Merge remote-tracking branch 'origin/github/pr/148'

[grml-live.git] / grml-live

#!/bin/bash
# Filename:      grml-live
# Purpose:       build process script for generating a (grml based) Linux Live-ISO
# Authors:       grml-team (grml.org),
#                (c) Michael Prokop <mika@grml.org>,
#                (c) Thorsten Glaser <tg@mirbsd.org>
# Bug-Reports:   see http://grml.org/bugs/
# License:       This file is licensed under the GPL v2 or any later version.
################################################################################

# some misc and global stuff {{{
export LANG=C
export LC_ALL=C

# avoid leaking into chroots
unset TMPDIR

# define function getfilesize before "set -e"
if stat --help >/dev/null 2>&1; then
  getfilesize='stat -c %s'  # GNU stat
else
  getfilesize='stat -f %z'  # BSD stat
fi

# exit on any error:
# disable for now since it seems to cause some problems
# set -e

# The line following this line is patched by debian/rules.
GRML_LIVE_VERSION='***UNRELEASED***'

# global variables
PN="$(basename $0)"
CMDLINE="$0 $@"
ADDONS_LIST_FILE='/boot/isolinux/addons_list.cfg'
# }}}

# usage information {{{
usage()
{
  echo "
$PN - build process script for generating a (grml based) Linux Live-ISO

Usage: $PN [options, see as follows]

   -a <architecture>       architecture; available values: i386, amd64 + arm64
   -A                      clean build directories before and after running
   -b                      build the ISO without updating the chroot via FAI
   -B                      build the ISO without touching the chroot (skips cleanup)
   -c <classe[s]>          classes to be used for building the ISO via FAI
   -C <configfile>         configuration file for grml-live
   -d <date>               use specified date instead of build time as date of release
   -D <configdir>          use specified configuration directory instead of /etc/grml/fai
   -e <iso_name>           extract ISO and squashfs contents from iso_name
   -F                      force execution without prompting
   -g <grml_name>          set the grml flavour name
   -h                      display short usage information and exit
   -i <iso_name>           name of ISO
   -I <src_directory>      directory which provides files that should become
                           part of the chroot/ISO
   -n                      skip generation of ISO
   -N                      bootstrap (build chroot) only, do not create files for ISO
   -o <output_directory>   main output directory of the build process
   -q                      skip mksquashfs
   -Q                      skip netboot package build
   -r <release_name>       release name
   -s <suite>              Debian suite/release, like: stable, testing, unstable
   -S <script_directory>   place of scripts (defaults to /usr/share/grml-live/scripts)
   -t <template_directory> place of the templates
   -u                      update existing chroot instead of rebuilding it from scratch
   -U <username>           arrange output to be owned by specified username
   -v <version_number>     specify version number of the release
   -V                      increase verbosity in the build process
   -w <date>               wayback machine, build system using Debian archives
                           from specified date
   -z                      use ZLIB instead of LZMA/XZ compression

Usage examples:

    $PN
    $PN -c GRMLBASE,GRML_FULL,AMD64 -o /dev/shm/grml
    $PN -c GRMLBASE,GRML_FULL,AMD64 -i grml_0.0-1.iso -v 0.0-1
    $PN -c GRMLBASE,GRML_FULL,AMD64 -s stable -V -r 'grml-ftw'

More details: man grml-live + /usr/share/doc/grml-live/grml-live.html
              http://grml.org/grml-live/

Please send your bug reports and feedback to the grml-team: http://grml.org/bugs/
"
   [ "$(id -u 2>/dev/null)" != 0 ] && echo "Please notice that this script requires root permissions."
}

# make sure it's possible to get usage information without being
# root or actually executing the script
if [ "$1" = '-h' -o "$1" = '--help' ] ; then
   usage
   exit 0
fi
# }}}

# some runtime checks {{{
# we need root permissions for the build-process:
if [ "$(id -u 2>/dev/null)" != 0 ] ; then
   echo "Error: please run this script with uid 0 (root)." >&2
   exit 1
fi

if [ -r /var/run/fai/FAI_INSTALLATION_IN_PROGRESS ] ; then
   echo "/usr/sbin/fai already running or was aborted before.">&2
   echo "You may remove /var/run/fai/FAI_INSTALLATION_IN_PROGRESS and try again.">&2
   exit 1
fi

# see #449236
if [ -r /var/run/fai/fai_softupdate_is_running ] ; then
   echo "/usr/sbin/fai softupdate already running or was aborted before.">&2
   echo "You may remove /var/run/fai/fai_softupdate_is_running and try again.">&2
   exit 1
fi
# }}}

# lsb-functions and configuration stuff {{{
# make sure they are not set by default
VERBOSE=''
FORCE=''
UPDATE=''
BUILD_ONLY=''
BUILD_DIRTY=''
BOOTSTRAP_ONLY=''
HOSTNAME=''
USERNAME=''
CONFIGDUMP=''

# don't use colors/escape sequences
if [ -r /lib/lsb/init-functions ] ; then
  . /lib/lsb/init-functions
  ! log_use_fancy_output && NOCOLORS=true
fi

if [ -r /etc/grml/lsb-functions ] ; then
   . /etc/grml/lsb-functions
else
   einfo()  { echo "  [*] $*" ;}
   eerror() { echo "  [!] $*">&2 ;}
   ewarn()  { echo "  [x] $*" ;}
   eend()   { return 0 ;}
   eindent()  { return 0 ;}
   eoutdent() { return 0 ;}
fi

# source main configuration file:
[ -z "$LIVE_CONF" ] && LIVE_CONF='/etc/grml/grml-live.conf'
if ! [ -r "$LIVE_CONF" ] ; then
  ewarn "Configuration file $LIVE_CONF can not be read, ignoring"
else
  einfo "Sourcing configuration file $LIVE_CONF"
  . $LIVE_CONF
  eend $?
fi
# }}}

# umount all directories {{{
umount_all() {
   # make sure we don't leave any mounts - FAI doesn't remove them always
   umount $CHROOT_OUTPUT/proc/sys/fs/binfmt_misc 2>/dev/null || /bin/true
   umount $CHROOT_OUTPUT/proc 2>/dev/null || /bin/true
   umount $CHROOT_OUTPUT/run/udev 2>/dev/null || /bin/true
   umount $CHROOT_OUTPUT/run  2>/dev/null || /bin/true
   umount $CHROOT_OUTPUT/sys  2>/dev/null || /bin/true
   umount $CHROOT_OUTPUT/dev/pts 2>/dev/null || /bin/true
   umount $CHROOT_OUTPUT/dev 2>/dev/null || /bin/true

   if [ -n "$EXTRACT_ISO_NAME" ] ; then
     umount "$EXTRACT_ISO_NAME" 2>/dev/null || /bin/true
   fi

   # certain FAI versions sadly leave a ramdisk behind, so better safe than sorry
   if [ -x /usr/lib/fai/mkramdisk ] ; then
     /usr/lib/fai/mkramdisk -u "$(readlink -f ${CHROOT_OUTPUT}/var/lib/dpkg)" >/dev/null 2>&1 || /bin/true
   fi

   umount "${CHROOT_OUTPUT}/grml-live/sources/" 2>/dev/null || /bin/true
   [ -n "$MIRROR_DIRECTORY" ] && umount "${CHROOT_OUTPUT}/${MIRROR_DIRECTORY}"
}
# }}}

# store logfiles {{{
store_logfiles() {
  # move fai logs into grml_logs directory
  mkdir -p "$LOG_OUTPUT"/fai/
  cp -r "$CHROOT_OUTPUT"/var/log/fai/"$HOSTNAME"/last/* "$LOG_OUTPUT"/fai/
  rm -rf "$CHROOT_OUTPUT"/var/log/fai

  # store copy of autogenerated configuration file
  cp ${GRML_FAI_CONFIG}/nfsroot.conf "$LOG_OUTPUT"/fai/

  # copy fai package list
  cp "$CHROOT_OUTPUT"/var/log/install_packages.list "$LOG_OUTPUT"/fai/
  # fixup owners
  chown root:adm "$LOG_OUTPUT"/fai/*
  chmod 664 "$LOG_OUTPUT"/fai/*
}
# }}}

# clean exit {{{
bailout() {
  rm -f /var/run/fai/fai_softupdate_is_running \
        /var/run/fai/FAI_INSTALLATION_IN_PROGRESS
  [ -n "$CONFIGDUMP"      ]  && rm -f  "$CONFIGDUMP"
  [ -n "$SQUASHFS_STDERR" ]  && rm -rf "$SQUASHFS_STDERR"
  umount_all
  [ -n "$1" ] && EXIT="$1" || EXIT="1"
  [ -n "$2" ] && eerror "$2">&2
  if [ -n "$CLEAN_ARTIFACTS" ]; then
    log "Cleaning up"
    einfo "Cleaning up"
    [ -n "${BUILD_OUTPUT}"  -a -d "${BUILD_OUTPUT}"  ] && rm -r "${BUILD_OUTPUT}"
    [ -n "${CHROOT_OUTPUT}" -a -d "${CHROOT_OUTPUT}" ] && rm -r "${CHROOT_OUTPUT}"
    eend 0
  fi

  # get rid of automatically generated conffiles
  rm -f ${GRML_FAI_CONFIG}/nfsroot.conf

  if [ -n "$CHOWN_USER" ]; then
    log "Setting ownership"
    einfo "Setting ownership"
    [ -n "${OUTPUT}"         -a -d "${OUTPUT}"         ] && chown -R "${CHOWN_USER}:" "${OUTPUT}"
    [ -n "${BUILD_OUTPUT}"   -a -d "${BUILD_OUTPUT}"   ] && chown -R "${CHOWN_USER}:" "${BUILD_OUTPUT}"
    [ -n "${CHROOT_OUTPUT}"  -a -d "${CHROOT_OUTPUT}"  ] && chown -R "${CHOWN_USER}:" "${CHROOT_OUTPUT}"
    [ -n "${ISO_OUTPUT}"     -a -d "${ISO_OUTPUT}"     ] && chown -R "${CHOWN_USER}:" "${ISO_OUTPUT}"
    [ -n "${LOG_OUTPUT}"     -a -d "${LOG_OUTPUT}"     ] && chown -R "${CHOWN_USER}:" "${LOG_OUTPUT}"
    [ -n "${NETBOOT}"        -a -d "${NETBOOT}"        ] && chown -R "${CHOWN_USER}:" "${NETBOOT}"
    eend 0
  fi
  log "------------------------------------------------------------------------------"
  exit "$EXIT"
}
trap bailout 1 2 3 3 6 9 14 15
trap umount_all EXIT
# }}}

# some important functions {{{

# log output:
# usage: log "string to log"
log() { [ -n "$LOGFILE" ] && echo "$*" >> $LOGFILE ; }

# cut string at character number int = $1
# usage: cut_string 5 "1234567890" will output "12345"
cut_string() {
  [ -n "$2" ] || return 1
  echo "$2" | head -c "$1"; echo -ne "\n"
}

# prepend int = $1 spaces before string = $2
# usage: extend_string_begin 5 "123" will output "  123"
extend_string_begin() {
  [ -n "$2" ] || return 1
  local COUNT="$(echo $2 | wc -c)"
  local FILL="$(expr $COUNT - $1)"
  while [ "$FILL" -gt 1 ] ; do
    echo -n " "
    local FILL=$(expr $FILL - 1)
  done
  while [ "$FILL" -lt 1 ] ; do
    echo -n " "
    local FILL=$(expr $FILL + 1)
  done
  echo "$2" | head -c "$1"; echo -ne "\n"
}

# append int = $1 spaces to string = $2
# usage: extend_string_begin 5 "123" will output "123  "
extend_string_end() {
  [ -n "$2" ] || return 1
  echo -n "$2" | head -c "$1"
  local COUNT="$(echo $2 | wc -c)"
  local FILL="$(expr $COUNT - $1)"
  while [ "$FILL" -gt 1 ] ; do
    echo -n " "
    local FILL=$(expr $FILL - 1)
  done
  while [ "$FILL" -lt 1 ] ; do
    echo -n " "
    local FILL=$(expr $FILL + 1)
  done
  echo -ne "\n"
}

# Copy addonfile $1 from either
#   * the chroot (via $2, the system path),
#   * or from TEMPLATE_DIRECTORY/compat (if exists),
#   * or from the host system (again, using $2),
# or warn about the missing file.
#
# This is because:
#   * We assume that the chroot always has a "good" version of
#     the file. Also it makes sources handling easier.
#   * On unstable, we recommend the Debian packages containing
#     these files. The user can override them by putting his
#     "better" version into the chroot.
#   * With older releases the Debian packages are probably
#     not available, so we look in TEMPLATE_DIRECTORY/compat,
#     where a (custom) package might install current file versions.
copy_addon_file() {
  DEST="${BUILD_OUTPUT}/boot/$3"
  if [ ! -d "${DEST}/" ]; then
    mkdir -p "${DEST}"
  fi
  if [ -e "$CHROOT_OUTPUT/$2/$1" ]; then
    log   "Copying $1 from chroot"
    cp "$CHROOT_OUTPUT/$2/$1" "${DEST}/"
    return $?
  fi
  if [ -e "${TEMPLATE_DIRECTORY}/compat/$3/$1" ]; then
    log   "Copying $1 from ${TEMPLATE_DIRECTORY}/compat"
    cp "${TEMPLATE_DIRECTORY}/compat/$3/$1" "${DEST}/"
    return $?
  fi
  if [ -e "$2/$1" ]; then
    log   "Copying $1 from system"
    cp "$2/$1" "${DEST}/"
    return $?
  fi

  msg="Missing addon file: \"$1\""
  ewarn "$msg" ; eend 1
  log "copy_addon_file: $msg"
  return 1
}

# replace placeholders in template files with actual information
adjust_boot_files() {
  if [ -z "$1" ] ; then
    echo "Usage: adjust_boot_files <template_file>" >&2
    exit 1
  fi

  local release_info
  if [ -n "${RELEASE_INFO:-}" ] ; then
    release_info="${RELEASE_INFO}"
  else
    ewarn "Variable RELEASE_INFO is unset, applying fallback for usage in adjust_boot_files." ; eend 1
    release_info="$GRML_NAME $VERSION - Release Codename $RELEASENAME"
  fi

  # ensure this has a specific length
  local fixed_release_info
  fixed_release_info="$(cut_string 68 "$release_info")"
  fixed_release_info="$(extend_string_end 68 "$fixed_release_info")"

  for file in "$@" ; do
    if [ -r "${file}" ] && [ -f "${file}" ] ; then
      sed -i "s/%ARCH%/$ARCH/g"                    "${file}"
      sed -i "s/%DATE%/$DATE/g"                    "${file}"
      sed -i "s/%DISTRI_INFO%/$DISTRI_INFO/g"      "${file}"
      sed -i "s/%DISTRI_NAME%/$DISTRI_NAME/g"      "${file}"
      sed -i "s/%DISTRI_SPLASH%/$DISTRI_SPLASH/g"  "${file}"
      sed -i "s/%GRML_NAME%/$GRML_NAME/g"          "${file}"
      sed -i "s/%SQUASHFS_NAME%/$SQUASHFS_NAME/g"  "${file}"
      sed -i "s/%RELEASE_INFO%/$fixed_release_info/g" "${file}"
      sed -i "s/%SHORT_NAME%/$SHORT_NAME/g"        "${file}"
      sed -i "s/%VERSION%/$VERSION/g"              "${file}"
      if [ -n "${BOOT_FILE}" ] ; then
        sed -i "s;%BOOT_FILE%;$BOOT_FILE;g"        "${file}"
      fi

      [ -n "$DEFAULT_BOOTOPTIONS" ] && sed -i "s; boot=live; boot=live $DEFAULT_BOOTOPTIONS;"  "${file}"

      if [ -n "$NO_BOOTID" ] ; then
        sed -i "s/ bootid=%BOOTID%//g" "${file}" # drop bootid bootoption
      else
        sed -i "s/%BOOTID%/$BOOTID/g" "${file}" # adjust bootid=... argument
      fi
    fi
  done
}
# }}}

# command line parsing {{{
while getopts "a:C:c:d:D:e:g:i:I:o:r:s:S:t:U:v:w:AbBFhnNqQuVz" opt; do
  case "$opt" in
    a) ARCH="$OPTARG" ;;
    A) CLEAN_ARTIFACTS=1 ;;
    b) BUILD_ONLY=1 ;;
    B) BUILD_DIRTY=1 ;;
    c) CLASSES="$OPTARG" ;;
    C) LOCAL_CONFIG="$(readlink -f $OPTARG)" ;;
    d) DATE="$OPTARG" ;;
    D) GRML_FAI_CONFIG="$(readlink -f $OPTARG)" ;;
    e) EXTRACT_ISO_NAME="$(readlink -f $OPTARG)" ;;
    g) GRML_NAME="$OPTARG" ;;
    h) usage ; bailout 0 ;;
    i) ISO_NAME="$OPTARG" ;;
    I) CHROOT_INSTALL="$OPTARG" ;;
    n) SKIP_MKISOFS=1 ;;
    N) BOOTSTRAP_ONLY=1; SKIP_MKISOFS=1; SKIP_MKSQUASHFS=1 ;;
    o) OUTPUT="$(readlink -f $OPTARG)" ;;
    q) SKIP_MKSQUASHFS=1 ;;
    Q) SKIP_NETBOOT=1 ;;
    r) RELEASENAME="$OPTARG" ;;
    s) SUITE="$OPTARG" ;;
    S) SCRIPTS_DIRECTORY="$OPTARG";;
    t) TEMPLATE_DIRECTORY="$OPTARG";;
    v) VERSION="$OPTARG" ;;
    F) FORCE=1 ;;
    u) UPDATE=1 ;;
    U) CHOWN_USER="$OPTARG" ;;
    V) VERBOSE="-v" ;;
    w) export WAYBACK_DATE="$OPTARG" ;;
    z) SQUASHFS_ZLIB=1 ;;
    ?) echo "invalid option -$OPTARG" >&2; usage; bailout 1 ;;
  esac
done
shift $(($OPTIND - 1))  # set ARGV to the first not parsed commandline parameter

if [ -n "$1" ] ; then
  echo "Error: unknown argument '$1' in options. Exiting to avoid possible data loss." >&2
  bailout 1
fi
# }}}

# read local (non-packaged) configuration {{{
if [ -z "$LOCAL_CONFIG" ]; then
  if [ -r "/etc/grml/grml-live.local" ]; then
    LOCAL_CONFIG="/etc/grml/grml-live.local"
  fi
fi
if [ -n "$LOCAL_CONFIG" ]; then
  if [ -r "$LOCAL_CONFIG" ]; then
    . $LOCAL_CONFIG
  else
    eerror "Could not read specified local configuration file \"$LOCAL_CONFIG\"."
    bailout 1
  fi
  LOCAL_CONFIG=$(readlink -f "$LOCAL_CONFIG")
else
  LOCAL_CONFIG=''
fi

if [ -n "${GRML_LIVE_SOURCES:-}" ] ; then
  eerror "Config variable \$GRML_LIVE_SOURCES is set. This variable has been deprecated."
  ewarn  "Please set up \${GRML_FAI_CONFIG}/config/files/etc/apt/sources.list.d/* instead."
  bailout 1
fi
# }}}

# assume sane defaults (if not set already) {{{
[ -n "$ARCH" ]                    || ARCH="$(dpkg --print-architecture)"
[ -n "$BOOT_METHOD" ]             || BOOT_METHOD='isolinux'
[ -n "$CLASSES" ]                 || CLASSES="GRMLBASE,GRML_FULL,$(echo ${ARCH} | tr 'a-z' 'A-Z')"
[ -n "$DATE" ]                    || DATE="$(date +%Y-%m-%d)"
[ -n "$DISTRI_INFO" ]             || DISTRI_INFO='Grml - Live Linux for system administrators'
[ -n "$DISTRI_NAME" ]             || DISTRI_NAME="grml"
[ -n "$DISTRI_SPLASH" ]           || DISTRI_SPLASH='grml.png'
[ -n "$FORCE_ISO_REBUILD" ]       || FORCE_ISO_REBUILD="false"
[ -n "$GRML_FAI_CONFIG" ]         || GRML_FAI_CONFIG='/etc/grml/fai'
[ -n "$GRML_NAME" ]               || GRML_NAME='grml'
[ -n "$HOSTNAME" ]                || HOSTNAME='grml'
[ -n "$HYBRID_METHOD" ]           || HYBRID_METHOD='isohybrid'
[ -n "$RELEASENAME" ]             || RELEASENAME='grml-live rocks'
[ -n "$SECURE_BOOT" ]             || SECURE_BOOT='disable'
[ -n "$SQUASHFS_BINARY" ]         || SQUASHFS_BINARY='mksquashfs'
[ -n "$SQUASHFS_EXCLUDES_FILE" ]  || SQUASHFS_EXCLUDES_FILE="${GRML_FAI_CONFIG}/config/grml/squashfs-excludes"
[ -n "$SUITE" ]                   || SUITE='testing'
[ -n "$TEMPLATE_DIRECTORY" ]      || TEMPLATE_DIRECTORY='/usr/share/grml-live/templates'
[ -n "$SCRIPTS_DIRECTORY" ]       || SCRIPTS_DIRECTORY='/usr/share/grml-live/scripts'
[ -n "$USERNAME" ]                || USERNAME='grml'
[ -n "$VERSION" ]                 || VERSION='0.0.1'

# output specific stuff, depends on $OUTPUT (iff not set):
[ -n "$OUTPUT" ]           || OUTPUT="$PWD/grml/"
[ -n "$BUILD_OUTPUT" ]     || BUILD_OUTPUT="$OUTPUT/grml_cd"
[ -n "$CHROOT_OUTPUT" ]    || CHROOT_OUTPUT="$OUTPUT/grml_chroot"
[ -n "$ISO_OUTPUT" ]       || ISO_OUTPUT="$OUTPUT/grml_isos"
[ -n "$LOG_OUTPUT" ]       || LOG_OUTPUT="$OUTPUT/grml_logs"
[ -n "$REPORTS" ]          || REPORTS="${LOG_OUTPUT}/reports/"
[ -n "$NETBOOT" ]          || NETBOOT="${OUTPUT}/netboot/"
# }}}

# some misc checks before executing FAI {{{
[ -n "$CLASSES" ] || bailout 1 "Error: \$CLASSES unset, please set it in $LIVE_CONF or
specify it on the command line using the -c option."
[ -n "$OUTPUT" ] || bailout 1 "Error: \$OUTPUT unset, please set it in $LIVE_CONF or
specify it on the command line using the -o option."

if [[ "$(dpkg --print-architecture)" != "arm64" ]] && [[ "$ARCH" == "arm64" ]] ; then
  eerror "Failure: trying to build for arm64, but not running on arm64."
  eend 1
  bailout
fi

# trim characters that are known to cause problems inside $GRML_NAME;
# for example isolinux does not like '-' inside the directory name
[ -n "$GRML_NAME" ] && export SHORT_NAME="$(echo $GRML_NAME | tr -d ',./;\- ')"

# export variables to have them available in fai scripts:
[ -n "$GRML_NAME" ]   && export GRML_NAME="$GRML_NAME"
[ -n "$RELEASENAME" ] && export RELEASENAME="$RELEASENAME"
# }}}


# ZERO_LOGFILE - check for backwards compatibility reasons {{{
# this was default behaviour until grml-live 0.9.34:
if [ -n "$ZERO_LOGFILE" ] ; then
   PRESERVE_LOGFILE='' # make sure it's cleaned then
   ewarn "Please consider disabling the \$ZERO_LOGFILE option as grml-live clears..."
   ewarn "... the logfile $LOGFILE by default (unless \$PRESERVE_LOGFILE is set) nowadays."
   eend 0
fi
# }}}

# ask user whether the setup is ok {{{
if [ -z "$FORCE" ] ; then
   echo
   echo "${PN} [${GRML_LIVE_VERSION}]: check your configuration (or use -F to force execution):"
   echo
   echo "  FAI classes:       $CLASSES"
   [ -n "$LOCAL_CONFIG" ]        && echo "  Configuration:     $LOCAL_CONFIG"
   [ -n "$GRML_FAI_CONFIG" ]     && echo "  Config directory:  $GRML_FAI_CONFIG"
   echo "  main directory:    $OUTPUT"
   [ -n "$EXTRACT_ISO_NAME" ]    && echo "  Extract ISO:       $EXTRACT_ISO_NAME"
   [ -n "$CHROOT_OUTPUT" ]       && echo "  Chroot target:     $CHROOT_OUTPUT"
   [ -n "$BUILD_OUTPUT" ]        && echo "  Build target:      $BUILD_OUTPUT"
   [ -n "$ISO_OUTPUT" ]          && echo "  ISO target:        $ISO_OUTPUT"
   [ -n "$GRML_NAME" ]           && echo "  Grml name:         $GRML_NAME"
   [ -n "$RELEASENAME" ]         && echo "  Release name:      $RELEASENAME"
   [ -n "$DATE" ]                && echo "  Build date:        $DATE"
   [ -n "$VERSION" ]             && echo "  Grml version:      $VERSION"
   [ -n "$SUITE" ]               && echo "  Debian suite:      $SUITE"
   [ -n "$ARCH" ]                && echo "  Architecture:      $ARCH"
   [ -n "$BOOT_METHOD" ]         && echo "  Boot method:       $BOOT_METHOD"
   [ -n "$HYBRID_METHOD" ]       && echo "  Hybrid method:     $HYBRID_METHOD"
   [ -n "$SECURE_BOOT" ]         && echo "  Secure Boot:       $SECURE_BOOT"
   [ -n "$TEMPLATE_DIRECTORY" ]  && echo "  Template files:    $TEMPLATE_DIRECTORY"
   [ -n "$CHROOT_INSTALL" ]      && echo "  Install files from directory to chroot:  $CHROOT_INSTALL"
   [ -n "$BOOTID" ]              && echo "  Boot identifier:   $BOOTID"
   [ -n "$NO_BOOTID" ]           && echo "  Skipping bootid feature."
   [ -n "$CHOWN_USER" ]          && echo "  Output owner:      $CHOWN_USER"
   [ -n "$DEFAULT_BOOTOPTIONS" ] && echo "  Adding default bootoptions: \"$DEFAULT_BOOTOPTIONS\""
   [ -n "$FAI_ARGS" ]            && echo "  Additional arguments for FAI: $FAI_ARGS"
   [ -n "$LOGFILE" ]             && echo "  Logging to file:   $LOGFILE"
   [ -n "$SQUASHFS_ZLIB" ]       && echo "  Using ZLIB (instead of LZMA/XZ) compression."
   [ -n "$SQUASHFS_OPTIONS" ]    && echo "  Using SQUASHFS_OPTIONS ${SQUASHFS_OPTIONS}"
   [ -n "$VERBOSE" ]             && echo "  Using VERBOSE mode."
   [ -n "$CLEAN_ARTIFACTS" ]     && echo "  Will clean output before and after running."
   [ -n "$UPDATE" ]              && echo "  Executing UPDATE instead of fresh installation."
   if [ -n "$BOOTSTRAP_ONLY" ] ; then
     echo "  Bootstrapping only and not building (files for) ISO."
   else
     [ -n "$SKIP_MKSQUASHFS" ]     && echo "  Skipping creation of SQUASHFS file."
     [ -n "$SKIP_NETBOOT" ]        && echo "  Skipping creation of NETBOOT package."
     [ -n "$SKIP_MKISOFS" ]        && echo "  Skipping creation of ISO file."
     [ -n "$BUILD_ONLY" ]          && echo "  Executing BUILD_ONLY instead of fresh installation or UPDATE."
     [ -n "$BUILD_DIRTY" ]         && echo "  Executing BUILD_DIRTY to leave chroot untouched."
   fi
   echo
   echo -n "Is this ok for you? [y/N] "
   read a
   if ! [ "$a" = 'y' -o "$a" = 'Y' ] ; then
      CLEAN_ARTIFACTS=0
      echo "Exiting as requested."
      exit 0
   fi
   echo
fi
# }}}

# clean up before start {{{
if [ -n "${CLEAN_ARTIFACTS}" ]; then
  echo "Wiping old artifacts"
  [ -n "${CHROOT_OUTPUT}"  -a -d "${CHROOT_OUTPUT}"  ] && rm -r "${CHROOT_OUTPUT}"
  [ -n "${BUILD_OUTPUT}"   -a -d "${BUILD_OUTPUT}"   ] && rm -r "${BUILD_OUTPUT}"
  [ -n "${ISO_OUTPUT}"     -a -d "${ISO_OUTPUT}"     ] && rm -r "${ISO_OUTPUT}"
  [ -n "${LOG_OUTPUT}"     -a -d "${LOG_OUTPUT}"     ] && rm -r "${LOG_OUTPUT}"
  [ -n "${NETBOOT}"        -a -d "${NETBOOT}"        ] && rm -r "${NETBOOT}"
fi
# }}}

# create log file {{{
[ -n "$LOGFILE" ] || LOGFILE=${LOG_OUTPUT}/grml-live.log
mkdir -p $(dirname "${LOGFILE}")
touch $LOGFILE
chown root:adm $LOGFILE
chmod 664 $LOGFILE
# }}}

# clean/zero/remove logfiles {{{

if [ -n "$PRESERVE_LOGFILE" ] ; then
   echo "Preserving logfile $LOGFILE as requested via \$PRESERVE_LOGFILE"
else
   # make sure it is empty (as it is e.g. appended to grml-live-db)
   echo -n > $LOGFILE
fi

if [ -n "$ZERO_FAI_LOGFILE" ] ; then
   if [ -d /var/log/fai/"$HOSTNAME" ] ; then
      rm -rf /var/log/fai/"$HOSTNAME"/"$(readlink /var/log/fai/"$HOSTNAME"/last)"
      rm -rf /var/log/fai/"$HOSTNAME"/"$(readlink /var/log/fai/"$HOSTNAME"/last-dirinstall)"
      rm -rf /var/log/fai/"$HOSTNAME"/"$(readlink /var/log/fai/"$HOSTNAME"/last-softupdate)"
      rm -f /var/log/fai/"$HOSTNAME"/last \
            /var/log/fai/"$HOSTNAME"/last-dirinstall \
            /var/log/fai/"$HOSTNAME"/last-softupdate
   fi
fi
# }}}

# source config and startup {{{
if [ -n "$CONFIG" ] ; then
   if ! [ -f "$CONFIG" ] ; then
      log    "Error: $CONFIG could not be read. Exiting. [$(date)]"
      eerror "Error: $CONFIG could not be read. Exiting." ; eend 1
      bailout 1
   else
      log "Sourcing $CONFIG"
      . $CONFIG
   fi
fi

SECONDS=unknown
start_seconds="$(date +%s)"
log "------------------------------------------------------------------------------"
log "Starting grml-live [${GRML_LIVE_VERSION}] run on $(date)"
log "Using local config file: $LOCAL_CONFIG"
log "Executed grml-live command line:"
log "$CMDLINE"

einfo "Logging actions to logfile $LOGFILE"
# }}}

# dump config variables into file, for script access {{{
CONFIGDUMP=$(mktemp)
set | grep -E \
  '^(GRML_NAME|RELEASENAME|DATE|VERSION|SUITE|ARCH|DISTRI_NAME|USERNAME|HOSTNAME|APT_PROXY)=' \
  > ${CONFIGDUMP}
# }}}

# unpack iso/squashfs {{{
extract_iso() {
if [ -n "$EXTRACT_ISO_NAME" ]; then
  log "Unpacking ISO from ${EXTRACT_ISO_NAME}"
  einfo "Unpacking ISO from ${EXTRACT_ISO_NAME}"
  local mountpoint=$(mktemp -d)
  local rc=0
  mount -o loop "${EXTRACT_ISO_NAME}" "$mountpoint" ; rc=$?
  if [ "$rc" != 0 ]; then
    rmdir "$mountpoint"
    log "mount failed"
    eerror "mount failed"
    eend 1
    bailout 1
  fi

  if ls "${mountpoint}"/live/*/*.squashfs 2>/dev/null | grep -q . ; then # ISOs >=2011.12
    log "Using ${mountpoint}/live/*/*.squashfs for unsquashfs"
    unsquashfs -d "${CHROOT_OUTPUT}" "${mountpoint}"/live/*/*.squashfs ; rc=$?
  elif ls "${mountpoint}"/live/*.squashfs 2>/dev/null | grep -q . ; then # ISOs before 2011.12
    log "Using ${mountpoint}/live/*.squashfs for unsquashfs"
    unsquashfs -d "${CHROOT_OUTPUT}" "${mountpoint}"/live/*.squashfs ; rc=$?
  else
    log "Error: Could not find any *.squashfs files on the ISO"
    eerror "Error: Could not find any *.squashfs files on the ISO"
    eend 1
    bailout 1
  fi

  umount "$mountpoint"
  rmdir "$mountpoint"
  if [ "$rc" != 0 ]; then
    log "unsquashfs failed"
    eerror "unsquashfs failed"
    eend 1
    bailout 1
  fi
fi
}
extract_iso
# }}}

# on-the-fly configuration {{{

# does this suck? YES!
# /usr/share/debootstrap/scripts/unstable does not exist, instead use 'sid':
case $SUITE in
   unstable) SUITE='sid' ; CLASSES="DEBIAN_UNSTABLE,$CLASSES" ;;
   *) CLASSES="DEBIAN_$(echo $SUITE | tr 'a-z' 'A-Z'),$CLASSES";;
esac
export SUITE # make sure it's available in FAI scripts

# validate whether the specified architecture class matches the
# architecture (option), otherwise installation of kernel will fail
if echo $CLASSES | grep -qw I386 ; then
   if ! [[ "$ARCH" == "i386" ]] ; then
      log    "Error: You specified the I386 class but are trying to build something else (AMD64/ARM64?)."
      eerror "Error: You specified the I386 class but are trying to build something else (AMD64/ARM64?)."
      eerror "Tip:   Either invoke grml-live with '-a i386' or adjust the architecture class. Exiting."
      eend 1
      bailout
   fi
elif echo $CLASSES | grep -qi amd64 ; then
   if ! [[ "$ARCH" == "amd64" ]] ; then
      log    "Error: You specified the AMD64 class but are trying to build something else (I386/ARM64?)."
      eerror "Error: You specified the AMD64 class but are trying to build something else (I386/ARM64?)."
      eerror "Tip:   Either invoke grml-live with '-a amd64' or adjust the architecture class. Exiting."
      eend 1
      bailout
   fi
elif echo $CLASSES | grep -qi arm64 ; then
   if ! [[ "$ARCH" == "arm64" ]] ; then
      log    "Error: You specified the ARM64 class but are trying to build something else (I386/AMD64?)."
      eerror "Error: You specified the ARM64 class but are trying to build something else (I386/AMD64?)."
      eerror "Tip:   Either invoke grml-live with '-a arm64' or adjust the architecture class. Exiting."
      eend 1
      bailout
   fi
fi

# generate nfsroot configuration for FAI on the fly
if [ -z "$FAI_DEBOOTSTRAP" ] ; then
  if [ -n "$WAYBACK_DATE" ] ; then
    FAI_DEBOOTSTRAP="$SUITE http://snapshot.debian.org/archive/debian/$WAYBACK_DATE/"
  else
    FAI_DEBOOTSTRAP="$SUITE http://ftp.debian.org/debian"
  fi
fi

if [ -z "$FAI_DEBOOTSTRAP_OPTS" ] ; then
  FAI_DEBOOTSTRAP_OPTS="--exclude=info,tasksel,tasksel-data,isc-dhcp-client,isc-dhcp-common --include=aptitude --arch $ARCH"
fi

echo "# This is an automatically generated file by grml-live.
# Do NOT edit this file, your changes will be lost.
FAI_DEBOOTSTRAP=\"$FAI_DEBOOTSTRAP\"
FAI_DEBOOTSTRAP_OPTS=\"$FAI_DEBOOTSTRAP_OPTS\"
# EOF " > "${GRML_FAI_CONFIG}/nfsroot.conf"
# }}}

# CHROOT_OUTPUT - execute FAI {{{
if [ -n "$BUILD_DIRTY" ]; then
   log   "Skipping stage 'fai' as requested via option -B"
   ewarn "Skipping stage 'fai' as requested via option -B" ; eend 0
else
   [ -n "$CHROOT_OUTPUT" ] || CHROOT_OUTPUT="$OUTPUT/grml_chroot"

   if [ -n "$UPDATE" -o -n "$BUILD_ONLY" ] ; then
      FAI_ACTION=softupdate
   else
      FAI_ACTION=dirinstall
   fi

   if [ -n "$UPDATE" -o -n "$BUILD_ONLY" ] ; then
      if ! [ -r "$CHROOT_OUTPUT/etc/debian_version" ] ; then
         log    "Error: does not look like you have a working chroot. Updating/building not possible."
         eerror "Error: does not look like you have a working chroot. Updating/building not possible. (Drop -u/-b option?)"
         eend 1
         bailout 20
      fi
   fi

   if [ -d "$CHROOT_OUTPUT/bin" -a -z "$UPDATE" -a -z "$BUILD_ONLY" ] ; then
      log   "Skipping stage 'fai dirinstall' as $CHROOT_OUTPUT exists already."
      ewarn "Skipping stage 'fai dirinstall' as $CHROOT_OUTPUT exists already." ; eend 0
   else
      mkdir -p "$CHROOT_OUTPUT" || bailout 5 "Problem with creating $CHROOT_OUTPUT for FAI"

      if [ -n "${MIRROR_DIRECTORY}" ] ; then
         mkdir -p "${CHROOT_OUTPUT}/${MIRROR_DIRECTORY}"
         mount --bind "${MIRROR_DIRECTORY}" "${CHROOT_OUTPUT}/${MIRROR_DIRECTORY}"
      fi

      mkdir -p "${OUTPUT}/grml_sources/" "${CHROOT_OUTPUT}/grml-live/sources/"
      mount --bind "${OUTPUT}/grml_sources/" "${CHROOT_OUTPUT}/grml-live/sources/"

      log "Executed FAI command line:"
      log "BUILD_ONLY=$BUILD_ONLY BOOTSTRAP_ONLY=$BOOTSTRAP_ONLY GRML_LIVE_CONFIG=$CONFIGDUMP WAYBACK_DATE=$WAYBACK_DATE fai $VERBOSE -C $GRML_FAI_CONFIG -s file:///$GRML_FAI_CONFIG/config -c$CLASSES -u $HOSTNAME $FAI_ACTION $CHROOT_OUTPUT $FAI_ARGS"
      BUILD_ONLY="$BUILD_ONLY" BOOTSTRAP_ONLY="$BOOTSTRAP_ONLY" GRML_LIVE_CONFIG="$CONFIGDUMP" fai $VERBOSE \
                  -C "$GRML_FAI_CONFIG" -s "file:///$GRML_FAI_CONFIG/config" -c"$CLASSES" \
                  -u "$HOSTNAME" "$FAI_ACTION" "$CHROOT_OUTPUT" $FAI_ARGS | tee -a $LOGFILE
      RC="$PIPESTATUS" # notice: bash-only

      if [ "$RC" != 0 ] ; then
        store_logfiles  # ensure to have logfiles available even if building failed
        log    "Error: critical error while executing fai [exit code ${RC}]. Exiting."
        eerror "Error: critical error while executing fai [exit code ${RC}]. Exiting." ; eend 1
        bailout 1
      fi

      # provide inform fai about the ISO we build, needs to be provided
      # *after* FAI stage, otherwise FAI skips the debootstrap stage if
      # there is not BASEFILE (as it checks for presence of /etc) :(
      echo '# This file has been generated by grml-live.' > "$CHROOT_OUTPUT/etc/grml_live_version"
      [ -n "$GRML_LIVE_VERSION" ] && echo "GRML_LIVE_VERSION=$GRML_LIVE_VERSION" >> "$CHROOT_OUTPUT/etc/grml_live_version"
      [ -n "$SUITE" ] && echo "SUITE=$SUITE" >> "$CHROOT_OUTPUT/etc/grml_live_version"

      FORCE_ISO_REBUILD=true

      store_logfiles

      umount_all

      # notice: 'fai dirinstall' does not seem to exit appropriate, so:
      ERROR=''
      CHECKLOG="$LOG_OUTPUT"/fai/
      if [ -r "$CHECKLOG/software.log" ] ; then
         # 1 errors during executing of commands
         grep 'dpkg: error processing' $CHECKLOG/software.log >> $LOGFILE && ERROR=1
         grep 'E: Method http has died unexpectedly!' $CHECKLOG/software.log >> $LOGFILE && ERROR=2
         grep 'ERROR: chroot' $CHECKLOG/software.log >> $LOGFILE && ERROR=3
         grep 'E: Failed to fetch' $CHECKLOG/software.log >> $LOGFILE && ERROR=4
         grep 'Unable to write mmap - msync (28 No space left on device)' $CHECKLOG/software.log >> $LOGFILE && ERROR=5
      fi

      # FAI versions <6.0 used to write to shell.log
      if [ -r "$CHECKLOG/shell.log" ] ; then
         grep 'FAILED with exit code' $CHECKLOG/shell.log >> $LOGFILE && ERROR=6
      fi

      # FAI versions >=6.0 always writes to scripts.log
      if [ -r "$CHECKLOG/scripts.log" ] ; then
         grep 'FAILED with exit code' $CHECKLOG/scripts.log >> $LOGFILE && ERROR=6
      fi

      if [ -r "$CHECKLOG/fai.log" ] ; then
        grep 'updatebase.*FAILED with exit code' "$CHECKLOG/fai.log" >> "$LOGFILE" && ERROR=7
        grep 'instsoft.*FAILED with exit code'   "$CHECKLOG/fai.log" >> "$LOGFILE" && ERROR=8
      fi

      if [ -n "$ERROR" ] ; then
         log    "Error: there was a critical error [${ERROR}] during execution of stage 'fai dirinstall' [$(date)]"
         eerror "Error: there was a critical error during execution of stage 'fai dirinstall'"
         eerror "Note:  check out ${CHECKLOG}/ for details. [exit ${ERROR}]"
         eend 1
         bailout 1
      else
         log "Finished execution of stage 'fai dirinstall' [$(date)]"
         einfo "Finished execution of stage 'fai dirinstall'"
      fi
   fi
fi # BUILD_DIRTY?
# }}}

# package validator {{{
CHECKLOG=/var/log/fai/$HOSTNAME/last
if [ -r "$CHECKLOG/dpkg.selections" ] ; then
  package_count=$(wc -l "$CHECKLOG/dpkg.selections" | awk '{print $1}')
else
  package_count="unknown"
fi

mkdir -p "$REPORTS"
REPORT_MISSING_PACKAGES="${REPORTS}/TEST-MissingPackages.xml"

# check for missing packages
if ! [ -s "$CHECKLOG/package_errors.log" ] ; then
  einfo "No missing packages found, generating empty junit report."

  cat > "${REPORT_MISSING_PACKAGES}" << EOF
<?xml version="1.0" encoding="UTF-8"?>
<testsuite name="grml-live-missing-packages" tests="${package_count}" time="1" failures="0" errors="0" skipped="0" assertions="0">
  <testcase name="test_missing_packages" time="0" assertions="0">
  </testcase>
  <system-out>
  </system-out>
  <system-err>
  </system-err>
</testsuite>
EOF
  eend 0
else
  einfo "Missing packages found, generating junit report."

  if [ -r "$CHECKLOG/package_errors.log" ] ; then
    package_errors=$(wc -l "$CHECKLOG/package_errors.log" | awk '{print $1}')
  else
    package_errors="unknown"
  fi

  mkdir -p "$REPORTS"
  REPORT_MISSING_PACKAGES="${REPORTS}/TEST-MissingPackages.xml"

  cat > "${REPORT_MISSING_PACKAGES}" << EOF
<?xml version="1.0" encoding="UTF-8"?>
<testsuite name="grml-live-missing-packages" tests="${package_count}" time="1" failures="${package_errors}" errors="${package_errors}" skipped="0" assertions="0">
EOF

  for package in $(awk '{print $1}' "${CHECKLOG}/package_errors.log" | sed 's;/;\\/;') ; do
    failure_reason="$(awk "/$package/ {print \$2}" "${CHECKLOG}/package_errors.log")"
    cat >> "${REPORT_MISSING_PACKAGES}" << EOF
  <testcase name="test_missing_packages_${package}" time="0" assertions="0">
    <failure type="${failure_reason}" message="Package ${package} is missing">
Package $package is missing in chroot (${failure_reason})
  </failure>
  </testcase>
EOF
  done

  cat >> "${REPORT_MISSING_PACKAGES}" << EOF
  <system-out>
  </system-out>
  <system-err>
  </system-err>
</testsuite>
EOF
  eend 0

  if [ -n "$EXIT_ON_MISSING_PACKAGES" -a -z "$BUILD_DIRTY" ] ; then
    eerror "The following packages were requested for installation but could not be processed:"
    cat "$CHECKLOG/package_errors.log"
    eerror "... exiting as requested via \$EXIT_ON_MISSING_PACKAGES."
    eend 1
    bailout 13
  else
    ewarn "The following packages were requested for installation but could not be processed:"
    cat "$CHECKLOG/package_errors.log"
    eend 0
  fi
fi
# }}}

# grub boot {{{
grub_setup() {
  EFI_IMG="/boot/efi.img"

  local efi_size
  if [[ "${SECURE_BOOT:-}" == "disable" ]] || [[ "${ARCH:-}" == "i386" ]] ; then
    efi_size='4M'
  else
    # e.g. templates/EFI/debian for Secure Boot has >4MB and needs more space
    efi_size='8M'
  fi

  if [[ "$ARCH" == "amd64" ]] || [[ "$ARCH" == "arm64" ]] ; then
    case "$ARCH" in
      arm64)
        BOOTX64="/boot/bootaa64.efi"
        ;;
      amd64)
        BOOTX64="/boot/bootx64.efi"
        ;;
    esac

    # important: this depends on execution of ${GRML_FAI_CONFIG}/config/scripts/GRMLBASE/45-grub-images
    if ! [ -r "${CHROOT_OUTPUT}/${BOOTX64}" ] ; then
      log    "Can not access GRUB efi image ${CHROOT_OUTPUT}/${BOOTX64}, required for Secure Boot support"
      eerror "Can not access GRUB efi image ${CHROOT_OUTPUT}/${BOOTX64}, required for Secure Boot support" ; eend 1
      log    "Possible reason is failure to run ${GRML_FAI_CONFIG}/config/scripts/GRMLBASE/45-grub-images"
      ewarn  "Possible reason is failure to run ${GRML_FAI_CONFIG}/config/scripts/GRMLBASE/45-grub-images"
      bailout 50
    fi

    dd if=/dev/zero of="${CHROOT_OUTPUT}/${EFI_IMG}" bs="${efi_size}" count=1 2>/dev/null || bailout 50
    mkfs.vfat -n GRML "${CHROOT_OUTPUT}/${EFI_IMG}" >/dev/null || bailout 51
    mmd -i "${CHROOT_OUTPUT}/${EFI_IMG}" ::EFI || bailout 52
    mmd -i "${CHROOT_OUTPUT}/${EFI_IMG}" ::EFI/BOOT || bailout 52

    if [ "${SECURE_BOOT:-}" = "disable" ] ; then
      log   "Secure Boot is disabled."
      einfo "Secure Boot is disabled." ; eend 0

      # install "$BOOTX64" as ::EFI/BOOT/{bootx64.efi|bootaa64.efi} inside image file "$EFI_IMG":
      case "$ARCH" in
        arm64)
          mcopy -i "${CHROOT_OUTPUT}/${EFI_IMG}" "${CHROOT_OUTPUT}/${BOOTX64}" ::EFI/BOOT/bootaa64.efi >/dev/null || bailout 53
          ;;
        amd64)
          mcopy -i "${CHROOT_OUTPUT}/${EFI_IMG}" "${CHROOT_OUTPUT}/${BOOTX64}" ::EFI/BOOT/bootx64.efi >/dev/null || bailout 53
          ;;
      esac

      log   "Generated 64-bit EFI image $BOOTX64"
      einfo "Generated 64-bit EFI image $BOOTX64" ; eend 0
    else
      case "${SECURE_BOOT}" in
        disable*)
          log   "Secure Boot is disabled [mode: ${SECURE_BOOT}]"
          einfo "Secure Boot is disabled [mode: ${SECURE_BOOT}]" ; eend 0
          ;;
        debian|ubuntu)
          log   "Secure Boot is enabled [mode: ${SECURE_BOOT}]"
          einfo "Secure Boot is enabled [mode: ${SECURE_BOOT}]" ; eend 0

          local GRUBCFG_TEMPLATE="${TEMPLATE_DIRECTORY}/secureboot/grub.cfg"
          local GRUBCFG_TMP=$(mktemp)

          if ! [ -r "${GRUBCFG_TEMPLATE}" ] ; then
            log    "Secure Boot template for GRUB [${GRUBCFG_TEMPLATE}] not found."
            eerror "Secure Boot template for GRUB [${GRUBCFG_TEMPLATE}] not found." ; eend 1
            bailout 54
          fi

          cp "${GRUBCFG_TEMPLATE}" "${GRUBCFG_TMP}"
          adjust_boot_files "${GRUBCFG_TMP}"

          mmd -i "${CHROOT_OUTPUT}/${EFI_IMG}" ::boot      || bailout 55
          mmd -i "${CHROOT_OUTPUT}/${EFI_IMG}" ::boot/grub || bailout 55
          mcopy -i "${CHROOT_OUTPUT}/${EFI_IMG}" "${GRUBCFG_TMP}" ::boot/grub/grub.cfg || bailout 56

          rm "${GRUBCFG_TMP}"

          if [ -r "${TEMPLATE_DIRECTORY}/EFI/${SECURE_BOOT}/BOOT/grubx64.efi.signed" ] ; then
            mcopy -i "${CHROOT_OUTPUT}/${EFI_IMG}" "${TEMPLATE_DIRECTORY}/EFI/${SECURE_BOOT}/BOOT/grubx64.efi.signed" ::EFI/BOOT/grubx64.efi >/dev/null || bailout 57
          else
            log    "Secure Boot GRUB binary '${TEMPLATE_DIRECTORY}/EFI/${SECURE_BOOT}/BOOT/grubx64.efi.signed' not found."
            eerror "Secure Boot GRUB binary '${TEMPLATE_DIRECTORY}/EFI/${SECURE_BOOT}/BOOT/grubx64.efi.signed' not found." ; eend 1
            bailout 57
          fi

          if [ -r "${TEMPLATE_DIRECTORY}/EFI/${SECURE_BOOT}/BOOT/shimx64.efi.signed" ] ; then
            mcopy -i "${CHROOT_OUTPUT}/${EFI_IMG}" "${TEMPLATE_DIRECTORY}/EFI/${SECURE_BOOT}/BOOT/shimx64.efi.signed" ::EFI/BOOT/bootx64.efi >/dev/null || bailout 58
          else
            log    "Secure Boot GRUB binary '${TEMPLATE_DIRECTORY}/EFI/${SECURE_BOOT}/BOOT/shimx64.efi.signed' not found."
            eerror "Secure Boot GRUB binary '${TEMPLATE_DIRECTORY}/EFI/${SECURE_BOOT}/BOOT/shimx64.efi.signed' not found." ; eend 1
            bailout 57
          fi

          log   "Generated 64-bit Secure Boot (${SECURE_BOOT}) EFI image ${CHROOT_OUTPUT}/${EFI_IMG}"
          einfo "Generated 64-bit Secure Boot (${SECURE_BOOT}) EFI image ${CHROOT_OUTPUT}/${EFI_IMG}" ; eend 0
          ;;
        *)
          log   "Secure Boot method '${SECURE_BOOT}' is unsupported."
          eerror "Secure Boot method '${SECURE_BOOT}' is unsupported." ; eend 1
          bailout 59
          ;;
      esac
    fi
  fi

  if [[ "$ARCH" == "i386" ]] ; then
    BOOTX32="/boot/bootia32.efi"
    if ! [ -r "${CHROOT_OUTPUT}/${BOOTX32}" ] ; then
      log    "Can not access GRUB efi image ${CHROOT_OUTPUT}/${BOOTX32}."
      eerror "Can not access GRUB efi image ${CHROOT_OUTPUT}/${BOOTX32}." ; eend 1
      log    "Possible reason is failure to run ${GRML_FAI_CONFIG}/config/scripts/GRMLBASE/45-grub-images"
      ewarn "Possible reason is failure to run ${GRML_FAI_CONFIG}/config/scripts/GRMLBASE/45-grub-images"
      bailout 50
    fi

    dd if=/dev/zero of="${CHROOT_OUTPUT}/${EFI_IMG}" bs="${efi_size}" count=1 2>/dev/null || bailout 50
    mkfs.vfat -n GRML "${CHROOT_OUTPUT}/${EFI_IMG}" >/dev/null || bailout 51
    mmd -i "${CHROOT_OUTPUT}/${EFI_IMG}" ::EFI || bailout 52
    mmd -i "${CHROOT_OUTPUT}/${EFI_IMG}" ::EFI/BOOT || bailout 52
    mcopy -i "${CHROOT_OUTPUT}/${EFI_IMG}" "${CHROOT_OUTPUT}/${BOOTX32}" ::EFI/BOOT/bootia32.efi >/dev/null || bailout 53
    log   "Generated 32-bit EFI image $BOOTX32"
    einfo "Generated 32-bit EFI image $BOOTX32" ; eend 0
  fi
}
# }}}

# BUILD_OUTPUT - execute arch specific stuff and squashfs {{{
[ -n "$BUILD_OUTPUT" ] || BUILD_OUTPUT="$OUTPUT/grml_cd"
mkdir -p "$BUILD_OUTPUT" || bailout 6 "Problem with creating $BUILD_OUTPUT for stage ARCH"

# prepare ISO
if [ "$ARCH" = i386 ] || [ "$ARCH" = amd64 ] || [ "$ARCH" = arm64 ] ; then
  if [ -n "$BOOTSTRAP_ONLY" ] ; then
    log   "Skipping stage 'boot' as building with bootstrap only."
    ewarn "Skipping stage 'boot' as building with bootstrap only." ; eend 0
  else
    # booting stuff:
    mkdir -p "$BUILD_OUTPUT"/boot/isolinux
    mkdir -p "$BUILD_OUTPUT"/boot/"${SHORT_NAME}"

    # this is a variable we're using for adjusting boot templates, not only in
    # adjust_boot_files though, so set here
    RELEASE_INFO="$GRML_NAME $VERSION - Release Codename $RELEASENAME"

    # if we don't have an initrd we a) can't boot and b) there was an error
    # during build, so check for the file:
    INITRD="$(ls $CHROOT_OUTPUT/boot/initrd* 2>/dev/null| grep -v '.bak$' | sort -r | head -1)"
    if [ -n "$INITRD" ] ; then
      cp $INITRD "$BUILD_OUTPUT"/boot/"${SHORT_NAME}"/initrd.img
      find $CHROOT_OUTPUT/boot/ -name initrd\*.bak -exec rm {} \;
    else
      log    "Error: No initrd found inside $CHROOT_OUTPUT/boot/ - Exiting"
      eerror "Error: No initrd found inside $CHROOT_OUTPUT/boot/ - Exiting" ; eend 1
      bailout 10
    fi

    KERNEL_IMAGE="$(ls $CHROOT_OUTPUT/boot/vmlinuz* 2>/dev/null | sort -r | head -1)"
    if [ -n "$KERNEL_IMAGE" ] ; then
      cp "$KERNEL_IMAGE" "$BUILD_OUTPUT"/boot/"${SHORT_NAME}"/vmlinuz
    else
      log    "Error: No kernel found inside $CHROOT_OUTPUT/boot/ - Exiting"
      eerror "Error: No kernel found inside $CHROOT_OUTPUT/boot/ - Exiting" ; eend 1
      bailout 11
    fi

    # we need to set "$BOOTID" before we invoke adjust_boot_files for the
    # first time, being inside grub_setup below
    if [ -n "$NO_BOOTID" ] ; then
      log   'Skipping bootid feature as requested via $NO_BOOTID.'
      einfo 'Skipping bootid feature as requested via $NO_BOOTID.'
    else
      [ -n "$BOOTID" ] || BOOTID="$(echo ${GRML_NAME}${VERSION} | tr -d ',./;\- ')"
      mkdir -p "$BUILD_OUTPUT"/conf
      einfo "Generating /conf/bootid.txt with entry ${BOOTID}."
      log   "Generating /conf/bootid.txt with entry ${BOOTID}."
      echo "$BOOTID" > "$BUILD_OUTPUT"/conf/bootid.txt
      eend $?
    fi

    # every recent Grml ISO ships a /conf/bootid.txt, though GRUB might find
    # the /conf/bootid.txt of a different (Grml) ISO than the one that's
    # supposed to be running, so within scripts/GRMLBASE/45-grub-images
    # we generate a random filename, stored inside /boot/grub/bootfile.txt,
    # which we place on the resulting ISO here
    if [ -r "${CHROOT_OUTPUT}"/boot/grub/bootfile.txt ] ; then
      mkdir -p "${BUILD_OUTPUT}"/conf
      rm -f "${BUILD_OUTPUT}"/conf/bootfile*  # ensure we don't leave any old(er) files behind

      einfo "Generating "${BUILD_OUTPUT}"/conf/bootfile* files"
      log   "Generating "${BUILD_OUTPUT}"/conf/bootfile* files"

      BOOT_FILE="/conf/bootfile_$(cat "${CHROOT_OUTPUT}"/boot/grub/bootfile.txt)"
      echo "# This file is relevant for GRUB boot with the Grml ISO." > "${BUILD_OUTPUT}/${BOOT_FILE}"
      # save information about the random filename inside /conf/bootfile.txt
      echo "${BOOT_FILE}" > "${BUILD_OUTPUT}"/conf/bootfile.txt
      eend $?
    fi

    grub_setup

    # EFI boot files
    if [ -r "${CHROOT_OUTPUT}/boot/efi.img" -a -r "${CHROOT_OUTPUT}/boot/bootaa64.efi" ] ; then
      einfo "Copying 64-bit EFI boot files (arm64) into ISO path."
      log   "Copying 64-bit EFI boot files (arm64) into ISO path."
      RC=$0
      cp "${CHROOT_OUTPUT}/boot/efi.img" "${BUILD_OUTPUT}/boot/" || RC=$?
      mkdir -p "${BUILD_OUTPUT}/EFI/BOOT/" || RC=$?
      cp "${CHROOT_OUTPUT}/boot/bootaa64.efi" "${BUILD_OUTPUT}/EFI/BOOT/bootaa64.efi" || RC=$?
      eend $?
    elif [ -r "${CHROOT_OUTPUT}/boot/efi.img" -a -r "${CHROOT_OUTPUT}/boot/bootx64.efi" ] ; then
      einfo "Copying 64-bit EFI boot files (amd64) into ISO path."
      log   "Copying 64-bit EFI boot files (amd64) into ISO path."
      RC=$0
      cp "${CHROOT_OUTPUT}/boot/efi.img" "${BUILD_OUTPUT}/boot/" || RC=$?
      mkdir -p "${BUILD_OUTPUT}/EFI/BOOT/" || RC=$?
      cp "${CHROOT_OUTPUT}/boot/bootx64.efi" "${BUILD_OUTPUT}/EFI/BOOT/bootx64.efi" || RC=$?
      eend $?
    elif [ -r "${CHROOT_OUTPUT}/boot/efi.img" -a -r "${CHROOT_OUTPUT}/boot/bootia32.efi" ] ; then
      einfo "Copying 32-bit EFI boot files into ISO path."
      log   "Copying 32-bit EFI boot files into ISO path."
      RC=$0
      cp "${CHROOT_OUTPUT}/boot/efi.img" "${BUILD_OUTPUT}/boot/" || RC=$?
      mkdir -p "${BUILD_OUTPUT}/EFI/BOOT/" || RC=$?
      cp "${CHROOT_OUTPUT}/boot/bootia32.efi" "${BUILD_OUTPUT}/EFI/BOOT/bootia32.efi" || RC=$?
      eend $?
    else
      ewarn "No EFI boot files found, skipping." ; eend 0
    fi

    [ -n "$TEMPLATE_DIRECTORY" ] || TEMPLATE_DIRECTORY='/usr/share/grml-live/templates'
    if ! [ -d "${TEMPLATE_DIRECTORY}"/boot ] ; then
      log    "Error: ${TEMPLATE_DIRECTORY}/boot does not exist. Exiting."
      eerror "Error: ${TEMPLATE_DIRECTORY}/boot does not exist. Exiting." ; eend 1
      bailout 8
    fi

    # copy _required_ isolinux files
    if [ -d "${CHROOT_OUTPUT}/usr/lib/ISOLINUX" ] ; then
      copy_addon_file isolinux.bin /usr/lib/ISOLINUX isolinux
      for file in ${CHROOT_OUTPUT}/usr/lib/syslinux/modules/bios/*.c32 ; do
        copy_addon_file "$(basename "$file")"  /usr/lib/syslinux/modules/bios/ isolinux
      done
    else # syslinux versions <= 3:4.05+dfsg-6+deb8u1
      copy_addon_file isolinux.bin /usr/lib/syslinux isolinux
      copy_addon_file ifcpu64.c32  /usr/lib/syslinux isolinux
      copy_addon_file vesamenu.c32 /usr/lib/syslinux isolinux
    fi

    # *always* copy files to output directory so the variables
    # get adjusted according to the build.
    cp ${TEMPLATE_DIRECTORY}/boot/isolinux/*  "$BUILD_OUTPUT"/boot/isolinux/

    mkdir -p "${BUILD_OUTPUT}/boot/grub"
    cp -a ${TEMPLATE_DIRECTORY}/boot/grub/* "$BUILD_OUTPUT"/boot/grub/

    if [ -n "$NO_ADDONS" ] ; then
      rm -f "$BUILD_OUTPUT"/boot/grub/addons.cfg
      log   "Skipping installation of boot addons as requested via \$NO_ADDONS."
      einfo "Skipping installation of boot addons as requested via \$NO_ADDONS."; eend 0
    else
      if ! [ -r "$TEMPLATE_DIRECTORY"/boot/addons ] ; then
        log   "Boot addons not found, skipping therefore. (Consider installing package grml-live-addons)"
        ewarn "Boot addons not found, skipping therefore. (Consider installing package grml-live-addons)" ; eend 0
      else
        log   "Installing boot addons."
        einfo "Installing boot addons."

        # copy addons from system packages or grml-live-addons
        copy_addon_file ipxe.lkrn /usr/lib/ipxe addons
        copy_addon_file ipxe.efi /usr/lib/ipxe addons
        copy_addon_file pci.ids /usr/share/misc addons

        # memtest86+ >=6.00-1
        if [[ "$ARCH" == "amd64" ]] ; then
          copy_addon_file memtest86+x64.efi /boot addons
        elif [[ "$ARCH" == "i386" ]] ; then
          copy_addon_file memtest86+ia32.efi /boot addons
        fi

        # provide memtest86+ >=6.00-1 files as "memtest" file
        # for BIOS boot in isolinux/syslinux
        if ! [ -r "${BUILD_OUTPUT}/boot/addons/memtest" ] ; then
          if [[ "$ARCH" == "amd64" ]] ; then
            copy_addon_file memtest86+x64.bin /boot addons &&
            # make memtest filename FAT16/8.3 compatible
            mv "${BUILD_OUTPUT}/boot/addons/memtest86+x64.bin" \
               "${BUILD_OUTPUT}/boot/addons/memtest"
          elif [[ "$ARCH" == "i386" ]] ; then
            copy_addon_file memtest86+ia32.bin /boot addons &&
            # make memtest filename FAT16/8.3 compatible
            mv "${BUILD_OUTPUT}/boot/addons/memtest86+ia32.bin" \
               "${BUILD_OUTPUT}/boot/addons/memtest"
          fi
        fi

        # fallback: if we still don't have /boot/addons/memtest available, we
        # might have an older memtest86+ version (<=5.01-3.1) which ships
        # file "memtest86+.bin" instead
        if ! [ -r "${BUILD_OUTPUT}/boot/addons/memtest" ] ; then
          copy_addon_file memtest86+.bin /boot addons &&
          # make memtest filename FAT16/8.3 compatible
          mv "${BUILD_OUTPUT}/boot/addons/memtest86+.bin" \
             "${BUILD_OUTPUT}/boot/addons/memtest"
        fi

        # since syslinux(-common) v3:6.03~pre1+dfsg-4 the files are in a
        # different directory :(
        if [ -d "${CHROOT_OUTPUT}/usr/lib/syslinux/modules/bios/" ] ; then
          syslinux_modules_dir=/usr/lib/syslinux/modules/bios/
        else
          syslinux_modules_dir=/usr/lib/syslinux
        fi
        for file in chain.c32 hdt.c32 mboot.c32 menu.c32; do
          copy_addon_file "${file}" "${syslinux_modules_dir}" addons
        done

        copy_addon_file memdisk /usr/lib/syslinux addons

        # copy only files so we can handle bsd4grml on its own
        for file in ${TEMPLATE_DIRECTORY}/boot/addons/* ; do
          test -f $file && cp $file "$BUILD_OUTPUT"/boot/addons/
        done

        eend 0

        if [ -n "$NO_ADDONS_BSD4GRML" ] ; then
          log   "Skipping installation of bsd4grml as requested via \$NO_ADDONS_BSD4GRML."
          einfo "Skipping installation of bsd4grml as requested via \$NO_ADDONS_BSD4GRML."; eend 0
        else
          if [ -d "$TEMPLATE_DIRECTORY"/boot/addons/bsd4grml ] ; then
            cp -a ${TEMPLATE_DIRECTORY}/boot/addons/bsd4grml "$BUILD_OUTPUT"/boot/addons/
          else
            log   "Missing addon file: bsd4grml"
            ewarn "Missing addon file: bsd4grml" ; eend 0
          fi
        fi

      fi # no "$TEMPLATE_DIRECTORY"/boot/addons
    fi # NO_ADDONS

    # generate loopback.cfg config file without depending on grub's regexp module
    # which isn't available in Debian/squeeze
    echo "## grub2 loopback configuration" > "${BUILD_OUTPUT}"/boot/grub/loopback.cfg
    echo "source /boot/grub/header.cfg" >> "${BUILD_OUTPUT}"/boot/grub/loopback.cfg
    for config in "${BUILD_OUTPUT}"/boot/grub/*_default.cfg "${BUILD_OUTPUT}"/boot/grub/*_options.cfg ; do
      [ -r "$config" ] || continue
      echo "source ${config##$BUILD_OUTPUT}" >> "${BUILD_OUTPUT}"/boot/grub/loopback.cfg
    done
    if [ -z "$NO_ADDONS" ] ; then
      echo "source /boot/grub/addons.cfg" >> "${BUILD_OUTPUT}"/boot/grub/loopback.cfg
    fi
    echo "source /boot/grub/footer.cfg" >> "${BUILD_OUTPUT}"/boot/grub/loopback.cfg

    # copy modules for GRUB
    if [ "${ARCH}" = "arm64" ] ; then
      mkdir -p "${BUILD_OUTPUT}"/boot/grub/arm64-efi/
      cp -a "${CHROOT_OUTPUT}"/usr/lib/grub/arm64-efi/*.mod "${BUILD_OUTPUT}"/boot/grub/arm64-efi/
      cp -a "${CHROOT_OUTPUT}"/usr/lib/grub/arm64-efi/*.lst "${BUILD_OUTPUT}"/boot/grub/arm64-efi/
      # NOTE: usage of /boot/grub/core.img + /boot/grub/grub.img unclear yet
    elif [ "${ARCH}" = "amd64" ] || [ "${ARCH}" = "i386" ] ; then
      # grub-pc-bin
      mkdir -p "${BUILD_OUTPUT}"/boot/grub/i386-pc/
      cp -a "${CHROOT_OUTPUT}"/usr/lib/grub/*-pc/*.mod  "${BUILD_OUTPUT}"/boot/grub/i386-pc/
      cp -a "${CHROOT_OUTPUT}"/usr/lib/grub/*-pc/*.o    "${BUILD_OUTPUT}"/boot/grub/i386-pc/
      cp -a "${CHROOT_OUTPUT}"/usr/lib/grub/*-pc/*.lst  "${BUILD_OUTPUT}"/boot/grub/i386-pc/

      # grub-efi-amd64-bin
      mkdir -p "${BUILD_OUTPUT}"/boot/grub/x86_64-efi/
      cp -a "${CHROOT_OUTPUT}"/usr/lib/grub/x86_64-efi/*.{mod,lst} "${BUILD_OUTPUT}"/boot/grub/x86_64-efi/

      # grub-efi-ia32-bin
      mkdir -p "${BUILD_OUTPUT}"/boot/grub/i386-efi/
      cp -a "${CHROOT_OUTPUT}"/usr/lib/grub/i386-efi/*.{mod,lst} "${BUILD_OUTPUT}"/boot/grub/i386-efi/

      cp -a "${CHROOT_OUTPUT}"/boot/grub/core.img       "${BUILD_OUTPUT}"/boot/grub/
      cp -a "${CHROOT_OUTPUT}"/boot/grub/grub.img       "${BUILD_OUTPUT}"/boot/grub/
    fi

    # arch independent files
    cp -a "${CHROOT_OUTPUT}"/usr/share/grub/ascii.pf2     "${BUILD_OUTPUT}"/boot/grub/
    cp -a "${CHROOT_OUTPUT}"/usr/share/grub/unicode.pf2   "${BUILD_OUTPUT}"/boot/grub/  # clarify

    if ! [ -d "${TEMPLATE_DIRECTORY}"/GRML ] ; then
      log    "Error: ${TEMPLATE_DIRECTORY}/GRML does not exist. Exiting."
      eerror "Error: ${TEMPLATE_DIRECTORY}/GRML does not exist. Exiting." ; eend 1
      bailout 9
    fi

    mkdir -p "$BUILD_OUTPUT"/GRML/"${GRML_NAME}"/
    cp -a ${TEMPLATE_DIRECTORY}/GRML/* "$BUILD_OUTPUT"/GRML/"${GRML_NAME}"/

    if [ -r "$BUILD_OUTPUT"/GRML/"${GRML_NAME}"/grml-version ] ; then
      sed -i "s/%RELEASE_INFO%/$RELEASE_INFO/" "$BUILD_OUTPUT"/GRML/"${GRML_NAME}"/grml-version
      sed -i "s/%DATE%/$DATE/"                 "$BUILD_OUTPUT"/GRML/"${GRML_NAME}"/grml-version
    fi

    # make sure the squashfs filename is set accordingly:
    SQUASHFS_NAME="$GRML_NAME.squashfs"
    # adjust bootsplash accordingly but make sure the string has the according length
    fixed_squashfs_name="$(cut_string 20 "$SQUASHFS_NAME")"
    fixed_squashfs_name="$(extend_string_end 20 "$fixed_squashfs_name")"
    for file in f4 f5 ; do
      if [ -r "${BUILD_OUTPUT}/boot/isolinux/${file}" ] ; then
        sed -i "s/%SQUASHFS_NAME%/${fixed_squashfs_name}/" "${BUILD_OUTPUT}/boot/isolinux/${file}"
        sed -i "s/%SQUASHFS_NAME%/${fixed_squashfs_name}/" "${BUILD_OUTPUT}/boot/isolinux/${file}"
      fi
    done

    # adjust all variables in the templates with the according distribution information
    adjust_boot_files "${BUILD_OUTPUT}"/boot/isolinux/*.cfg \
      "${BUILD_OUTPUT}"/boot/isolinux/*.msg \
      "${BUILD_OUTPUT}"/boot/grub/*

    for param in ARCH DATE DISTRI_INFO DISTRI_NAME DISTRI_SPLASH GRML_NAME SQUASHFS_NAME \
      RELEASE_INFO SHORT_NAME VERSION ; do
      for file in $(find "${BUILD_OUTPUT}" -name "*%$param%*") ; do
        value="$(eval echo '$'"$param")"
        mv ${file} ${file/\%${param}\%/$value}
      done
    done

    # generate addon list
    rm -f "${BUILD_OUTPUT}/${ADDONS_LIST_FILE}"
    for name in "${BUILD_OUTPUT}"/boot/isolinux/addon_*.cfg ; do
      include_name=$(basename "$name")
      echo "include $include_name"  >> "${BUILD_OUTPUT}/${ADDONS_LIST_FILE}"
    done

    if ! [ -r "${BUILD_OUTPUT}/boot/isolinux/${DISTRI_NAME}.cfg" ] || [ "$DISTRI_NAME" = "grml" ] ; then
      log "including grmlmain.cfg in ${BUILD_OUTPUT}/boot/isolinux/distri.cfg"
      echo "include grmlmain.cfg"    >  "${BUILD_OUTPUT}/boot/isolinux/distri.cfg"
      echo "include default.cfg"     >  "${BUILD_OUTPUT}/boot/isolinux/grmlmain.cfg"
      echo "include menuoptions.cfg" >> "${BUILD_OUTPUT}/boot/isolinux/grmlmain.cfg"
      echo "include grml.cfg"        >> "${BUILD_OUTPUT}/boot/isolinux/grmlmain.cfg"

      for f in "${BUILD_OUTPUT}"/boot/isolinux/submenu*.cfg ; do
        echo "include $(basename $f)"     >> "${BUILD_OUTPUT}/boot/isolinux/grmlmain.cfg"
      done

      echo "include options.cfg"     >> "${BUILD_OUTPUT}/boot/isolinux/grmlmain.cfg"
      if [ -z "$NO_ADDONS" ] ; then
        echo "include addons.cfg"    >> "${BUILD_OUTPUT}/boot/isolinux/grmlmain.cfg"
      fi
      echo "include isoprompt.cfg"   >> "${BUILD_OUTPUT}/boot/isolinux/grmlmain.cfg"
      echo "include hd.cfg"          >> "${BUILD_OUTPUT}/boot/isolinux/grmlmain.cfg"
      echo "include hidden.cfg"      >> "${BUILD_OUTPUT}/boot/isolinux/grmlmain.cfg"
    else # assume we are building a custom distribution:
      log "File ${BUILD_OUTPUT}/boot/isolinux/${DISTRI_NAME}.cfg found, using it."
      einfo "File ${BUILD_OUTPUT}/boot/isolinux/${DISTRI_NAME}.cfg found, using it."
      if grep -q "^include ${DISTRI_NAME}.cfg" "${BUILD_OUTPUT}/boot/isolinux/distri.cfg" ; then
        log "include for ${DISTRI_NAME}.cfg already present, nothing to do."
        eindent
        einfo "include for ${DISTRI_NAME}.cfg already present, nothing to do."
        eoutdent
        eend $?
      else
        log "including ${DISTRI_NAME}.cfg in ${BUILD_OUTPUT}/boot/isolinux/distri.cfg"
        echo "include ${DISTRI_NAME}.cfg" > "${BUILD_OUTPUT}/boot/isolinux/distri.cfg"
        if [ -z "$NO_ADDONS" ] ; then
          echo "include addons.cfg" >> "${BUILD_OUTPUT}/boot/isolinux/distri.cfg"
        fi
      fi
    fi

    # use old style console based isolinux method only if requested:
    if [[ "${ISOLINUX_METHOD}" == "console" ]] ; then
      log 'Using console based isolinux method as requested via $ISOLINUX_METHOD.'
      einfo 'Using console based isolinux method as requested via $ISOLINUX_METHOD.'
      if grep -q '^include console.cfg' "${BUILD_OUTPUT}/boot/isolinux/distri.cfg" ; then
        einfo "include for console.cfg already found, nothing to do."
        eend 0
      else
        log "including console.cfg in ${BUILD_OUTPUT}/boot/isolinux/isolinux.cfg"
        einfo "including console.cfg in ${BUILD_OUTPUT}/boot/isolinux/isolinux.cfg"
        echo "include console.cfg" >> "${BUILD_OUTPUT}/boot/isolinux/isolinux.cfg"
        eend $?
      fi
    else
      log 'Using graphical boot menu.'
      if grep -q '^include vesamenu.cfg' "${BUILD_OUTPUT}/boot/isolinux/isolinux.cfg" ; then
        log "include for vesamenu.cfg already found, nothing to do."
      else
        log "including vesamenu.cfg in ${BUILD_OUTPUT}/boot/isolinux/isolinux.cfg"
        echo "include vesamenu.cfg" >> "${BUILD_OUTPUT}/boot/isolinux/isolinux.cfg"
      fi
    fi

    if [ -e "$BUILD_OUTPUT"/boot/addons/bsd4grml/boot.6 ]; then
      sed -i "s/%RELEASE_INFO%/$RELEASE_INFO/" "$BUILD_OUTPUT"/boot/addons/bsd4grml/boot.6
    fi

    DPKG_LIST="/var/log/fai/$HOSTNAME/last/dpkg.list" # the dpkg --list output of the chroot
    if ! [ -r "$DPKG_LIST" ] ; then
      ewarn "$DPKG_LIST could not be read, ignoring to store package information on ISO therefore."
    else
      einfo "Storing package list information as /GRML/${GRML_NAME}/packages.txt on ISO."
      cp "$DPKG_LIST" "${BUILD_OUTPUT}"/GRML/"${GRML_NAME}"/packages.txt
      eend $?
    fi

    # autostart for Windows:
    if [ -d "${TEMPLATE_DIRECTORY}/windows/autostart/" ] ; then
      cp ${TEMPLATE_DIRECTORY}/windows/autostart/* "$BUILD_OUTPUT"/
    fi

    FORCE_ISO_REBUILD=true
    einfo "Finished execution of stage 'boot'" ; eend 0
  fi # BOOTSTRAP_ONLY
else
  log    'Error: Unsupported ARCH, sorry. Want to support it? Contribute!'
  eerror 'Error: Unsupported ARCH, sorry. Want to support it? Contribute!' ; eend 1
  bailout
fi

# support installation of local files into the chroot/ISO
if [ -n "$CHROOT_INSTALL" ] ; then
  if ! [ -d "$CHROOT_INSTALL" ] ; then
     log "Configuration variable \$CHROOT_INSTALL is set but not a directory; ignoring"
     ewarn "Configuration variable \$CHROOT_INSTALL is set but not a directory; ignoring"
  else
     log "Copying local files to chroot as requested via \$CHROOT_INSTALL"
     einfo "Copying local files to chroot as requested via \$CHROOT_INSTALL"
     rsync -avz --inplace "$CHROOT_INSTALL"/ "$CHROOT_OUTPUT/"
     eend $?
     einfo "Make sure to run squashfs stage, otherwise your local files won't be part of the ISO."
     FORCE_ISO_REBUILD=true
  fi
fi

if [ -f "$BUILD_OUTPUT"/live/${GRML_NAME}.squashfs -a -z "$UPDATE" -a -z "$BUILD_ONLY" -a -z "$BUILD_DIRTY" ] ; then
   log   "Skipping stage 'squashfs' as $BUILD_OUTPUT/live exists already."
   ewarn "Skipping stage 'squashfs' as $BUILD_OUTPUT/live exists already." ; eend 0
elif [ -n "$SKIP_MKSQUASHFS" ] ; then
   log   "Skipping stage 'squashfs' as requested via option -q or -N"
   ewarn "Skipping stage 'squashfs' as requested via option -q or -N" ; eend 0
else
   mkdir -p "$BUILD_OUTPUT"/live/"${GRML_NAME}"/
   # make sure we don't leave (even an empty) base.tgz:
   [ -f "$CHROOT_OUTPUT/base.tgz" ] && rm -f "$CHROOT_OUTPUT/base.tgz"

   if which "$SQUASHFS_BINARY" >/dev/null 2>&1 ; then
      log    "Using mksquashfs binary ${SQUASHFS_BINARY}"
      einfo  "Using mksquashfs binary ${SQUASHFS_BINARY}" ; eend 0
   else
      log    "Error: mksquashfs binary ($SQUASHFS_BINARY) not found. Exiting."
      eerror "Error: mksquashfs binary ($SQUASHFS_BINARY) not found. Exiting." ; eend 1
      bailout
   fi

   # use sane defaults if $SQUASHFS_OPTIONS isn't set
   if [ -z "$SQUASHFS_OPTIONS" ] ; then
     # use block size 1m as this gives good result with regards to time + compression
     SQUASHFS_OPTIONS="-b 1m"

     # set lzma/xz compression by default, unless -z option has been specified on command line
     if [ -z "$SQUASHFS_ZLIB" ] ; then
        SQUASHFS_OPTIONS="$SQUASHFS_OPTIONS -comp xz"
     else
        SQUASHFS_OPTIONS="$SQUASHFS_OPTIONS -comp gzip"
     fi
   fi

   # support exclusion of files via exclude-file:
   if [ -n "$SQUASHFS_EXCLUDES_FILE" -a "$SQUASHFS_EXCLUDES_FILE" ] ; then
      SQUASHFS_OPTIONS="$SQUASHFS_OPTIONS -ef $SQUASHFS_EXCLUDES_FILE -wildcards"
   fi

   # get rid of unnecessary files when building grml-small for final release:
   if echo "$CLASSES" | grep -q GRML_SMALL ; then
      SQUASHFS_OPTIONS="$SQUASHFS_OPTIONS -e initrd.img* vmlinuz*"
   fi

   # log stuff
   SQUASHFS_STDERR="$(mktemp -t grml-live.XXXXXX)"

   # informational stuff
   [ -n "$SQUASHFS_OPTIONS" ]  && SQUASHFS_INFO_MSG="$SQUASHFS_OPTIONS"
   [ -n "$SQUASHFS_INFO_MSG" ] && SQUASHFS_INFO_MSG="using options: $SQUASHFS_INFO_MSG"
   einfo "Squashfs build information: running binary $SQUASHFS_BINARY $SQUASHFS_INFO_MSG"

   log "$SQUASHFS_BINARY $CHROOT_OUTPUT/ $BUILD_OUTPUT/live/${GRML_NAME}/${GRML_NAME}.squashfs -noappend $SQUASHFS_OPTIONS"

   if $SQUASHFS_BINARY $CHROOT_OUTPUT/ $BUILD_OUTPUT/live/"${GRML_NAME}"/"${GRML_NAME}".squashfs \
      -noappend $SQUASHFS_OPTIONS 2>"${SQUASHFS_STDERR}" ; then
      echo "${GRML_NAME}.squashfs" > $BUILD_OUTPUT/live/"${GRML_NAME}"/filesystem.module
      log "Finished execution of stage 'squashfs' [$(date)]"
      einfo "Finished execution of stage 'squashfs'" ; eend 0
   else
      log    "Error: there was a critical error executing stage 'squashfs' [$(date)]:"
      log    "$(cat $SQUASHFS_STDERR)"
      eerror "Error: there was a critical error executing stage 'squashfs':"
      cat    "${SQUASHFS_STDERR}"
      eend 1
      bailout
   fi

   FORCE_ISO_REBUILD=true
fi

# create md5sum file:
if [ -z "$BOOTSTRAP_ONLY" ] ; then
  ( cd $BUILD_OUTPUT/GRML/"${GRML_NAME}" &&
  find ../.. -type f -not -name md5sums -not -name isolinux.bin -exec md5sum {} \; > md5sums )
fi
# }}}

# information how the ISO was generated {{{
# shellcheck disable=SC2034
generate_build_info() {
  jo -p \
    boot_method="${BOOT_METHOD}" \
    bootstrap_only="${BOOTSTRAP_ONLY}" \
    build_date="${DATE}" \
    build_dirty="${BUILD_DIRTY}" \
    build_only="${BUILD_ONLY}" \
    chroot_install="${CHROOT_INSTALL}" \
    classes="${CLASSES}" \
    clean_artifacts="${CLEAN_ARTIFACTS}" \
    default_bootoptions="${DEFAULT_BOOTOPTIONS}" \
    distri_info="${DISTRI_INFO}" \
    distri_name="${DISTRI_NAME}" \
    extract_iso_name="${EXTRACT_ISO_NAME}" \
    fai_cmdline="BUILD_ONLY=${BUILD_ONLY} BOOTSTRAP_ONLY=${BOOTSTRAP_ONLY} GRML_LIVE_CONFIG=${CONFIGDUMP} WAYBACK_DATE=${WAYBACK_DATE} fai ${VERBOSE} -C ${GRML_FAI_CONFIG} -s file:///${GRML_FAI_CONFIG}/config -c${CLASSES} -u ${HOSTNAME} ${FAI_ACTION} ${CHROOT_OUTPUT} ${FAI_ARGS}" \
    fai_version="$(fai --help 2>/dev/null | head -1 | awk '{print $2}' | sed 's/\.$//' || true)" \
    grml_architecture="${ARCH}" \
    grml_bootid="${BOOTID}" \
    grml_build_output="${BUILD_OUTPUT}" \
    grml_chroot_output="${CHROOT_OUTPUT}" \
    grml_debian_version="${SUITE}" \
    grml_iso_name="${ISO_NAME}" \
    grml_iso_output="${ISO_OUTPUT}" \
    grml_live_cmdline="${CMDLINE}" \
    grml_live_config_file="${LIVE_CONF}" \
    grml_live_scripts_directory="${SCRIPTS_DIRECTORY}" \
    grml_live_template_directory="${TEMPLATE_DIRECTORY}" \
    grml_live_version="${GRML_LIVE_VERSION}" \
    grml_local_config="${LOCAL_CONFIG}" \
    grml_name="${GRML_NAME}" \
    grml_short_name="${SHORT_NAME}" \
    grml_username="${USERNAME}" \
    grml_version="${VERSION}" \
    host_architecture="$(dpkg --print-architecture || true)" \
    host_debian_version="$(cat /etc/debian_version 2>/dev/null || true)" \
    host_kernel_version="$(uname -a)" \
    hybrid_method="${HYBRID_METHOD}" \
    mkisofs_cmdline="${MKISOFS} -V ${GRML_NAME} ${VERSION} -publisher 'grml-live | grml.org' -l -r -J ${BOOT_ARGS} ${EFI_ARGS} -no-pad -o ${ISO_OUTPUT}/${ISO_NAME}" \
    mkisofs_version="$(${MKISOFS} --version 2>/dev/null | head -1 || true)" \
    mksquashfs_cmdline="${SQUASHFS_BINARY} ${CHROOT_OUTPUT}/ ${BUILD_OUTPUT}/live/${GRML_NAME}/${GRML_NAME}.squashfs -noappend ${SQUASHFS_OPTIONS}" \
    mksquashfs_version="$(${SQUASHFS_BINARY} -version | head -1 || true)" \
    output_owner="${CHOWN_USER}" \
    release_info="${RELEASE_INFO}" \
    release_name="${RELEASENAME}" \
    secure_boot="${SECURE_BOOT}" \
    skip_mkisofs="${SKIP_MKISOFS}" \
    skip_mksquashfs_="${SKIP_MKSQUASHFS}" \
    skip_netboot="${SKIP_NETBOOT}" \
    squashfs_name="${SQUASHFS_NAME}" \
    template_directory="${TEMPLATE_DIRECTORY}" \
    timestamp="$(TZ=UTC date +%s)" \
    update_only="${UPDATE}" \
    wayback_date="${WAYBACK_DATE}" \
  --
}
# }}}

# ISO_OUTPUT - mkisofs {{{
[ -n "$ISO_OUTPUT" ] || ISO_OUTPUT="$OUTPUT/grml_isos"
[ -n "$ISO_NAME" ] || ISO_NAME="${GRML_NAME}_${VERSION}.iso"

if [ "$BOOT_METHOD" = "isolinux" ] ; then
   BOOT_ARGS="-no-emul-boot -boot-load-size 4 -boot-info-table -b boot/isolinux/isolinux.bin -c boot/isolinux/boot.cat"
   if [ "$HYBRID_METHOD" = "isohybrid" ] ; then
     EFI_ARGS="-isohybrid-mbr /usr/lib/ISOLINUX/isohdpfx.bin -eltorito-alt-boot -e boot/efi.img -no-emul-boot -isohybrid-gpt-basdat"
   fi
elif [ "$BOOT_METHOD" = "grub2" ] ; then
   BOOT_ARGS="-no-emul-boot -boot-load-size 4 -b boot/grub/toriboot.bin"
fi

# Work around http://bts.grml.org/grml/issue945
if [[ $BOOT_METHOD != isolinux && ($HYBRID_METHOD = isohybrid || $HYBRID_METHOD = manifold) ]]; then
  log   "Setting HYBRID_METHOD to grub2 as hybrid mode does not work with isohybrid yet."
  ewarn "Setting HYBRID_METHOD to grub2 as hybrid mode does not work with isohybrid yet."
  HYBRID_METHOD='grub2'
  eend 0
fi

if [ -f "${ISO_OUTPUT}/${ISO_NAME}" -a -z "$UPDATE" -a -z "$BUILD_ONLY" -a -z "$BUILD_DIRTY" -a "$FORCE_ISO_REBUILD" = "false" ]  ; then
   log   "Skipping stage 'iso build' as $ISO_OUTPUT/${ISO_NAME} exists already."
   ewarn "Skipping stage 'iso build' as $ISO_OUTPUT/${ISO_NAME} exists already." ; eend 0
elif [ -n "$SKIP_MKISOFS" ] ; then
   log   "Skipping stage 'iso build' as requested via option -n or -N"
   ewarn "Skipping stage 'iso build' as requested via option -n or -N" ; eend 0
else
   mkdir -p "$ISO_OUTPUT" || bailout 6 "Problem with creating $ISO_OUTPUT for stage 'iso build'"

   if $FORCE_ISO_REBUILD && ! [ -f "${ISO_OUTPUT}/${ISO_NAME}" ] ; then
      log   "Forcing rebuild of ISO because files on ISO have been modified."
      einfo "Forcing rebuild of ISO because files on ISO have been modified."
   fi

   # support xorriso as well mkisofs and genisoimage
   if which xorriso >/dev/null 2>&1 ; then
      MKISOFS='xorriso -as mkisofs'
    elif which mkisofs >/dev/null 2>&1; then
      MKISOFS='mkisofs'
   elif which genisoimage >/dev/null 2>&1; then
      MKISOFS='genisoimage'
   else
      log    "Error: neither xorriso nor mkisofs nor genisoimage available - can not create ISO."
      eerror "Error: neither xorriso nor mkisofs nor genisoimage available - can not create ISO." ; eend 1
      bailout
   fi

   einfo "Using ${MKISOFS} to build ISO." ;  eend 0
   case "${ARCH}-${MKISOFS}" in
     # using -eltorito-alt-boot is limited to xorriso for now
     amd64-xorriso*)
       eindent

       if ! dpkg --compare-versions $(dpkg-query -W -f='${Version}\n' xorriso 2>/dev/null) gt-nl 1.1.6-1 ; then
         log   "Disabling (U)EFI boot support because xorriso version is too old."
         ewarn "Disabling (U)EFI boot support because xorriso version is too old." ; eend 0
       else
         if [ -r "${BUILD_OUTPUT}"/boot/efi.img ] ; then
           einfo "Enabling (U)EFI boot."
           log   "Enabling (U)EFI boot."
           BOOT_ARGS="$BOOT_ARGS -boot-info-table -eltorito-alt-boot -e boot/efi.img -no-emul-boot"
           eend $?
         else
           log   "Disabling (U)EFI boot support because /boot/efi.img is missing."
           ewarn "Disabling (U)EFI boot support because /boot/efi.img is missing." ; eend 0
         fi
       fi

       eoutdent
       ;;
   esac

   CURRENT_DIR=$(pwd)
   if cd "$BUILD_OUTPUT" ; then
      if [ "$BOOT_METHOD" = "grub2" ]; then
         # make a 2048-byte bootsector for El Torito
         dd if=/dev/zero of=boot/grub/toriboot.bin bs=512 count=4 2>/dev/null
         # those are in 2048-byte sectors, so 1 16 matches 4 63 below
         echo 1 16 | mksh "${SCRIPTS_DIRECTORY}/bootgrub.mksh" -B 11 | \
            dd of=boot/grub/toriboot.bin conv=notrunc 2>/dev/null
      fi

      log   "Generating build information in conf/buildinfo.json"
      einfo "Generating build information in conf/buildinfo.json"
      mkdir -p conf/
      generate_build_info > conf/buildinfo.json
      eend $?

      log "$MKISOFS -V '${GRML_NAME} ${VERSION}' -publisher 'grml-live | grml.org' -l -r -J $BOOT_ARGS $EFI_ARGS -no-pad -o ${ISO_OUTPUT}/${ISO_NAME} ."
      einfo "Generating ISO file..."
      $MKISOFS -V "${GRML_NAME} ${VERSION}" -publisher 'grml-live | grml.org' \
              -l -r -J $BOOT_ARGS $EFI_ARGS -no-pad \
              -o "${ISO_OUTPUT}/${ISO_NAME}" . ; RC=$?
      eend $RC

      # do not continue on errors, otherwise we might generate/overwrite the ISO with dd if=... stuff
      if [ "$RC" != 0 ] ; then
        log    "Error: critical error while generating ISO [exit code ${RC}]. Exiting."
        eerror "Error: critical error while generating ISO [exit code ${RC}]. Exiting." ; eend 1
        bailout $RC
      fi

      # both of these need core.img there, so it’s easier to write it here
      if [ "$BOOT_METHOD" = "grub2" ] || [ "$HYBRID_METHOD" = "grub2" ]; then
         # must be <= 30720 bytes
         dd if=boot/grub/core.img of="${ISO_OUTPUT}/${ISO_NAME}" \
           conv=notrunc bs=512 seek=4 2>/dev/null
      fi

      # pad the output ISO to multiples of 256 KiB for partition table support
      siz=$($getfilesize "${ISO_OUTPUT}/${ISO_NAME}")
      cyls=$((siz / 512 / 32 / 16 + 1))   # C=$cyls H=16 S=32
      siz=$((cyls * 16 * 32 * 512))   # size after padding
      dd if=/dev/zero bs=1 count=1 seek=$((siz - 1)) \
         of="${ISO_OUTPUT}/${ISO_NAME}" 2>/dev/null

      # support disabling hybrid ISO image
      if [ "$HYBRID_METHOD" = "disable" ] ; then
        log   "Skipping creation of hybrid ISO file as requested via HYBRID_METHOD=disable"
        einfo "Skipping creation of hybrid ISO file as requested via HYBRID_METHOD=disable"
        eend 0
      elif [ "$HYBRID_METHOD" = "manifold" ] || [ "$HYBRID_METHOD" = "grub2" ] ; then
        # isoinfo is part of both mkisofs and genisoimage so we're good
        bootoff=$(isoinfo -l -i "${ISO_OUTPUT}/${ISO_NAME}" | \
          sed -n '/^.*\[ *\([0-9]*\)[] ].* ISOLINUX.BIN[;1]* *$/s//\1/p')

        if ! [ -r boot/grub/core.img ] ; then
          log   "boot/grub/core.img not found, not creating manifold boot ISO file"
          ewarn "boot/grub/core.img not found, not creating manifold boot ISO file"
        elif [ "${bootoff:-0}" -lt 1 ] ; then
          log   "isolinux.bin not found on the ISO file, disabling manifold boot"
          ewarn "isolinux.bin not found on the ISO file, disabling manifold boot"
        else
          if [ "$HYBRID_METHOD" = "grub2" ] ; then
            log   "Creating hybrid ISO file with manifold/grub2 method"
            einfo "Creating hybrid ISO file with manifold/grub2 method"
            # 512 bytes: MBR, partition table, load GRUB 2
            echo 4 63 | mksh "${SCRIPTS_DIRECTORY}/bootgrub.mksh" -A -M 4:0x96 -g $cyls:16:32
          else
            log   "Creating hybrid ISO file with manifold method"
            einfo "Creating hybrid ISO file with manifold method"
            # read only one but 2048-byte sized (scale: << 2) sector
            echo $bootoff $bootoff | \
              mksh ${SCRIPTS_DIRECTORY}/bootilnx.mksh -A -M 4:0x96 -g $cyls:16:32 -S 2
          fi | dd of="${ISO_OUTPUT}/${ISO_NAME}" conv=notrunc 2>/dev/null
          eend $?
        fi
      elif [ "$HYBRID_METHOD" = "isohybrid" ] ; then
        : # nothing to do, handled via $MKISOFS $EFI_ARGS already
      else
        bailout 12 "Unknown HYBRID_METHOD [${HYBRID_METHOD}]. Supported values: disable, isohybrid, grub2, manifold"
      fi

      # generate ISO checksums if we are using class 'RELEASE':
      case $CLASSES in *RELEASE*)
         [ "$RC" = 0 ] && \
         (
           if cd $ISO_OUTPUT ; then
             sha256sum ${ISO_NAME} > ${ISO_NAME}.sha256 && \
             touch -r ${ISO_NAME} ${ISO_NAME}.sha256
           fi
         )
         ;;
      esac

      cd "$CURRENT_DIR"
   fi

   if [ "$RC" = 0 ] ; then
      log   "Finished execution of stage 'iso build' [$(date)]"
      einfo "Finished execution of stage 'iso build'" ; eend 0
   else
      log    "Error: there was a critical error ($RC) executing stage 'iso build' [$(date)]"
      eerror "Error: there was a critical error executing stage 'iso build'" ; eend 1
      bailout $RC
   fi
fi
# }}}

# netboot package {{{
create_netbootpackage() {
  local OUTPUT_FILE="${NETBOOT}/grml_netboot_package_${GRML_NAME}_${VERSION}.tar"

  if [ -f "${OUTPUT_FILE}" -a -z "$UPDATE" -a -z "$BUILD_ONLY" -a -z "$BUILD_DIRTY" ] ; then
    log   "Skipping stage 'netboot' as $OUTPUT_FILE exists already."
    ewarn "Skipping stage 'netboot' as $OUTPUT_FILE exists already." ; eend 0
    return 0
  elif [ -n "$SKIP_NETBOOT" ] ; then
    log   "Skipping stage 'netboot' as requested via option -Q"
    ewarn "Skipping stage 'netboot' as requested via option -Q" ; eend 0
    return 0
  fi

  mkdir -p "$NETBOOT"

  # since syslinux v3:6.03~pre1+dfsg-4 the pxelinux.0 has been split into a
  # separate pxelinux package
  if [ -d "${CHROOT_OUTPUT}/usr/lib/PXELINUX/" ] ; then
    local pxelinux_dir=/usr/lib/PXELINUX
  else
    local pxelinux_dir=/usr/lib/syslinux
  fi

  if ! [ -r "${CHROOT_OUTPUT}/${pxelinux_dir}/pxelinux.0" ] ; then
    ewarn "File ${pxelinux_dir}/pxelinux.0 not found in build chroot." ; eend 0
    eindent
    einfo "Install syslinux[-common]/pxelinux package in chroot to get a netboot package."
    eoutdent
    return 0
  fi

  local OUTPUTDIR="${NETBOOT}/build_tmp"
  local WORKING_DIR="${OUTPUTDIR}/grml_netboot_package_${GRML_NAME}_${VERSION}/tftpboot/"

  mkdir -p "$WORKING_DIR"

  cp "${CHROOT_OUTPUT}"/boot/vmlinuz-*    "$WORKING_DIR"/vmlinuz
  cp "${CHROOT_OUTPUT}"/boot/initrd.img-* "$WORKING_DIR"/initrd.img
  cp "${CHROOT_OUTPUT}/${pxelinux_dir}/pxelinux.0" "${WORKING_DIR}/pxelinux.0"

  if [ -r "${CHROOT_OUTPUT}"/usr/lib/syslinux/modules/bios/ldlinux.c32 ] ; then
    cp "${CHROOT_OUTPUT}"/usr/lib/syslinux/modules/bios/ldlinux.c32 "${WORKING_DIR}"/
  fi

  mkdir -p "${WORKING_DIR}/pxelinux.cfg"
  if [ -r "${BUILD_OUTPUT}/boot/isolinux/netboot.cfg" ] ; then
    cp "${BUILD_OUTPUT}/boot/isolinux/netboot.cfg" "${WORKING_DIR}/pxelinux.cfg/default"
  else
    log   "File ${BUILD_OUTPUT}/boot/isolinux/netboot.cfg not found."
    ewarn "File ${BUILD_OUTPUT}/boot/isolinux/netboot.cfg not found."
    eindent
    log   "Hint: Are you using custom templates which do not provide netboot.cfg?"
    ewarn "Hint: Are you using custom templates which do not provide netboot.cfg?" ; eend 0
    eoutdent
  fi

  # don't include shim + grubnetx64 + grub files in i386 netboot packages,
  # as those don't make much sense there
  if [ "$ARCH" = amd64 ] ; then
    if ! [ -r "${BUILD_OUTPUT}/boot/grub/netboot.cfg" ] ; then
      log   "File ${BUILD_OUTPUT}/boot/grub/netboot.cfg not found."
      ewarn "File ${BUILD_OUTPUT}/boot/grub/netboot.cfg not found."
      eindent
      log   "Hint: Are you using custom templates which do not provide grub.cfg?"
      ewarn "Hint: Are you using custom templates which do not provide grub.cfg?" ; eend 0
      eoutdent
    else
      cp "${BUILD_OUTPUT}/boot/grub/netboot.cfg" "${WORKING_DIR}/grub.cfg"
      adjust_boot_files "${WORKING_DIR}/grub.cfg"

      if [ -r "${CHROOT_OUTPUT}"/usr/lib/shim/shimx64.efi.signed ] ; then
        log "Installing ${CHROOT_OUTPUT}/usr/lib/shim/shimx64.efi.signed as shim.efi in netboot package"
        cp "${CHROOT_OUTPUT}"/usr/lib/shim/shimx64.efi.signed "${WORKING_DIR}"/shim.efi
      elif [ -r "${CHROOT_OUTPUT}"/usr/lib/shim/shimx64.efi ] ; then
        log "Installing ${CHROOT_OUTPUT}/usr/lib/shim/shimx64.efi as shim.efi in netboot package"
        cp "${CHROOT_OUTPUT}"/usr/lib/shim/shimx64.efi "${WORKING_DIR}"/shim.efi
      else
        log   "No shimx64.efi for usage with PXE boot found (shim-signed not present?)"
        ewarn "No shimx64.efi for usage with PXE boot found (shim-signed not present?)" ; eend 0
      fi

      if [ -r "${CHROOT_OUTPUT}"/usr/lib/grub/x86_64-efi-signed/grubnetx64.efi.signed ] ; then
        log "Installing /usr/lib/grub/x86_64-efi-signed/grubnetx64.efi.signed as grubx64.efi in netboot package"
        cp "${CHROOT_OUTPUT}"/usr/lib/grub/x86_64-efi-signed/grubnetx64.efi.signed "${WORKING_DIR}"/grubx64.efi
      elif [ -r "${CHROOT_OUTPUT}"/usr/lib/grub/x86_64-efi/monolithic/grubnetx64.efi ] ; then
        log "Installing /usr/lib/grub/x86_64-efi/monolithic/grubnetx64.efi as grubx64.efi in netboot package"
        cp "${CHROOT_OUTPUT}"/usr/lib/grub/x86_64-efi/monolithic/grubnetx64.efi "${WORKING_DIR}"/grubx64.efi
      else
        log   "No grubnetx64.efi for usage with PXE boot found (grub-efi-amd64-signed not present?)"
        ewarn "No grubnetx64.efi for usage with PXE boot found (grub-efi-amd64-signed not present?)." ; eend 0
      fi

      if [ -r "${CHROOT_OUTPUT}"/usr/share/grub/unicode.pf2 ] ; then
        log "Installing ${CHROOT_OUTPUT}/usr/share/grub/unicode.pf2 as grub/fonts/unicode.pf2 in netboot package"
        mkdir -p "${WORKING_DIR}"/grub/fonts/
        cp "${CHROOT_OUTPUT}"/usr/share/grub/unicode.pf2 "${WORKING_DIR}"/grub/fonts/
      else
        log   "No unicode.pf2 for usage with PXE boot found (grub-common not present?)"
        ewarn "No unicode.pf2 for usage with PXE boot found (grub-common not present?)" ; eend 0
      fi
    fi
  fi

  if tar -C "$OUTPUTDIR" -cf "${OUTPUT_FILE}" "grml_netboot_package_${GRML_NAME}_${VERSION}" ; then
    (
      cd $(dirname "${OUTPUT_FILE}")
      sha256sum $(basename "${OUTPUT_FILE}") > "${OUTPUT_FILE}.sha256"
    )
    einfo "Generated netboot package ${OUTPUT_FILE}" ; eend 0
    rm -rf "${OUTPUTDIR}"
  else
    rm -rf "${OUTPUTDIR}"
    eerror "Could not generate netboot package ${OUTPUT_FILE}" ; eend 1
    bailout 21
  fi
}

create_netbootpackage
# }}}

# log build information to database if grml-live-db is installed and enabled {{{
dpkg_to_db() {
if [ -d /usr/share/grml-live-db ] ; then

  # safe defaults
  DPKG_LIST="/var/log/fai/$HOSTNAME/last/dpkg.list" # the dpkg --list output of the chroot:
  [ -n "$DPKG_DATABASE" ]  || DPKG_DATABASE=/var/log/grml-live.db
  [ -n "$DPKG_DBSCRIPT" ]  || DPKG_DBSCRIPT=/usr/share/grml-live-db/scripts/dpkg-to-db
  [ -n "$DPKG_DBOPTIONS" ] || DPKG_DBOPTIONS="--database $DPKG_DATABASE --logfile $LOGFILE --flavour $GRML_NAME --dpkg $DPKG_LIST"

  if ! [ -x "$DPKG_DBSCRIPT" ] ; then
    log "Error: $DPKG_DBSCRIPT is not executable, can not log dpkg information."
    eerror "Error: $DPKG_DBSCRIPT is not executable, can not log dpkg information." ; eend 1
    bailout 14
  fi

  # disable by default for now, not sure whether really everyone is using a local db file
  #if ! touch "$DPKG_DATABASE" ; then
  #  eerror "Error: can not write to ${DPKG_DATABASE}, can not log dpkg information." ; eend 1
  #  bailout 14
  #fi

  if ! [ -r "$DPKG_LIST" ] ; then
     log   "Warning: can not read $DPKG_LIST - can not provide information to $DPKG_DBSCRIPT (dirty build?)"
     ewarn "Warning: can not read $DPKG_LIST - can not provide information to $DPKG_DBSCRIPT (dirty build?)" ; eend 0
  else
     einfo "Logging $DPKG_LIST to database $DPKG_DATABASE"
     log "Logging $DPKG_LIST to database $DPKG_DATABASE"
     log "Executing $DPKG_DBSCRIPT $DPKG_DBOPTIONS"
     eindent

     if DB_INFO=$("$DPKG_DBSCRIPT" $DPKG_DBOPTIONS 2>&1) ; then
       einfo "$DB_INFO"
       eend 0
     else
       eerror "$DB_INFO"
       eend 1
     fi

     eoutdent
  fi

fi
}
# }}}

# finalize {{{
if [ -n "${start_seconds}" ] ; then
  end_seconds="$(date +%s)"
  SECONDS="$(( end_seconds - start_seconds ))"
fi
log "Successfully finished execution of $PN [$(date) - running ${SECONDS} seconds]"

dpkg_to_db # make sure we catch the last log line as well, therefore execute between log + einfo

einfo "Successfully finished execution of $PN [$(date) - running ${SECONDS} seconds]" ; eend 0
bailout 0
# }}}

## END OF FILE #################################################################
# vim:foldmethod=marker ts=2 ft=sh ai expandtab tw=80 sw=2