X-Git-Url: https://git.grml.org/?p=grml-live.git;a=blobdiff_plain;f=grml-live;h=8b0adfef6043d75f225f99741a486d9a5aa647ed;hp=60437645e645db741d6f63d1640f2abdf3c8d19f;hb=909399e63b7a45999a4527b18f420ea3c6e53111;hpb=642e1b389347bcb8d6e44b483c327e45225427f4 diff --git a/grml-live b/grml-live index 6043764..8b0adfe 100755 --- a/grml-live +++ b/grml-live @@ -164,6 +164,7 @@ umount_all() { # make sure we don't leave any mounts - FAI doesn't remove them always umount $CHROOT_OUTPUT/proc/sys/fs/binfmt_misc 2>/dev/null || /bin/true umount $CHROOT_OUTPUT/proc 2>/dev/null || /bin/true + umount $CHROOT_OUTPUT/run/udev 2>/dev/null || /bin/true umount $CHROOT_OUTPUT/run 2>/dev/null || /bin/true umount $CHROOT_OUTPUT/sys 2>/dev/null || /bin/true umount $CHROOT_OUTPUT/dev/pts 2>/dev/null || /bin/true @@ -183,6 +184,24 @@ umount_all() { } # }}} +# store logfiles {{{ +store_logfiles() { + # move fai logs into grml_logs directory + mkdir -p "$LOG_OUTPUT"/fai/ + cp -r "$CHROOT_OUTPUT"/var/log/fai/"$HOSTNAME"/last/* "$LOG_OUTPUT"/fai/ + rm -rf "$CHROOT_OUTPUT"/var/log/fai + + # store copy of autogenerated configuration file + cp ${GRML_FAI_CONFIG}/nfsroot.conf "$LOG_OUTPUT"/fai/ + + # copy fai package list + cp "$CHROOT_OUTPUT"/var/log/install_packages.list "$LOG_OUTPUT"/fai/ + # fixup owners + chown root:adm "$LOG_OUTPUT"/fai/* + chmod 664 "$LOG_OUTPUT"/fai/* +} +# }}} + # clean exit {{{ bailout() { rm -f /var/run/fai/fai_softupdate_is_running \ @@ -330,6 +349,9 @@ adjust_boot_files() { sed -i "s/%RELEASE_INFO%/$RELEASE_INFO/g" "${file}" sed -i "s/%SHORT_NAME%/$SHORT_NAME/g" "${file}" sed -i "s/%VERSION%/$VERSION/g" "${file}" + if [ -n "${BOOT_FILE}" ] ; then + sed -i "s;%BOOT_FILE%;$BOOT_FILE;g" "${file}" + fi [ -n "$DEFAULT_BOOTOPTIONS" ] && sed -i "s; boot=live; boot=live $DEFAULT_BOOTOPTIONS;" "${file}" @@ -425,7 +447,7 @@ fi [ -n "$HOSTNAME" ] || HOSTNAME='grml' [ -n "$HYBRID_METHOD" ] || HYBRID_METHOD='isohybrid' [ -n "$RELEASENAME" ] || RELEASENAME='grml-live rocks' -[ -n "$SECURE_BOOT" ] || SECURE_BOOT='ubuntu' +[ -n "$SECURE_BOOT" ] || SECURE_BOOT='disable' [ -n "$SQUASHFS_EXCLUDES_FILE" ] || SQUASHFS_EXCLUDES_FILE="${GRML_FAI_CONFIG}/config/grml/squashfs-excludes" [ -n "$SUITE" ] || SUITE='testing' [ -n "$TEMPLATE_DIRECTORY" ] || TEMPLATE_DIRECTORY='/usr/share/grml-live/templates' @@ -489,6 +511,7 @@ if [ -z "$FORCE" ] ; then [ -n "$ARCH" ] && echo " Architecture: $ARCH" [ -n "$BOOT_METHOD" ] && echo " Boot method: $BOOT_METHOD" [ -n "$HYBRID_METHOD" ] && echo " Hybrid method: $HYBRID_METHOD" + [ -n "$SECURE_BOOT" ] && echo " Secure Boot: $SECURE_BOOT" [ -n "$TEMPLATE_DIRECTORY" ] && echo " Template files: $TEMPLATE_DIRECTORY" [ -n "$CHROOT_INSTALL" ] && echo " Install files from directory to chroot: $CHROOT_INSTALL" [ -n "$BOOTID" ] && echo " Boot identifier: $BOOTID" @@ -575,7 +598,8 @@ if [ -n "$CONFIG" ] ; then fi fi -start_seconds=$(cut -d . -f 1 /proc/uptime) +SECONDS=unknown +start_seconds="$(date +%s)" log "------------------------------------------------------------------------------" log "Starting grml-live [${GRML_LIVE_VERSION}] run on $(date)" log "Using local config file: $LOCAL_CONFIG" @@ -674,7 +698,7 @@ if [ -z "$FAI_DEBOOTSTRAP" ] ; then fi if [ -z "$FAI_DEBOOTSTRAP_OPTS" ] ; then - FAI_DEBOOTSTRAP_OPTS="--exclude=info,tasksel,tasksel-data --include=aptitude --arch $ARCH" + FAI_DEBOOTSTRAP_OPTS="--exclude=info,tasksel,tasksel-data --include=aptitude --arch $ARCH --no-merged-usr" fi # create backup of old (not yet automatically generated) config file @@ -739,9 +763,10 @@ else RC="$PIPESTATUS" # notice: bash-only if [ "$RC" != 0 ] ; then - log "Error: critical error while executing fai [exit code ${RC}]. Exiting." - eerror "Error: critical error while executing fai [exit code ${RC}]. Exiting." ; eend 1 - bailout 1 + store_logfiles # ensure to have logfiles available even if building failed + log "Error: critical error while executing fai [exit code ${RC}]. Exiting." + eerror "Error: critical error while executing fai [exit code ${RC}]. Exiting." ; eend 1 + bailout 1 fi # provide inform fai about the ISO we build, needs to be provided @@ -753,19 +778,7 @@ else FORCE_ISO_REBUILD=true - # move fai logs into grml_logs directory - mkdir -p "$LOG_OUTPUT"/fai/ - cp -r "$CHROOT_OUTPUT"/var/log/fai/"$HOSTNAME"/last/* "$LOG_OUTPUT"/fai/ - rm -rf "$CHROOT_OUTPUT"/var/log/fai - - # store copy of autogenerated configuration file - cp ${GRML_FAI_CONFIG}/nfsroot.conf "$LOG_OUTPUT"/fai/ - - # copy fai package list - cp "$CHROOT_OUTPUT"/var/log/install_packages.list "$LOG_OUTPUT"/fai/ - # fixup owners - chown root:adm "$LOG_OUTPUT"/fai/* - chmod 664 "$LOG_OUTPUT"/fai/* + store_logfiles umount_all @@ -913,32 +926,58 @@ grub_setup() { log "Generated 64-bit EFI image $BOOTX64" einfo "Generated 64-bit EFI image $BOOTX64" ; eend 0 else - log "Secure Boot is enabled [mode: $SECURE_BOOT]" - einfo "Secure Boot is enabled [mode: $SECURE_BOOT]" ; eend 0 + case "${SECURE_BOOT}" in + disable*) + log "Secure Boot is disabled [mode: ${SECURE_BOOT}]" + einfo "Secure Boot is disabled [mode: ${SECURE_BOOT}]" ; eend 0 + ;; + debian|ubuntu) + log "Secure Boot is enabled [mode: ${SECURE_BOOT}]" + einfo "Secure Boot is enabled [mode: ${SECURE_BOOT}]" ; eend 0 + + local GRUBCFG_TEMPLATE="${TEMPLATE_DIRECTORY}/secureboot/grub.cfg" + local GRUBCFG_TMP=$(mktemp) + + if ! [ -r "${GRUBCFG_TEMPLATE}" ] ; then + log "Secure Boot template for GRUB [${GRUBCFG_TEMPLATE}] not found." + eerror "Secure Boot template for GRUB [${GRUBCFG_TEMPLATE}] not found." ; eend 1 + bailout 54 + fi - if [ "${SECURE_BOOT}" = "ubuntu" ] ; then - local GRUBCFG_TEMPLATE="${TEMPLATE_DIRECTORY}/secureboot/grub.cfg" - local GRUBCFG_TMP=$(mktemp) + cp "${GRUBCFG_TEMPLATE}" "${GRUBCFG_TMP}" + adjust_boot_files "${GRUBCFG_TMP}" - if ! [ -r "${GRUBCFG_TEMPLATE}" ] ; then - log "Secure Boot template for GRUB [${GRUBCFG_TEMPLATE}] not found." - eerror "Secure Boot template for GRUB [${GRUBCFG_TEMPLATE}] not found." ; eend 1 - bailout 54 - fi + mmd -i "${CHROOT_OUTPUT}/${EFI_IMG}" ::boot || bailout 55 + mmd -i "${CHROOT_OUTPUT}/${EFI_IMG}" ::boot/grub || bailout 55 + mcopy -i "${CHROOT_OUTPUT}/${EFI_IMG}" "${GRUBCFG_TMP}" ::boot/grub/grub.cfg || bailout 56 - cp "${GRUBCFG_TEMPLATE}" "${GRUBCFG_TMP}" - adjust_boot_files "${GRUBCFG_TMP}" + rm "${GRUBCFG_TMP}" - mmd -i "${CHROOT_OUTPUT}/${EFI_IMG}" ::EFI/ubuntu || bailout 55 - mcopy -i "${CHROOT_OUTPUT}/${EFI_IMG}" "${GRUBCFG_TMP}" ::EFI/ubuntu/grub.cfg || bailout 56 - rm "${GRUBCFG_TMP}" + if [ -r "${TEMPLATE_DIRECTORY}/EFI/${SECURE_BOOT}/BOOT/grubx64.efi.signed" ] ; then + mcopy -i "${CHROOT_OUTPUT}/${EFI_IMG}" "${TEMPLATE_DIRECTORY}/EFI/${SECURE_BOOT}/BOOT/grubx64.efi.signed" ::EFI/BOOT/grubx64.efi >/dev/null || bailout 57 + else + log "Secure Boot GRUB binary '${TEMPLATE_DIRECTORY}/EFI/${SECURE_BOOT}/BOOT/grubx64.efi.signed' not found." + eerror "Secure Boot GRUB binary '${TEMPLATE_DIRECTORY}/EFI/${SECURE_BOOT}/BOOT/grubx64.efi.signed' not found." ; eend 1 + bailout 57 + fi - mcopy -i "${CHROOT_OUTPUT}/${EFI_IMG}" "${TEMPLATE_DIRECTORY}"/EFI/BOOT/grubx64.efi.signed ::EFI/BOOT/grubx64.efi >/dev/null || bailout 57 - mcopy -i "${CHROOT_OUTPUT}/${EFI_IMG}" "${TEMPLATE_DIRECTORY}"/EFI/BOOT/shimx64.efi.signed ::EFI/BOOT/bootx64.efi >/dev/null || bailout 58 + if [ -r "${TEMPLATE_DIRECTORY}/EFI/${SECURE_BOOT}/BOOT/shimx64.efi.signed" ] ; then + mcopy -i "${CHROOT_OUTPUT}/${EFI_IMG}" "${TEMPLATE_DIRECTORY}/EFI/${SECURE_BOOT}/BOOT/shimx64.efi.signed" ::EFI/BOOT/bootx64.efi >/dev/null || bailout 58 + else + log "Secure Boot GRUB binary '${TEMPLATE_DIRECTORY}/EFI/${SECURE_BOOT}/BOOT/shimx64.efi.signed' not found." + eerror "Secure Boot GRUB binary '${TEMPLATE_DIRECTORY}/EFI/${SECURE_BOOT}/BOOT/shimx64.efi.signed' not found." ; eend 1 + bailout 57 + fi - log "Generated 64-bit Secure Boot (ubuntu) EFI image ${CHROOT_OUTPUT}/${EFI_IMG}" - einfo "Generated 64-bit Secure Boot (ubuntu) EFI image ${CHROOT_OUTPUT}/${EFI_IMG}" ; eend 0 - fi + log "Generated 64-bit Secure Boot (${SECURE_BOOT}) EFI image ${CHROOT_OUTPUT}/${EFI_IMG}" + einfo "Generated 64-bit Secure Boot (${SECURE_BOOT}) EFI image ${CHROOT_OUTPUT}/${EFI_IMG}" ; eend 0 + ;; + *) + log "Secure Boot method '${SECURE_BOOT}' is unsupported." + eerror "Secure Boot method '${SECURE_BOOT}' is unsupported." ; eend 1 + bailout 59 + ;; + esac fi fi @@ -1023,11 +1062,10 @@ if [ "$ARCH" = i386 ] || [ "$ARCH" = amd64 ] ; then einfo "Generating "${BUILD_OUTPUT}"/conf/bootfile* files" log "Generating "${BUILD_OUTPUT}"/conf/bootfile* files" + BOOT_FILE="/conf/bootfile_$(cat "${CHROOT_OUTPUT}"/boot/grub/bootfile.txt)" + echo "# This file is relevant for GRUB boot with the Grml ISO." > "${BUILD_OUTPUT}/${BOOT_FILE}" # save information about the random filename inside /conf/bootfile.txt - echo "/conf/bootfile_$(cat "${CHROOT_OUTPUT}"/boot/grub/bootfile.txt)" > \ - "${BUILD_OUTPUT}"/conf/bootfile.txt - echo "# This file is relevant for GRUB boot with the Grml ISO." > \ - "${BUILD_OUTPUT}"/conf/bootfile_"$(cat "${CHROOT_OUTPUT}"/boot/grub/bootfile.txt)" + echo "${BOOT_FILE}" > "${BUILD_OUTPUT}"/conf/bootfile.txt eend $? fi @@ -1085,12 +1123,16 @@ if [ "$ARCH" = i386 ] || [ "$ARCH" = amd64 ] ; then log "Skipping installation of boot addons as requested via \$NO_ADDONS." einfo "Skipping installation of boot addons as requested via \$NO_ADDONS."; eend 0 else - if ! [ -d "$TEMPLATE_DIRECTORY"/boot/addons ] ; then + if ! [ -r "$TEMPLATE_DIRECTORY"/boot/addons ] ; then log "Boot addons not found, skipping therefore. (Consider installing package grml-live-addons)" ewarn "Boot addons not found, skipping therefore. (Consider installing package grml-live-addons)" ; eend 0 else + log "Installing boot addons." + einfo "Installing boot addons." + # copy addons from system packages or grml-live-addons copy_addon_file ipxe.lkrn /usr/lib/ipxe addons + copy_addon_file ipxe.efi /usr/lib/ipxe addons copy_addon_file pci.ids /usr/share/misc addons copy_addon_file memtest86+.bin /boot addons @@ -1107,6 +1149,8 @@ if [ "$ARCH" = i386 ] || [ "$ARCH" = amd64 ] ; then copy_addon_file memdisk /usr/lib/syslinux addons + eend 0 + # make memtest filename FAT16/8.3 compatible mv "${BUILD_OUTPUT}/boot/addons/memtest86+.bin" \ "${BUILD_OUTPUT}/boot/addons/memtest" @@ -1186,8 +1230,7 @@ if [ "$ARCH" = i386 ] || [ "$ARCH" = amd64 ] ; then # adjust all variables in the templates with the according distribution information adjust_boot_files "${BUILD_OUTPUT}"/boot/isolinux/*.cfg \ "${BUILD_OUTPUT}"/boot/isolinux/*.msg \ - "${BUILD_OUTPUT}"/boot/grub/* \ - "${BUILD_OUTPUT}"/boot/ubuntu/* + "${BUILD_OUTPUT}"/boot/grub/* for param in ARCH DATE DISTRI_INFO DISTRI_NAME DISTRI_SPLASH GRML_NAME SQUASHFS_NAME \ RELEASE_INFO SHORT_NAME VERSION ; do @@ -1342,8 +1385,8 @@ else # use sane defaults if $SQUASHFS_OPTIONS isn't set if [ -z "$SQUASHFS_OPTIONS" ] ; then - # use blocksize 256k as this gives best result with regards to time + compression - SQUASHFS_OPTIONS="-b 256k" + # use block size 1m as this gives good result with regards to time + compression + SQUASHFS_OPTIONS="-b 1m" # set lzma/xz compression by default, unless -z option has been specified on command line if [ -z "$SQUASHFS_ZLIB" ] ; then @@ -1623,6 +1666,53 @@ create_netbootpackage() { eoutdent fi + # don't include shim + grubnetx64 + grub files in i386 netboot packages, + # as those don't make much sense there + if [ "$ARCH" = amd64 ] ; then + if ! [ -r "${BUILD_OUTPUT}/boot/grub/netboot.cfg" ] ; then + log "File ${BUILD_OUTPUT}/boot/grub/netboot.cfg not found." + ewarn "File ${BUILD_OUTPUT}/boot/grub/netboot.cfg not found." + eindent + log "Hint: Are you using custom templates which do not provide grub.cfg?" + ewarn "Hint: Are you using custom templates which do not provide grub.cfg?" ; eend 0 + eoutdent + else + cp "${BUILD_OUTPUT}/boot/grub/netboot.cfg" "${WORKING_DIR}/grub.cfg" + adjust_boot_files "${WORKING_DIR}/grub.cfg" + + if [ -r "${CHROOT_OUTPUT}"/usr/lib/shim/shimx64.efi.signed ] ; then + log "Installing ${CHROOT_OUTPUT}/usr/lib/shim/shimx64.efi.signed as shim.efi in netboot package" + cp "${CHROOT_OUTPUT}"/usr/lib/shim/shimx64.efi.signed "${WORKING_DIR}"/shim.efi + elif [ -r "${CHROOT_OUTPUT}"/usr/lib/shim/shimx64.efi ] ; then + log "Installing ${CHROOT_OUTPUT}/usr/lib/shim/shimx64.efi as shim.efi in netboot package" + cp "${CHROOT_OUTPUT}"/usr/lib/shim/shimx64.efi "${WORKING_DIR}"/shim.efi + else + log "No shimx64.efi for usage with PXE boot found (shim-signed not present?)" + ewarn "No shimx64.efi for usage with PXE boot found (shim-signed not present?)" ; eend 0 + fi + + if [ -r /usr/lib/grub/x86_64-efi-signed/grubnetx64.efi.signed ] ; then + log "Installing /usr/lib/grub/x86_64-efi-signed/grubnetx64.efi.signed as grubx64.efi in netboot package" + cp /usr/lib/grub/x86_64-efi-signed/grubnetx64.efi.signed "${WORKING_DIR}"/grubx64.efi + elif [ -r /usr/lib/grub/x86_64-efi/monolithic/grubnetx64.efi ] ; then + log "Installing /usr/lib/grub/x86_64-efi/monolithic/grubnetx64.efi as grubx64.efi in netboot package" + cp /usr/lib/grub/x86_64-efi/monolithic/grubnetx64.efi "${WORKING_DIR}"/grubx64.efi + else + log "No grubnetx64.efi for usage with PXE boot found (grub-efi-amd64-signed not present?)" + ewarn "No grubnetx64.efi for usage with PXE boot found (grub-efi-amd64-signed not present?)." ; eend 0 + fi + + if [ -r "${CHROOT_OUTPUT}"/usr/share/grub/unicode.pf2 ] ; then + log "Installing ${CHROOT_OUTPUT}/usr/share/grub/unicode.pf2 as grub/fonts/unicode.pf2 in netboot package" + mkdir -p "${WORKING_DIR}"/grub/fonts/ + cp "${CHROOT_OUTPUT}"/usr/share/grub/unicode.pf2 "${WORKING_DIR}"/grub/fonts/ + else + log "No unicode.pf2 for usage with PXE boot found (grub-common not present?)" + ewarn "No unicode.pf2 for usage with PXE boot found (grub-common not present?)" ; eend 0 + fi + fi + fi + if tar -C "$OUTPUTDIR" -jcf "${OUTPUT_FILE}" "grml_netboot_package_${GRML_NAME}_${VERSION}" ; then ( cd $(dirname "${OUTPUT_FILE}") @@ -1689,7 +1779,10 @@ fi # }}} # finalize {{{ -[ -n "$start_seconds" ] && SECONDS="$[$(cut -d . -f 1 /proc/uptime)-$start_seconds]" || SECONDS="unknown" +if [ -n "${start_seconds}" ] ; then + end_seconds="$(date +%s)" + SECONDS="$(( end_seconds - start_seconds ))" +fi log "Successfully finished execution of $PN [$(date) - running ${SECONDS} seconds]" dpkg_to_db # make sure we catch the last log line as well, therefore execute between log + einfo