From: Michael Prokop Date: Fri, 25 May 2018 18:39:40 +0000 (+0200) Subject: Merge remote-tracking branch 'origin/pr/16' X-Git-Tag: v0.16.2~4 X-Git-Url: http://git.grml.org/?p=grml2usb.git;a=commitdiff_plain;h=6cc6422766a843fe6f91f5d97fe46ccb695f7af1;hp=-c Merge remote-tracking branch 'origin/pr/16' --- 6cc6422766a843fe6f91f5d97fe46ccb695f7af1 diff --combined grml2usb index afb983c,dda9453..4fc9b37 --- a/grml2usb +++ b/grml2usb @@@ -42,7 -42,7 +42,7 @@@ GRML_FLAVOURS = set() # which flavour GRML_DEFAULT = None UUID = None SYSLINUX_LIBS = "/usr/lib/syslinux/" - GPT_HEADER = "\x55\xaa\x45\x46\x49\x20\x50\x41\x52\x54" # original GPT header + GPT_HEADER = b"\x55\xaa\x45\x46\x49\x20\x50\x41\x52\x54" # original GPT header GRUB_INSTALL = None RE_PARTITION = re.compile(r'([a-z/]*?)(\d+)$') @@@ -245,7 -245,7 +245,7 @@@ def unregister_mountpoint(target) def get_function_name(obj): - """Helper function for use in execute() to retrive name of a function + """Helper function for use in execute() to retrieve name of a function @obj: the function object """ @@@ -379,9 -379,9 +379,9 @@@ def check_boot_flag(device) if part.getFlag(parted.PARTITION_BOOT): logging.debug("bootflag is enabled on %s" % device) return - except HodorException, e: + except HodorException as e: logging.info("%s, falling back to old bootflag detection", e) - except ImportError, e: + except ImportError as e: logging.debug("could not import parted, falling back to old bootflag detection") with open(boot_dev, 'r') as image: @@@ -391,7 -391,7 +391,7 @@@ if gpt_data == GPT_HEADER: logging.info("GPT detected, skipping bootflag check") - elif bootcode[6] == '\x80': + elif bootcode[6] == b"\x80": logging.debug("bootflag is enabled") else: logging.debug("bootflag is NOT enabled") @@@ -522,7 -522,7 +522,7 @@@ def install_grub(device) "--no-floppy", "--target=i386-pc", "--root-directory=%s" % device_mountpoint, opt, grub_device], - stdout=file(os.devnull, "r+")) + stdout=open(os.devnull, "r+")) proc.wait() if proc.returncode == 0: break @@@ -631,7 -631,7 +631,7 @@@ def install_mbr(mbrtemplate, device, pa logging.debug("executing: dd if='%s' of='%s' bs=512 count=1", device, tmpf.name) proc = subprocess.Popen(["dd", "if=%s" % device, "of=%s" % tmpf.name, "bs=512", "count=1"], - stderr=file(os.devnull, "r+")) + stderr=open(os.devnull, "r+")) proc.wait() if proc.returncode != 0: raise Exception("error executing dd (first run)") @@@ -639,7 -639,7 +639,7 @@@ logging.debug("executing: dd if=%s of=%s bs=%s count=1 conv=notrunc", mbrtemplate, tmpf.name, nmbrbytes) proc = subprocess.Popen(["dd", "if=%s" % mbrtemplate, "of=%s" % tmpf.name, "bs=%s" % nmbrbytes, - "count=1", "conv=notrunc"], stderr=file(os.devnull, "r+")) + "count=1", "conv=notrunc"], stderr=open(os.devnull, "r+")) proc.wait() if proc.returncode != 0: raise Exception("error executing dd (second run)") @@@ -650,16 -650,16 +650,16 @@@ if partition is not None: if ismirbsdmbr: - mbrcode = mbrcode[0:439] + chr(partition) + \ - mbrcode[440:510] + "\x55\xAA" + mbrcode = mbrcode[0:439] + chr(partition).encode('latin-1') + \ + mbrcode[440:510] + b"\x55\xAA" else: - actives = ["\x00", "\x00", "\x00", "\x00"] - actives[partition] = "\x80" + actives = [b"\x00", b"\x00", b"\x00", b"\x00"] + actives[partition] = b"\x80" mbrcode = mbrcode[0:446] + actives[0] + \ mbrcode[447:462] + actives[1] + \ mbrcode[463:478] + actives[2] + \ mbrcode[479:494] + actives[3] + \ - mbrcode[495:510] + "\x55\xAA" + mbrcode[495:510] + b"\x55\xAA" tmpf.file.seek(0) tmpf.file.truncate() @@@ -670,7 -670,7 +670,7 @@@ logging.debug("executing: dd if='%s' of='%s' bs=512 count=1 conv=notrunc", tmpf.name, device) proc = subprocess.Popen(["dd", "if=%s" % tmpf.name, "of=%s" % device, "bs=512", "count=1", - "conv=notrunc"], stderr=file(os.devnull, "r+")) + "conv=notrunc"], stderr=open(os.devnull, "r+")) proc.wait() if proc.returncode != 0: raise Exception("error executing dd (third run)") @@@ -707,7 -707,7 +707,7 @@@ def mount(source, target, mount_options # note: options.dryrun does not work here, as we have to # locate files and identify the grml flavour - for x in file('/proc/mounts').readlines(): + for x in open('/proc/mounts', 'r').readlines(): if x.startswith(source): raise CriticalException("Error executing mount: %s already mounted - " % source + "please unmount before invoking grml2usb") @@@ -1119,7 -1119,6 +1119,7 @@@ def copy_bootloader_files(iso_mount, ta if efi_img: mkdir(target + '/boot/') exec_rsync(efi_img, target + '/boot/efi.img') + handle_secure_boot(target, efi_img) for ffile in ['f%d' % number for number in range(1, 11)]: search_and_copy(ffile, iso_mount, syslinux_target + ffile) @@@ -1158,7 -1157,7 +1158,7 @@@ # copy all grub files from ISO glob_and_copy(iso_mount + '/boot/grub/*', grub_target) - # finally (after all GRUB files have been been installed) build static loopback.cfg + # finally (after all GRUB files have been installed) build static loopback.cfg build_loopbackcfg(target) @@@ -1276,7 -1275,6 +1276,7 @@@ def handle_grub_config(grml_flavour, de logging.debug("Updating grub configuration") grub_target = target + '/boot/grub/' + secureboot_target = target + '/EFI/ubuntu/' bootid_re = re.compile("bootid=[\w_-]+") live_media_path_re = re.compile("live-media-path=[\w_/-]+") @@@ -1291,7 -1289,7 +1291,7 @@@ remove_regexes.append(re.compile(regex)) shortname = get_shortname(grml_flavour) - for filename in glob.glob(grub_target + '*.cfg'): + for filename in glob.glob(grub_target + '*.cfg') + glob.glob(secureboot_target + '*.cfg'): for line in fileinput.input(filename, inplace=1): line = line.rstrip("\r\n") if option_re.search(line): @@@ -1307,7 -1305,7 +1307,7 @@@ def initial_syslinux_config(target): - """Generates intial syslinux configuration + """Generates initial syslinux configuration @target path of syslinux's configuration files""" @@@ -1511,51 -1509,6 +1511,51 @@@ def handle_syslinux_config(grml_flavour add_syslinux_entry("%s/additional.cfg" % syslinux_target, flavour_filename) +def handle_secure_boot(target, efi_img): + """Provide secure boot support by extracting files from /boot/efi.img + + @target: path where grml's main files should be copied to + @efi_img: path to the efi.img file that includes the files for secure boot + """ + + mkdir(target + '/efi/boot/') + efi_mountpoint = tempfile.mkdtemp(prefix="grml2usb", dir=os.path.abspath(options.tmpdir)) + logging.debug("efi_mountpoint = %s" % efi_mountpoint) + register_tmpfile(efi_mountpoint) + + try: + logging.debug("mount(%s, %s, ['-o', 'ro', '-t', 'vfat']" % (efi_img, efi_mountpoint)) + mount(efi_img, efi_mountpoint, ['-o', 'ro', '-t', 'vfat']) + except CriticalException as error: + logging.critical("Fatal: %s", error) + sys.exit(1) + + ubuntu_cfg = search_file('grub.cfg', efi_mountpoint + '/EFI/ubuntu') + logging.debug("ubuntu_cfg = %s" % ubuntu_cfg) + if not ubuntu_cfg: + logging.info("No /EFI/ubuntu/grub.cfg found inside EFI image, looks like Secure Boot support is missing.") + else: + mkdir(target + '/efi/ubuntu') + logging.debug("exec_rsync(%s, %s + '/efi/ubuntu/grub.cfg')" % (ubuntu_cfg, target)) + exec_rsync(ubuntu_cfg, target + '/efi/ubuntu/grub.cfg') + + logging.debug("exec_rsync(%s + '/EFI/BOOT/grubx64.efi', %s + '/efi/boot/grubx64.efi')'" % (efi_mountpoint, target)) + exec_rsync(efi_mountpoint + '/EFI/BOOT/grubx64.efi', target + '/efi/boot/grubx64.efi') + + # NOTE - we're overwriting /efi/boot/bootx64.efi from copy_bootloader_files here + logging.debug("exec_rsync(%s + '/EFI/BOOT/bootx64.efi', %s + '/efi/boot/bootx64.efi')'" % (efi_mountpoint, target)) + exec_rsync(efi_mountpoint + '/EFI/BOOT/bootx64.efi', target + '/efi/boot/bootx64.efi') + + try: + unmount(efi_mountpoint, "") + logging.debug('Unmounted %s' % efi_mountpoint) + os.rmdir(efi_mountpoint) + logging.debug('Removed directory %s' % efi_mountpoint) + except StandardError: + logging.critical('RuntimeError while umount %s' % efi_mountpoint) + sys.exit(1) + + def handle_bootloader_config(grml_flavour, device, target): """Main handler for generating bootloader's configuration @@@ -1813,7 -1766,7 +1813,7 @@@ def handle_bootloader(device) def check_options(opts): - """Check compability of provided user opts + """Check compatibility of provided user opts @opts option dict from OptionParser """