diff options
Diffstat (limited to 'parabolaiso/mkparabolaiso')
| -rwxr-xr-x | parabolaiso/mkparabolaiso | 72 |
1 files changed, 47 insertions, 25 deletions
diff --git a/parabolaiso/mkparabolaiso b/parabolaiso/mkparabolaiso index 26fa82d..ac2d6ec 100755 --- a/parabolaiso/mkparabolaiso +++ b/parabolaiso/mkparabolaiso @@ -166,9 +166,10 @@ _cleanup_pacstrap_dir() { [[ -d "${pacstrap_dir}/var/tmp" ]] && find "${pacstrap_dir}/var/tmp" -mindepth 1 -delete # Delete package pacman related files. find "${work_dir}" \( -name '*.pacnew' -o -name '*.pacsave' -o -name '*.pacorig' \) -delete - # Create an empty /etc/machine-id + # Create /etc/machine-id with special value 'uninitialized': the final id is + # generated on first boot, systemd's first-boot mechanism applies (see machine-id(5)) rm -f -- "${pacstrap_dir}/etc/machine-id" - printf '' > "${pacstrap_dir}/etc/machine-id" + printf 'uninitialized\n' > "${pacstrap_dir}/etc/machine-id" _msg_info "Done!" } @@ -364,6 +365,20 @@ _make_packages() { local buildmode_pkg_list_arch eval "buildmode_pkg_list_arch=(\${buildmode_pkg_list_${arch}[@]})" + if [[ -v gpg_publickey ]]; then + exec {PARABOLAISO_GNUPG_FD}<"$gpg_publickey" + export PARABOLAISO_GNUPG_FD + fi + if [[ -v cert_list[0] ]]; then + exec {PARABOLAISO_TLS_FD}<"${cert_list[0]}" + export PARABOLAISO_TLS_FD + fi + if [[ -v cert_list[2] ]]; then + exec {PARABOLAISO_TLSCA_FD}<"${cert_list[2]}" + export PARABOLAISO_TLSCA_FD + fi + + # Install the qemu-arm-static binary if [[ "${arch}" == "armv7h" ]] && ! setarch armv7l /bin/true 2>/dev/null; then # Make sure that qemu-static is set up with binfmt_misc @@ -378,20 +393,6 @@ _make_packages() { install -m 0755 -- /usr/bin/qemu-arm-static "${pacstrap_dir}/usr/bin" fi - if [[ -n "${gpg_key}" ]]; then - exec {PARABOLAISO_GNUPG_FD}<>"${work_dir}/pubkey.gpg" - export PARABOLAISO_GNUPG_FD - fi - if [[ -v cert_list[0] ]]; then - exec {PARABOLAISO_TLS_FD}<>"${cert_list[0]}" - export PARABOLAISO_TLS_FD - fi - if [[ -v cert_list[2] ]]; then - exec {PARABOLAISO_TLSCA_FD}<>"${cert_list[2]}" - export PARABOLAISO_TLSCA_FD - fi - - # Unset TMPDIR to work around https://bugs.archlinux.org/task/70580 if [[ "${quiet}" = "y" ]]; then env -u TMPDIR pacstrap -C "${work_dir}/${buildmode}.pacman.conf.${arch}" -c -G -M -- "${pacstrap_dir}" "${buildmode_pkg_list[@]}" "${buildmode_pkg_list_arch[@]}" &> /dev/null @@ -399,6 +400,11 @@ _make_packages() { env -u TMPDIR pacstrap -C "${work_dir}/${buildmode}.pacman.conf.${arch}" -c -G -M -- "${pacstrap_dir}" "${buildmode_pkg_list[@]}" "${buildmode_pkg_list_arch[@]}" fi + # Delete the qemu-arm-static binary + if [[ "${arch}" == "armv7h" ]] && ! setarch armv7l /bin/true 2>/dev/null; then + rm -f -- "${pacstrap_dir}/usr/bin/qemu-arm-static" + fi + if [[ -v cert_list[0] ]]; then exec {PARABOLAISO_TLS_FD}<&- unset PARABOLAISO_TLS_FD @@ -407,16 +413,11 @@ _make_packages() { exec {PARABOLAISO_TLSCA_FD}<&- unset PARABOLAISO_TLSCA_FD fi - if [[ -n "${gpg_key}" ]]; then + if [[ -v gpg_publickey ]]; then exec {PARABOLAISO_GNUPG_FD}<&- unset PARABOLAISO_GNUPG_FD fi - # Delete the qemu-arm-static binary - if [[ "${arch}" == "armv7h" ]] && ! setarch armv7l /bin/true 2>/dev/null; then - rm -f -- "${pacstrap_dir}/usr/bin/qemu-arm-static" - fi - _msg_info "Done! Packages installed successfully." } @@ -737,6 +738,13 @@ _make_bootmode_uefi-x64.grub.esp() { mcopy -i "${efibootimg}" "${pacstrap_dir}/usr/share/edk2-shell/x64/Shell_Full.efi" ::/shellx64.efi fi + # Add other aditional/extra files to ${install_dir}/boot/ + if [[ -e "${pacstrap_dir}/boot/memtest86+/memtest.efi" ]]; then + install -d -m 0755 -- "${isofs_dir}/boot/memtest86+/" + install -m 0644 -- "${pacstrap_dir}/boot/memtest86+/memtest.efi" "${isofs_dir}/boot/memtest86+/memtest.efi" + install -m 0644 -- "${pacstrap_dir}/usr/share/licenses/common/GPL2/license.txt" "${isofs_dir}/boot/memtest86+/" + fi + _msg_info "Done! GRUB set up for UEFI booting successfully." } @@ -1016,6 +1024,10 @@ _validate_requirements_bootmode_uefi-x64.grub.esp() { if [[ ! " ${pkg_list[*]} " =~ ' edk2-shell ' ]]; then _msg_info "'edk2-shell' is not in the package list. The ISO will not contain a bootable UEFI shell." fi + # shellcheck disable=SC2076 + if [[ ! " ${pkg_list[*]} " =~ ' memtest86+-efi ' ]]; then + _msg_info "Validating '${bootmode}': 'memtest86+-efi' is not in the package list. Memory testing will not be available from GRUB." + fi } _validate_requirements_bootmode_uefi-x64.grub.eltorito() { @@ -1596,7 +1608,7 @@ _read_profile() { # Validate set options _validate_options() { - local validation_error=0 _buildmode + local validation_error=0 _buildmode certfile _msg_info "Validating options..." # Check if pacman configuration file exists @@ -1605,6 +1617,14 @@ _validate_options() { _msg_error "File '${pacman_conf}' does not exist." 0 fi + # Check if the code signing certificate files exist + for certfile in "${cert_list[@]}"; do + if [[ ! -e "$certfile" ]]; then + (( validation_error=validation_error+1 )) + _msg_error "Code signing certificate '${certfile}' does not exist." 0 + fi + done + # Check if the specified buildmodes are supported for _buildmode in "${buildmodes[@]}"; do if typeset -f "_build_buildmode_${_buildmode}" &> /dev/null; then @@ -1687,8 +1707,10 @@ _set_overrides() { } _export_gpg_publickey() { - rm -f -- "${work_dir}/pubkey.gpg" - gpg --batch --no-armor --output "${work_dir}/pubkey.gpg" --export "${gpg_key}" + gpg_publickey="${work_dir}/pubkey.gpg" + rm -f -- "$gpg_publickey" + gpg --batch --no-armor --output "$gpg_publickey" --export "${gpg_key}" + [[ -s "$gpg_publickey" ]] || return } _make_version() { |