# make sure we don't leave any mounts - FAI doesn't remove them always
umount $CHROOT_OUTPUT/proc/sys/fs/binfmt_misc 2>/dev/null || /bin/true
umount $CHROOT_OUTPUT/proc 2>/dev/null || /bin/true
+ umount $CHROOT_OUTPUT/run/udev 2>/dev/null || /bin/true
umount $CHROOT_OUTPUT/run 2>/dev/null || /bin/true
umount $CHROOT_OUTPUT/sys 2>/dev/null || /bin/true
umount $CHROOT_OUTPUT/dev/pts 2>/dev/null || /bin/true
}
# }}}
+# store logfiles {{{
+store_logfiles() {
+ # move fai logs into grml_logs directory
+ mkdir -p "$LOG_OUTPUT"/fai/
+ cp -r "$CHROOT_OUTPUT"/var/log/fai/"$HOSTNAME"/last/* "$LOG_OUTPUT"/fai/
+ rm -rf "$CHROOT_OUTPUT"/var/log/fai
+
+ # store copy of autogenerated configuration file
+ cp ${GRML_FAI_CONFIG}/nfsroot.conf "$LOG_OUTPUT"/fai/
+
+ # copy fai package list
+ cp "$CHROOT_OUTPUT"/var/log/install_packages.list "$LOG_OUTPUT"/fai/
+ # fixup owners
+ chown root:adm "$LOG_OUTPUT"/fai/*
+ chmod 664 "$LOG_OUTPUT"/fai/*
+}
+# }}}
+
# clean exit {{{
bailout() {
rm -f /var/run/fai/fai_softupdate_is_running \
[ -n "$HOSTNAME" ] || HOSTNAME='grml'
[ -n "$HYBRID_METHOD" ] || HYBRID_METHOD='isohybrid'
[ -n "$RELEASENAME" ] || RELEASENAME='grml-live rocks'
-[ -n "$SECURE_BOOT" ] || SECURE_BOOT='ubuntu'
+[ -n "$SECURE_BOOT" ] || SECURE_BOOT='disable'
[ -n "$SQUASHFS_EXCLUDES_FILE" ] || SQUASHFS_EXCLUDES_FILE="${GRML_FAI_CONFIG}/config/grml/squashfs-excludes"
[ -n "$SUITE" ] || SUITE='testing'
[ -n "$TEMPLATE_DIRECTORY" ] || TEMPLATE_DIRECTORY='/usr/share/grml-live/templates'
[ -n "$ARCH" ] && echo " Architecture: $ARCH"
[ -n "$BOOT_METHOD" ] && echo " Boot method: $BOOT_METHOD"
[ -n "$HYBRID_METHOD" ] && echo " Hybrid method: $HYBRID_METHOD"
+ [ -n "$SECURE_BOOT" ] && echo " Secure Boot: $SECURE_BOOT"
[ -n "$TEMPLATE_DIRECTORY" ] && echo " Template files: $TEMPLATE_DIRECTORY"
[ -n "$CHROOT_INSTALL" ] && echo " Install files from directory to chroot: $CHROOT_INSTALL"
[ -n "$BOOTID" ] && echo " Boot identifier: $BOOTID"
fi
fi
-start_seconds=$(cut -d . -f 1 /proc/uptime)
+SECONDS=unknown
+start_seconds="$(date +%s)"
log "------------------------------------------------------------------------------"
log "Starting grml-live [${GRML_LIVE_VERSION}] run on $(date)"
log "Using local config file: $LOCAL_CONFIG"
fi
if [ -z "$FAI_DEBOOTSTRAP_OPTS" ] ; then
- FAI_DEBOOTSTRAP_OPTS="--exclude=info,tasksel,tasksel-data --include=aptitude --arch $ARCH"
+ FAI_DEBOOTSTRAP_OPTS="--exclude=info,tasksel,tasksel-data --include=aptitude --arch $ARCH --no-merged-usr"
fi
# create backup of old (not yet automatically generated) config file
RC="$PIPESTATUS" # notice: bash-only
if [ "$RC" != 0 ] ; then
- log "Error: critical error while executing fai [exit code ${RC}]. Exiting."
- eerror "Error: critical error while executing fai [exit code ${RC}]. Exiting." ; eend 1
- bailout 1
+ store_logfiles # ensure to have logfiles available even if building failed
+ log "Error: critical error while executing fai [exit code ${RC}]. Exiting."
+ eerror "Error: critical error while executing fai [exit code ${RC}]. Exiting." ; eend 1
+ bailout 1
fi
# provide inform fai about the ISO we build, needs to be provided
FORCE_ISO_REBUILD=true
- # move fai logs into grml_logs directory
- mkdir -p "$LOG_OUTPUT"/fai/
- cp -r "$CHROOT_OUTPUT"/var/log/fai/"$HOSTNAME"/last/* "$LOG_OUTPUT"/fai/
- rm -rf "$CHROOT_OUTPUT"/var/log/fai
-
- # store copy of autogenerated configuration file
- cp ${GRML_FAI_CONFIG}/nfsroot.conf "$LOG_OUTPUT"/fai/
-
- # copy fai package list
- cp "$CHROOT_OUTPUT"/var/log/install_packages.list "$LOG_OUTPUT"/fai/
- # fixup owners
- chown root:adm "$LOG_OUTPUT"/fai/*
- chmod 664 "$LOG_OUTPUT"/fai/*
+ store_logfiles
umount_all
log "Generated 64-bit EFI image $BOOTX64"
einfo "Generated 64-bit EFI image $BOOTX64" ; eend 0
else
- log "Secure Boot is enabled [mode: $SECURE_BOOT]"
- einfo "Secure Boot is enabled [mode: $SECURE_BOOT]" ; eend 0
+ case "${SECURE_BOOT}" in
+ disable*)
+ log "Secure Boot is disabled [mode: ${SECURE_BOOT}]"
+ einfo "Secure Boot is disabled [mode: ${SECURE_BOOT}]" ; eend 0
+ ;;
+ debian|ubuntu)
+ log "Secure Boot is enabled [mode: ${SECURE_BOOT}]"
+ einfo "Secure Boot is enabled [mode: ${SECURE_BOOT}]" ; eend 0
+
+ local GRUBCFG_TEMPLATE="${TEMPLATE_DIRECTORY}/secureboot/grub.cfg"
+ local GRUBCFG_TMP=$(mktemp)
+
+ if ! [ -r "${GRUBCFG_TEMPLATE}" ] ; then
+ log "Secure Boot template for GRUB [${GRUBCFG_TEMPLATE}] not found."
+ eerror "Secure Boot template for GRUB [${GRUBCFG_TEMPLATE}] not found." ; eend 1
+ bailout 54
+ fi
- if [ "${SECURE_BOOT}" = "ubuntu" ] ; then
- local GRUBCFG_TEMPLATE="${TEMPLATE_DIRECTORY}/secureboot/grub.cfg"
- local GRUBCFG_TMP=$(mktemp)
+ cp "${GRUBCFG_TEMPLATE}" "${GRUBCFG_TMP}"
+ adjust_boot_files "${GRUBCFG_TMP}"
- if ! [ -r "${GRUBCFG_TEMPLATE}" ] ; then
- log "Secure Boot template for GRUB [${GRUBCFG_TEMPLATE}] not found."
- eerror "Secure Boot template for GRUB [${GRUBCFG_TEMPLATE}] not found." ; eend 1
- bailout 54
- fi
+ mmd -i "${CHROOT_OUTPUT}/${EFI_IMG}" ::boot || bailout 55
+ mmd -i "${CHROOT_OUTPUT}/${EFI_IMG}" ::boot/grub || bailout 55
+ mcopy -i "${CHROOT_OUTPUT}/${EFI_IMG}" "${GRUBCFG_TMP}" ::boot/grub/grub.cfg || bailout 56
- cp "${GRUBCFG_TEMPLATE}" "${GRUBCFG_TMP}"
- adjust_boot_files "${GRUBCFG_TMP}"
+ rm "${GRUBCFG_TMP}"
- mmd -i "${CHROOT_OUTPUT}/${EFI_IMG}" ::EFI/ubuntu || bailout 55
- mcopy -i "${CHROOT_OUTPUT}/${EFI_IMG}" "${GRUBCFG_TMP}" ::EFI/ubuntu/grub.cfg || bailout 56
- rm "${GRUBCFG_TMP}"
+ if [ -r "${TEMPLATE_DIRECTORY}/EFI/${SECURE_BOOT}/BOOT/grubx64.efi.signed" ] ; then
+ mcopy -i "${CHROOT_OUTPUT}/${EFI_IMG}" "${TEMPLATE_DIRECTORY}/EFI/${SECURE_BOOT}/BOOT/grubx64.efi.signed" ::EFI/BOOT/grubx64.efi >/dev/null || bailout 57
+ else
+ log "Secure Boot GRUB binary '${TEMPLATE_DIRECTORY}/EFI/${SECURE_BOOT}/BOOT/grubx64.efi.signed' not found."
+ eerror "Secure Boot GRUB binary '${TEMPLATE_DIRECTORY}/EFI/${SECURE_BOOT}/BOOT/grubx64.efi.signed' not found." ; eend 1
+ bailout 57
+ fi
- mcopy -i "${CHROOT_OUTPUT}/${EFI_IMG}" "${TEMPLATE_DIRECTORY}"/EFI/BOOT/grubx64.efi.signed ::EFI/BOOT/grubx64.efi >/dev/null || bailout 57
- mcopy -i "${CHROOT_OUTPUT}/${EFI_IMG}" "${TEMPLATE_DIRECTORY}"/EFI/BOOT/shimx64.efi.signed ::EFI/BOOT/bootx64.efi >/dev/null || bailout 58
+ if [ -r "${TEMPLATE_DIRECTORY}/EFI/${SECURE_BOOT}/BOOT/shimx64.efi.signed" ] ; then
+ mcopy -i "${CHROOT_OUTPUT}/${EFI_IMG}" "${TEMPLATE_DIRECTORY}/EFI/${SECURE_BOOT}/BOOT/shimx64.efi.signed" ::EFI/BOOT/bootx64.efi >/dev/null || bailout 58
+ else
+ log "Secure Boot GRUB binary '${TEMPLATE_DIRECTORY}/EFI/${SECURE_BOOT}/BOOT/shimx64.efi.signed' not found."
+ eerror "Secure Boot GRUB binary '${TEMPLATE_DIRECTORY}/EFI/${SECURE_BOOT}/BOOT/shimx64.efi.signed' not found." ; eend 1
+ bailout 57
+ fi
- log "Generated 64-bit Secure Boot (ubuntu) EFI image ${CHROOT_OUTPUT}/${EFI_IMG}"
- einfo "Generated 64-bit Secure Boot (ubuntu) EFI image ${CHROOT_OUTPUT}/${EFI_IMG}" ; eend 0
- fi
+ log "Generated 64-bit Secure Boot (${SECURE_BOOT}) EFI image ${CHROOT_OUTPUT}/${EFI_IMG}"
+ einfo "Generated 64-bit Secure Boot (${SECURE_BOOT}) EFI image ${CHROOT_OUTPUT}/${EFI_IMG}" ; eend 0
+ ;;
+ *)
+ log "Secure Boot method '${SECURE_BOOT}' is unsupported."
+ error "Secure Boot method '${SECURE_BOOT}' is unsupported." ; eend 1
+ bailout 59
+ ;;
+ esac
fi
fi
log "Skipping installation of boot addons as requested via \$NO_ADDONS."
einfo "Skipping installation of boot addons as requested via \$NO_ADDONS."; eend 0
else
- if ! [ -d "$TEMPLATE_DIRECTORY"/boot/addons ] ; then
+ if ! [ -r "$TEMPLATE_DIRECTORY"/boot/addons ] ; then
log "Boot addons not found, skipping therefore. (Consider installing package grml-live-addons)"
ewarn "Boot addons not found, skipping therefore. (Consider installing package grml-live-addons)" ; eend 0
else
+ log "Installing boot addons."
+ einfo "Installing boot addons."
+
# copy addons from system packages or grml-live-addons
copy_addon_file ipxe.lkrn /usr/lib/ipxe addons
+ copy_addon_file ipxe.efi /usr/lib/ipxe addons
copy_addon_file pci.ids /usr/share/misc addons
copy_addon_file memtest86+.bin /boot addons
copy_addon_file memdisk /usr/lib/syslinux addons
+ eend 0
+
# make memtest filename FAT16/8.3 compatible
mv "${BUILD_OUTPUT}/boot/addons/memtest86+.bin" \
"${BUILD_OUTPUT}/boot/addons/memtest"
# adjust all variables in the templates with the according distribution information
adjust_boot_files "${BUILD_OUTPUT}"/boot/isolinux/*.cfg \
"${BUILD_OUTPUT}"/boot/isolinux/*.msg \
- "${BUILD_OUTPUT}"/boot/grub/* \
- "${BUILD_OUTPUT}"/boot/ubuntu/*
+ "${BUILD_OUTPUT}"/boot/grub/*
for param in ARCH DATE DISTRI_INFO DISTRI_NAME DISTRI_SPLASH GRML_NAME SQUASHFS_NAME \
RELEASE_INFO SHORT_NAME VERSION ; do
eoutdent
fi
+ # don't include shim + grubnetx64 + grub files in i386 netboot packages,
+ # as those don't make much sense there
+ if [ "$ARCH" = amd64 ] ; then
+ if ! [ -r "${BUILD_OUTPUT}/boot/grub/netboot.cfg" ] ; then
+ log "File ${BUILD_OUTPUT}/boot/grub/netboot.cfg not found."
+ ewarn "File ${BUILD_OUTPUT}/boot/grub/netboot.cfg not found."
+ eindent
+ log "Hint: Are you using custom templates which do not provide grub.cfg?"
+ ewarn "Hint: Are you using custom templates which do not provide grub.cfg?" ; eend 0
+ eoutdent
+ else
+ cp "${BUILD_OUTPUT}/boot/grub/netboot.cfg" "${WORKING_DIR}/grub.cfg"
+ adjust_boot_files "${WORKING_DIR}/grub.cfg"
+
+ if [ -r "${CHROOT_OUTPUT}"/usr/lib/shim/shimx64.efi.signed ] ; then
+ log "Installing ${CHROOT_OUTPUT}/usr/lib/shim/shimx64.efi.signed as shim.efi in netboot package"
+ cp "${CHROOT_OUTPUT}"/usr/lib/shim/shimx64.efi.signed "${WORKING_DIR}"/shim.efi
+ elif [ -r "${CHROOT_OUTPUT}"/usr/lib/shim/shimx64.efi ] ; then
+ log "Installing ${CHROOT_OUTPUT}/usr/lib/shim/shimx64.efi as shim.efi in netboot package"
+ cp "${CHROOT_OUTPUT}"/usr/lib/shim/shimx64.efi "${WORKING_DIR}"/shim.efi
+ else
+ log "No shimx64.efi for usage with PXE boot found (shim-signed not present?)"
+ ewarn "No shimx64.efi for usage with PXE boot found (shim-signed not present?)" ; eend 0
+ fi
+
+ if [ -r "${CHROOT_OUTPUT}"/usr/lib/grub/x86_64-efi-signed/grubnetx64.efi.signed ] ; then
+ log "Installing ${CHROOT_OUTPUT}/usr/lib/grub/x86_64-efi-signed/grubnetx64.efi.signed as grubx64.efi in netboot package"
+ cp "${CHROOT_OUTPUT}"/usr/lib/grub/x86_64-efi-signed/grubnetx64.efi.signed "${WORKING_DIR}"/grubx64.efi
+ elif [ -r "${CHROOT_OUTPUT}"/usr/lib/grub/x86_64-efi/monolithic/grubnetx64.efi ] ; then
+ log "Installing ${CHROOT_OUTPUT}/usr/lib/grub/x86_64-efi/monolithic/grubnetx64.efi as grubx64.efi in netboot package"
+ cp "${CHROOT_OUTPUT}"/usr/lib/grub/x86_64-efi/monolithic/grubnetx64.efi "${WORKING_DIR}"/grubx64.efi
+ else
+ log "No grubnetx64.efi for usage with PXE boot found (grub-efi-amd64-signed not present?)"
+ ewarn "No grubnetx64.efi for usage with PXE boot found (grub-efi-amd64-signed not present?)." ; eend 0
+ fi
+
+ if [ -r "${CHROOT_OUTPUT}"/usr/share/grub/unicode.pf2 ] ; then
+ log "Installing ${CHROOT_OUTPUT}/usr/share/grub/unicode.pf2 as grub/fonts/unicode.pf2 in netboot package"
+ mkdir -p "${WORKING_DIR}"/grub/fonts/
+ cp "${CHROOT_OUTPUT}"/usr/share/grub/unicode.pf2 "${WORKING_DIR}"/grub/fonts/
+ else
+ log "No unicode.pf2 for usage with PXE boot found (grub-common not present?)"
+ ewarn "No unicode.pf2 for usage with PXE boot found (grub-common not present?)" ; eend 0
+ fi
+ fi
+ fi
+
if tar -C "$OUTPUTDIR" -jcf "${OUTPUT_FILE}" "grml_netboot_package_${GRML_NAME}_${VERSION}" ; then
(
cd $(dirname "${OUTPUT_FILE}")
# }}}
# finalize {{{
-[ -n "$start_seconds" ] && SECONDS="$[$(cut -d . -f 1 /proc/uptime)-$start_seconds]" || SECONDS="unknown"
+if [ -n "${start_seconds}" ] ; then
+ end_seconds="$(date +%s)"
+ SECONDS="$(( end_seconds - start_seconds ))"
+fi
log "Successfully finished execution of $PN [$(date) - running ${SECONDS} seconds]"
dpkg_to_db # make sure we catch the last log line as well, therefore execute between log + einfo