+# package validator {{{
+CHECKLOG=/var/log/fai/$HOSTNAME/last
+if [ -r "$CHECKLOG/dpkg.selections" ] ; then
+ package_count=$(wc -l "$CHECKLOG/dpkg.selections" | awk '{print $1}')
+else
+ package_count="unknown"
+fi
+
+mkdir -p "$REPORTS"
+REPORT_MISSING_PACKAGES="${REPORTS}/TEST-MissingPackages.xml"
+
+# check for missing packages
+if ! [ -s "$CHECKLOG/package_errors.log" ] ; then
+ einfo "No missing packages found, generating empty junit report."
+
+ cat > "${REPORT_MISSING_PACKAGES}" << EOF
+<?xml version="1.0" encoding="UTF-8"?>
+<testsuite name="grml-live-missing-packages" tests="${package_count}" time="1" failures="0" errors="0" skipped="0" assertions="0">
+ <testcase name="test_missing_packages" time="0" assertions="0">
+ </testcase>
+ <system-out>
+ </system-out>
+ <system-err>
+ </system-err>
+</testsuite>
+EOF
+ eend 0
+else
+ einfo "Missing packages found, generating junit report."
+
+ if [ -r "$CHECKLOG/package_errors.log" ] ; then
+ package_errors=$(wc -l "$CHECKLOG/package_errors.log" | awk '{print $1}')
+ else
+ package_errors="unknown"
+ fi
+
+ mkdir -p "$REPORTS"
+ REPORT_MISSING_PACKAGES="${REPORTS}/TEST-MissingPackages.xml"
+
+ cat > "${REPORT_MISSING_PACKAGES}" << EOF
+<?xml version="1.0" encoding="UTF-8"?>
+<testsuite name="grml-live-missing-packages" tests="${package_count}" time="1" failures="${package_errors}" errors="${package_errors}" skipped="0" assertions="0">
+EOF
+
+ for package in $(awk '{print $1}' "${CHECKLOG}/package_errors.log" | sed 's;/;\\/;') ; do
+ failure_reason="$(awk "/$package/ {print \$2}" "${CHECKLOG}/package_errors.log")"
+ cat >> "${REPORT_MISSING_PACKAGES}" << EOF
+ <testcase name="test_missing_packages_${package}" time="0" assertions="0">
+ <failure type="${failure_reason}" message="Package ${package} is missing">
+Package $package is missing in chroot (${failure_reason})
+ </failure>
+ </testcase>
+EOF
+ done
+
+ cat >> "${REPORT_MISSING_PACKAGES}" << EOF
+ <system-out>
+ </system-out>
+ <system-err>
+ </system-err>
+</testsuite>
+EOF
+ eend 0
+
+ if [ -n "$EXIT_ON_MISSING_PACKAGES" -a -z "$BUILD_DIRTY" ] ; then
+ eerror "The following packages were requested for installation but could not be processed:"
+ cat "$CHECKLOG/package_errors.log"
+ eerror "... exiting as requested via \$EXIT_ON_MISSING_PACKAGES."
+ eend 1
+ bailout 13
+ else
+ ewarn "The following packages were requested for installation but could not be processed:"
+ cat "$CHECKLOG/package_errors.log"
+ eend 0
+ fi
+fi
+# }}}
+
+# grub boot {{{
+grub_setup() {
+ EFI_IMG="/boot/efi.img"
+
+ local efi_size
+ if [[ "${SECURE_BOOT:-}" == "disable" ]] || [[ "${ARCH:-}" == "i386" ]] ; then
+ efi_size='4M'
+ else
+ # e.g. templates/EFI/debian for Secure Boot has >4MB and needs more space
+ efi_size='8M'
+ fi
+
+ if [[ "$ARCH" == "amd64" ]] || [[ "$ARCH" == "arm64" ]] ; then
+ case "$ARCH" in
+ arm64)
+ BOOTX64="/boot/bootaa64.efi"
+ ;;
+ amd64)
+ BOOTX64="/boot/bootx64.efi"
+ ;;
+ esac
+
+ # important: this depends on execution of ${GRML_FAI_CONFIG}/config/scripts/GRMLBASE/45-grub-images
+ if ! [ -r "${CHROOT_OUTPUT}/${BOOTX64}" ] ; then
+ log "Can not access GRUB efi image ${CHROOT_OUTPUT}/${BOOTX64}, required for Secure Boot support"
+ eerror "Can not access GRUB efi image ${CHROOT_OUTPUT}/${BOOTX64}, required for Secure Boot support" ; eend 1
+ log "Possible reason is failure to run ${GRML_FAI_CONFIG}/config/scripts/GRMLBASE/45-grub-images"
+ ewarn "Possible reason is failure to run ${GRML_FAI_CONFIG}/config/scripts/GRMLBASE/45-grub-images"
+ bailout 50
+ fi
+
+ dd if=/dev/zero of="${CHROOT_OUTPUT}/${EFI_IMG}" bs="${efi_size}" count=1 2>/dev/null || bailout 50
+ mkfs.vfat -n GRML "${CHROOT_OUTPUT}/${EFI_IMG}" >/dev/null || bailout 51
+ mmd -i "${CHROOT_OUTPUT}/${EFI_IMG}" ::EFI || bailout 52
+ mmd -i "${CHROOT_OUTPUT}/${EFI_IMG}" ::EFI/BOOT || bailout 52
+
+ if [ "${SECURE_BOOT:-}" = "disable" ] ; then
+ log "Secure Boot is disabled."
+ einfo "Secure Boot is disabled." ; eend 0
+
+ # install "$BOOTX64" as ::EFI/BOOT/{bootx64.efi|bootaa64.efi} inside image file "$EFI_IMG":
+ case "$ARCH" in
+ arm64)
+ mcopy -i "${CHROOT_OUTPUT}/${EFI_IMG}" "${CHROOT_OUTPUT}/${BOOTX64}" ::EFI/BOOT/bootaa64.efi >/dev/null || bailout 53
+ ;;
+ amd64)
+ mcopy -i "${CHROOT_OUTPUT}/${EFI_IMG}" "${CHROOT_OUTPUT}/${BOOTX64}" ::EFI/BOOT/bootx64.efi >/dev/null || bailout 53
+ ;;
+ esac
+
+ log "Generated 64-bit EFI image $BOOTX64"
+ einfo "Generated 64-bit EFI image $BOOTX64" ; eend 0
+ else
+ case "${SECURE_BOOT}" in
+ disable*)
+ log "Secure Boot is disabled [mode: ${SECURE_BOOT}]"
+ einfo "Secure Boot is disabled [mode: ${SECURE_BOOT}]" ; eend 0
+ ;;
+ debian|ubuntu)
+ log "Secure Boot is enabled [mode: ${SECURE_BOOT}]"
+ einfo "Secure Boot is enabled [mode: ${SECURE_BOOT}]" ; eend 0
+
+ local GRUBCFG_TEMPLATE="${TEMPLATE_DIRECTORY}/secureboot/grub.cfg"
+ local GRUBCFG_TMP=$(mktemp)
+
+ if ! [ -r "${GRUBCFG_TEMPLATE}" ] ; then
+ log "Secure Boot template for GRUB [${GRUBCFG_TEMPLATE}] not found."
+ eerror "Secure Boot template for GRUB [${GRUBCFG_TEMPLATE}] not found." ; eend 1
+ bailout 54
+ fi
+
+ cp "${GRUBCFG_TEMPLATE}" "${GRUBCFG_TMP}"
+ adjust_boot_files "${GRUBCFG_TMP}"
+
+ mmd -i "${CHROOT_OUTPUT}/${EFI_IMG}" ::boot || bailout 55
+ mmd -i "${CHROOT_OUTPUT}/${EFI_IMG}" ::boot/grub || bailout 55
+ mcopy -i "${CHROOT_OUTPUT}/${EFI_IMG}" "${GRUBCFG_TMP}" ::boot/grub/grub.cfg || bailout 56
+
+ rm "${GRUBCFG_TMP}"
+
+ if [ -r "${TEMPLATE_DIRECTORY}/EFI/${SECURE_BOOT}/BOOT/grubx64.efi.signed" ] ; then
+ mcopy -i "${CHROOT_OUTPUT}/${EFI_IMG}" "${TEMPLATE_DIRECTORY}/EFI/${SECURE_BOOT}/BOOT/grubx64.efi.signed" ::EFI/BOOT/grubx64.efi >/dev/null || bailout 57
+ else
+ log "Secure Boot GRUB binary '${TEMPLATE_DIRECTORY}/EFI/${SECURE_BOOT}/BOOT/grubx64.efi.signed' not found."
+ eerror "Secure Boot GRUB binary '${TEMPLATE_DIRECTORY}/EFI/${SECURE_BOOT}/BOOT/grubx64.efi.signed' not found." ; eend 1
+ bailout 57
+ fi
+
+ if [ -r "${TEMPLATE_DIRECTORY}/EFI/${SECURE_BOOT}/BOOT/shimx64.efi.signed" ] ; then
+ mcopy -i "${CHROOT_OUTPUT}/${EFI_IMG}" "${TEMPLATE_DIRECTORY}/EFI/${SECURE_BOOT}/BOOT/shimx64.efi.signed" ::EFI/BOOT/bootx64.efi >/dev/null || bailout 58
+ else
+ log "Secure Boot GRUB binary '${TEMPLATE_DIRECTORY}/EFI/${SECURE_BOOT}/BOOT/shimx64.efi.signed' not found."
+ eerror "Secure Boot GRUB binary '${TEMPLATE_DIRECTORY}/EFI/${SECURE_BOOT}/BOOT/shimx64.efi.signed' not found." ; eend 1
+ bailout 57
+ fi
+
+ log "Generated 64-bit Secure Boot (${SECURE_BOOT}) EFI image ${CHROOT_OUTPUT}/${EFI_IMG}"
+ einfo "Generated 64-bit Secure Boot (${SECURE_BOOT}) EFI image ${CHROOT_OUTPUT}/${EFI_IMG}" ; eend 0
+ ;;
+ *)
+ log "Secure Boot method '${SECURE_BOOT}' is unsupported."
+ eerror "Secure Boot method '${SECURE_BOOT}' is unsupported." ; eend 1
+ bailout 59
+ ;;
+ esac
+ fi
+ fi
+
+ if [[ "$ARCH" == "i386" ]] ; then
+ BOOTX32="/boot/bootia32.efi"
+ if ! [ -r "${CHROOT_OUTPUT}/${BOOTX32}" ] ; then
+ log "Can not access GRUB efi image ${CHROOT_OUTPUT}/${BOOTX32}."
+ eerror "Can not access GRUB efi image ${CHROOT_OUTPUT}/${BOOTX32}." ; eend 1
+ log "Possible reason is failure to run ${GRML_FAI_CONFIG}/config/scripts/GRMLBASE/45-grub-images"
+ ewarn "Possible reason is failure to run ${GRML_FAI_CONFIG}/config/scripts/GRMLBASE/45-grub-images"
+ bailout 50
+ fi
+
+ dd if=/dev/zero of="${CHROOT_OUTPUT}/${EFI_IMG}" bs="${efi_size}" count=1 2>/dev/null || bailout 50
+ mkfs.vfat -n GRML "${CHROOT_OUTPUT}/${EFI_IMG}" >/dev/null || bailout 51
+ mmd -i "${CHROOT_OUTPUT}/${EFI_IMG}" ::EFI || bailout 52
+ mmd -i "${CHROOT_OUTPUT}/${EFI_IMG}" ::EFI/BOOT || bailout 52
+ mcopy -i "${CHROOT_OUTPUT}/${EFI_IMG}" "${CHROOT_OUTPUT}/${BOOTX32}" ::EFI/BOOT/bootia32.efi >/dev/null || bailout 53
+ log "Generated 32-bit EFI image $BOOTX32"
+ einfo "Generated 32-bit EFI image $BOOTX32" ; eend 0
+ fi
+}
+# }}}
+