '2' 'C12A7328-F81F-11D2-BA4B-00A0C93EC93B' "${work_dir}/efiboot.img")
+    # Ensure GPT is used as some systems do not support UEFI booting without it
+    # shellcheck disable=SC2076
+    if [[ " ${bootmodes[*]} " =~ ' bios.syslinux.mbr ' ]]; then
+        # A valid GPT prevents BIOS booting on some systems, instead use an invalid GPT (without a protective MBR).
+        # The attached partition will have the EFI system partition type code in MBR, but in the invalid GPT it will
+        # have a Microsoft basic partition type code.
+        if [[ ! " ${bootmodes[*]} " =~ ' uefi-x64.systemd-boot.eltorito ' ]]; then
+            # If '-isohybrid-gpt-basdat' is specified before '-e', then the appended EFI system partition will have the
+            # EFI system partition type ID/GUID in both MBR and GPT. If '-isohybrid-gpt-basdat' is specified after '-e',
+            # the appended EFI system partition will have the Microsoft basic data type GUID in GPT.
+            if [[ ! " ${xorrisofs_options[*]} " =~ ' -isohybrid-gpt-basdat ' ]]; then
+                xorrisofs_options+=('-isohybrid-gpt-basdat')
+            fi
+        fi
+    else
+        # Use valid GPT if BIOS booting support will not be required
+        xorrisofs_options+=('-appended_part_as_gpt')
+    fi
 }
 
 # systemd-boot via El Torito
@@ -856,6 +867,15 @@ _add_xorrisofs_options_uefi-x64.systemd-boot.eltorito() {
             # Boot image is not emulating floppy or hard disk; required for all known boot loaders
             '-no-emul-boot'
         )
+        # A valid GPT prevents BIOS booting on some systems, use an invalid GPT instead.
+        if [[ " ${bootmodes[*]} " =~ ' bios.syslinux.mbr ' ]]; then
+            # If '-isohybrid-gpt-basdat' is specified before '-e', then the appended EFI system partition will have the
+            # EFI system partition type ID/GUID in both MBR and GPT. If '-isohybrid-gpt-basdat' is specified after '-e',
+            # the appended EFI system partition will have the Microsoft basic data type GUID in GPT.
+            if [[ ! " ${xorrisofs_options[*]} " =~ ' -isohybrid-gpt-basdat ' ]]; then
+                xorrisofs_options+=('-isohybrid-gpt-basdat')
+            fi
+        fi
     else
         # The ISO will not contain a GPT partition table, so to be able to reference efiboot.img, place it as a
         # file inside the ISO 9660 file system
@@ -895,6 +915,15 @@ _add_xorrisofs_options_uefi-x64.refind.eltorito() {
             # Boot image is not emulating floppy or hard disk; required for all known boot loaders
             '-no-emul-boot'
         )
+        # A valid GPT prevents BIOS booting on some systems, use an invalid GPT instead.
+        if [[ " ${bootmodes[*]} " =~ ' bios.syslinux.mbr ' ]]; then
+            # If '-isohybrid-gpt-basdat' is specified before '-e', then the appended EFI system partition will have the
+            # EFI system partition type ID/GUID in both MBR and GPT. If '-isohybrid-gpt-basdat' is specified after '-e',
+            # the appended EFI system partition will have the Microsoft basic data type GUID in GPT.
+            if [[ ! " ${xorrisofs_options[*]} " =~ ' -isohybrid-gpt-basdat ' ]]; then
+                xorrisofs_options+=('-isohybrid-gpt-basdat')
+            fi
+        fi
     else
         # The ISO will not contain a GPT partition table, so to be able to reference efiboot.img, place it as a
         # file inside the ISO 9660 file system
@@ -1115,12 +1144,29 @@ _export_gpg_publickey() {
 }
 
 _make_version() {
+    local osrelease
     install -d -m 0755 -- "${isofs_dir}/${install_dir}"
-    _msg_info "Creating ${arch} files with iso version..."
+    _msg_info "Creating files with iso version..."
+    # Write version file to airootfs
+    rm -f -- "${airootfs_dir}/version"
     printf '%s\n' "${iso_version}" > "${airootfs_dir}/version"
+    # Write version file to ISO 9660
     printf '%s\n' "${iso_version}" > "${isofs_dir}/${install_dir}/version"
-    printf '%.1024s' "$(printf '# GRUB Environment Block\nVERSION=%s\n%s' "${iso_version}" \
-        "$(printf '%0.1s' "#"{1..1024})")" > "${isofs_dir}/${install_dir}/grubenv"
+    # Write grubenv with version information to ISO 9660
+    printf '%.1024s' "$(printf '# GRUB Environment Block\nNAME=%s\nVERSION=%s\n%s' \
+        "${iso_name}" "${iso_version}" "$(printf '%0.1s' "#"{1..1024})")" \
+        > "${isofs_dir}/${install_dir}/grubenv"
+    # Append IMAGE_ID & IMAGE_VERSION to os-release
+    osrelease="$(realpath -- "${airootfs_dir}/etc/os-release")"
+    if [[ ! -e "${airootfs_dir}/etc/os-release" && -e "${airootfs_dir}/usr/lib/os-release" ]]; then
+        osrelease="$(realpath -- "${airootfs_dir}/usr/lib/os-release")"
+    fi
+    if [[ "${osrelease}" != "${airootfs_dir}"* ]]; then
+        _msg_warning "os-release file '${osrelease}' is outside of valid path."
+    else
+        [[ ! -e "${osrelease}" ]] || sed -i '/^IMAGE_ID=/d;/^IMAGE_VERSION=/d' "${osrelease}"
+        printf 'IMAGE_ID=%s\nIMAGE_VERSION=%s\n' "${iso_name}" "${iso_version}" >> "${osrelease}"
+    fi
     _msg_info "Done!"
 }