X-Git-Url: https://git.grml.org/?p=grml-live.git;a=blobdiff_plain;f=grml-live;h=1158f86b0bfb58c0bed860b9fbe3f11cacd03a45;hp=daa4da952c92f0c69846c6925596e196232091b4;hb=518eb395d8652ccf260e4fe6fc15af7946fc7c49;hpb=be6f2299e24a58b94d07b35f2e07fbc60f9827c0 diff --git a/grml-live b/grml-live index daa4da9..1158f86 100755 --- a/grml-live +++ b/grml-live @@ -493,6 +493,7 @@ if [ -z "$FORCE" ] ; then [ -n "$ARCH" ] && echo " Architecture: $ARCH" [ -n "$BOOT_METHOD" ] && echo " Boot method: $BOOT_METHOD" [ -n "$HYBRID_METHOD" ] && echo " Hybrid method: $HYBRID_METHOD" + [ -n "$SECURE_BOOT" ] && echo " Secure Boot: $SECURE_BOOT" [ -n "$TEMPLATE_DIRECTORY" ] && echo " Template files: $TEMPLATE_DIRECTORY" [ -n "$CHROOT_INSTALL" ] && echo " Install files from directory to chroot: $CHROOT_INSTALL" [ -n "$BOOTID" ] && echo " Boot identifier: $BOOTID" @@ -579,7 +580,8 @@ if [ -n "$CONFIG" ] ; then fi fi -start_seconds=$(cut -d . -f 1 /proc/uptime) +SECONDS=unknown +start_seconds="$(date +%s)" log "------------------------------------------------------------------------------" log "Starting grml-live [${GRML_LIVE_VERSION}] run on $(date)" log "Using local config file: $LOCAL_CONFIG" @@ -678,7 +680,7 @@ if [ -z "$FAI_DEBOOTSTRAP" ] ; then fi if [ -z "$FAI_DEBOOTSTRAP_OPTS" ] ; then - FAI_DEBOOTSTRAP_OPTS="--exclude=info,tasksel,tasksel-data --include=aptitude --arch $ARCH" + FAI_DEBOOTSTRAP_OPTS="--exclude=info,tasksel,tasksel-data --include=aptitude --arch $ARCH --no-merged-usr" fi # create backup of old (not yet automatically generated) config file @@ -917,32 +919,58 @@ grub_setup() { log "Generated 64-bit EFI image $BOOTX64" einfo "Generated 64-bit EFI image $BOOTX64" ; eend 0 else - log "Secure Boot is enabled [mode: $SECURE_BOOT]" - einfo "Secure Boot is enabled [mode: $SECURE_BOOT]" ; eend 0 + case "${SECURE_BOOT}" in + disable*) + log "Secure Boot is disabled [mode: ${SECURE_BOOT}]" + einfo "Secure Boot is disabled [mode: ${SECURE_BOOT}]" ; eend 0 + ;; + debian|ubuntu) + log "Secure Boot is enabled [mode: ${SECURE_BOOT}]" + einfo "Secure Boot is enabled [mode: ${SECURE_BOOT}]" ; eend 0 + + local GRUBCFG_TEMPLATE="${TEMPLATE_DIRECTORY}/secureboot/grub.cfg" + local GRUBCFG_TMP=$(mktemp) + + if ! [ -r "${GRUBCFG_TEMPLATE}" ] ; then + log "Secure Boot template for GRUB [${GRUBCFG_TEMPLATE}] not found." + eerror "Secure Boot template for GRUB [${GRUBCFG_TEMPLATE}] not found." ; eend 1 + bailout 54 + fi - if [ "${SECURE_BOOT}" = "ubuntu" ] ; then - local GRUBCFG_TEMPLATE="${TEMPLATE_DIRECTORY}/secureboot/grub.cfg" - local GRUBCFG_TMP=$(mktemp) + cp "${GRUBCFG_TEMPLATE}" "${GRUBCFG_TMP}" + adjust_boot_files "${GRUBCFG_TMP}" - if ! [ -r "${GRUBCFG_TEMPLATE}" ] ; then - log "Secure Boot template for GRUB [${GRUBCFG_TEMPLATE}] not found." - eerror "Secure Boot template for GRUB [${GRUBCFG_TEMPLATE}] not found." ; eend 1 - bailout 54 - fi + mmd -i "${CHROOT_OUTPUT}/${EFI_IMG}" ::boot || bailout 55 + mmd -i "${CHROOT_OUTPUT}/${EFI_IMG}" ::boot/grub || bailout 55 + mcopy -i "${CHROOT_OUTPUT}/${EFI_IMG}" "${GRUBCFG_TMP}" ::boot/grub/grub.cfg || bailout 56 - cp "${GRUBCFG_TEMPLATE}" "${GRUBCFG_TMP}" - adjust_boot_files "${GRUBCFG_TMP}" + rm "${GRUBCFG_TMP}" - mmd -i "${CHROOT_OUTPUT}/${EFI_IMG}" ::EFI/ubuntu || bailout 55 - mcopy -i "${CHROOT_OUTPUT}/${EFI_IMG}" "${GRUBCFG_TMP}" ::EFI/ubuntu/grub.cfg || bailout 56 - rm "${GRUBCFG_TMP}" + if [ -r "${TEMPLATE_DIRECTORY}/EFI/${SECURE_BOOT}/BOOT/grubx64.efi.signed" ] ; then + mcopy -i "${CHROOT_OUTPUT}/${EFI_IMG}" "${TEMPLATE_DIRECTORY}/EFI/${SECURE_BOOT}/BOOT/grubx64.efi.signed" ::EFI/BOOT/grubx64.efi >/dev/null || bailout 57 + else + log "Secure Boot GRUB binary '${TEMPLATE_DIRECTORY}/EFI/${SECURE_BOOT}/BOOT/grubx64.efi.signed' not found." + eerror "Secure Boot GRUB binary '${TEMPLATE_DIRECTORY}/EFI/${SECURE_BOOT}/BOOT/grubx64.efi.signed' not found." ; eend 1 + bailout 57 + fi - mcopy -i "${CHROOT_OUTPUT}/${EFI_IMG}" "${TEMPLATE_DIRECTORY}"/EFI/BOOT/grubx64.efi.signed ::EFI/BOOT/grubx64.efi >/dev/null || bailout 57 - mcopy -i "${CHROOT_OUTPUT}/${EFI_IMG}" "${TEMPLATE_DIRECTORY}"/EFI/BOOT/shimx64.efi.signed ::EFI/BOOT/bootx64.efi >/dev/null || bailout 58 + if [ -r "${TEMPLATE_DIRECTORY}/EFI/${SECURE_BOOT}/BOOT/shimx64.efi.signed" ] ; then + mcopy -i "${CHROOT_OUTPUT}/${EFI_IMG}" "${TEMPLATE_DIRECTORY}/EFI/${SECURE_BOOT}/BOOT/shimx64.efi.signed" ::EFI/BOOT/bootx64.efi >/dev/null || bailout 58 + else + log "Secure Boot GRUB binary '${TEMPLATE_DIRECTORY}/EFI/${SECURE_BOOT}/BOOT/shimx64.efi.signed' not found." + eerror "Secure Boot GRUB binary '${TEMPLATE_DIRECTORY}/EFI/${SECURE_BOOT}/BOOT/shimx64.efi.signed' not found." ; eend 1 + bailout 57 + fi - log "Generated 64-bit Secure Boot (ubuntu) EFI image ${CHROOT_OUTPUT}/${EFI_IMG}" - einfo "Generated 64-bit Secure Boot (ubuntu) EFI image ${CHROOT_OUTPUT}/${EFI_IMG}" ; eend 0 - fi + log "Generated 64-bit Secure Boot (${SECURE_BOOT}) EFI image ${CHROOT_OUTPUT}/${EFI_IMG}" + einfo "Generated 64-bit Secure Boot (${SECURE_BOOT}) EFI image ${CHROOT_OUTPUT}/${EFI_IMG}" ; eend 0 + ;; + *) + log "Secure Boot method '${SECURE_BOOT}' is unsupported." + error "Secure Boot method '${SECURE_BOOT}' is unsupported." ; eend 1 + bailout 59 + ;; + esac fi fi @@ -1189,8 +1217,7 @@ if [ "$ARCH" = i386 ] || [ "$ARCH" = amd64 ] ; then # adjust all variables in the templates with the according distribution information adjust_boot_files "${BUILD_OUTPUT}"/boot/isolinux/*.cfg \ "${BUILD_OUTPUT}"/boot/isolinux/*.msg \ - "${BUILD_OUTPUT}"/boot/grub/* \ - "${BUILD_OUTPUT}"/boot/ubuntu/* + "${BUILD_OUTPUT}"/boot/grub/* for param in ARCH DATE DISTRI_INFO DISTRI_NAME DISTRI_SPLASH GRML_NAME SQUASHFS_NAME \ RELEASE_INFO SHORT_NAME VERSION ; do @@ -1692,7 +1719,10 @@ fi # }}} # finalize {{{ -[ -n "$start_seconds" ] && SECONDS="$[$(cut -d . -f 1 /proc/uptime)-$start_seconds]" || SECONDS="unknown" +if [ -n "${start_seconds}" ] ; then + end_seconds="$(date +%s)" + SECONDS="$(( end_seconds - start_seconds ))" +fi log "Successfully finished execution of $PN [$(date) - running ${SECONDS} seconds]" dpkg_to_db # make sure we catch the last log line as well, therefore execute between log + einfo