dracut-ukify


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328

#!/usr/bin/bash
set -e

source /usr/share/makepkg/util/message.sh

function usage {
  echo "$(basename "$0") [OPTIONS]"
  echo "  -h            shows usage"
  echo "  -g <version>  generate UKI image for specified kernel version"
  echo "  -a            generate UKI images for all available kernels"
  exit 0
}

function check_root {
  [ $EUID -eq 0 ] && return
  echo "dracut-ukify requires root privileges to work" >&2
  exit 1
}

if [[ ${#} -eq 0 ]]; then
   usage
fi

declare -a ukify_global_args=()
declare -A ukify_variants=()
declare -A ukify_install_path=()
declare -A ukify_cmdline=()

[ -f "/etc/dracut-ukify.conf" ] && source /etc/dracut-ukify.conf

case "$colorize" in
  "true")
    colorize
    ;;
  "auto")
    grep -q -e '^\w*Color\w*$' /etc/pacman.conf && colorize
    ;;
esac

[ ${#ukify_variants[@]} -eq 0 ] && {
  # Fallback to default image if ukify_variants isn't specified
  ukify_variants[default]="--hostonly"
}

ESP_PATH=$(bootctl --print-esp-path)
BOOT_PATH=$(bootctl --print-boot-path)
MACHINE_ID=$(</etc/machine-id)
# shellcheck source=/etc/os-release
source <(grep -E '^(BUILD_)?ID=' /etc/os-release)

function variant_name() {
  local prefix="$1"
  local name="$2"
  if [[ "$name" = "default" ]]; then
    printf "%s" "$prefix"
  else
    printf "%s-%s" "$prefix" "$name"
  fi
}

function uki_path() {
  local name="$1"
  local version="$2"
  local variant="$3"

  if [ ${ukify_install_path[$variant]+_} ]; then
    local -A substitutions=(
      [id]="$ID"
      [build_id]="$BUILD_ID"
      [name]="$name"
      [version]="$version"
      [machine_id]="$MACHINE_ID"
      [version]="$version"
      [efi]="$ESP_PATH"
      [boot]="$BOOT_PATH"
    )

    local path="${ukify_install_path[$variant]}"
    for key in "${!substitutions[@]}"; do
      local value="${substitutions[$key]}"
      path="${path//\$\{$key\}/${value}}"
    done

    case "$path" in
      (/*) printf "%s" "$path";;
      (*)  printf "%s/%s" "$ESP_PATH" "$path";;
    esac
  else
    printf "%s/EFI/Linux/%s.efi" "$ESP_PATH" "$(variant_name "linux-$version-$MACHINE_ID-$BUILD_ID" "$variant")"
  fi
}

function sanity_check() {
  local verbose="$1"

  local -A sanity_kernel=()
  for candidate in /usr/lib/modules/*; do
    [ -f "$candidate/pkgbase" ] || continue
    if read -r pkgbase &> /dev/null < "$candidate/pkgbase"; then
      sanity_kernel["${pkgbase}"]="$(basename "$candidate")"
    fi
  done

  local -A uki_path=()

  local -i result=0

  for kernel in "${!sanity_kernel[@]}"; do
    for variant in "${!ukify_variants[@]}"; do
      local path=$(uki_path "$kernel" "${sanity_kernel[$kernel]}" "$variant")
      if [ $verbose -ne 0 ]; then
        msg "Resolved UKI path for package %s %s in variant %s: %s" "$kernel" "${sanity_kernel[$kernel]}" "$variant" "$path"
      fi

      if [ ${uki_path[$path]+_} ]; then
        error "Found UKI path clash: %s-%s and %s points to the same path: %s" "$kernel" "$variant" "${uki_path[$path]}" "$path"
        result=1
      fi
      uki_path[$path]="$kernel-$variant"
    done
  done

  if [ $result -ne 0 ]; then
    exit $result
  fi
}

function parse_cmdline() {
  grep --invert-match '^[[:blank:]]*#[^!]' "$1" | tr '\n' ' '
}

function remove_uki() {
  local pkgbase="$1"

  path="$(grep -lE "^${pkgbase}\$" /usr/lib/modules/*/pkgbase)"
  version=$(basename "${path%/pkgbase}")
  for variant in "${!ukify_variants[@]}"; do
    IMAGE="$(uki_path "$pkgbase" "$version" "$variant")"
    if [ -f "$IMAGE" ]; then
      msg "Removing $IMAGE..."
      rm -f "$IMAGE"
    fi
  done
}

function cleanup() {
  local exitcode=$?
  for file in "$@"; do
    rm -f "$file" 
  done
  return $exitcode
}

declare -A kernels
kernels_all=0

function match_kernels() {
  check_root

  (( kernels_all )) || while read -r line; do
    if [[ $line =~ ^usr/lib/modules/([^/]+)/pkgbase$ ]]; then
	  read -r pkgbase < "/${line}"
	  kernels["${pkgbase}"]="${BASH_REMATCH[1]}"
	else
	  kernels_all=1
	  break 
	fi
  done
  
  if (( kernels_all )); then
    declare -gA kernels=()
    for candidate in /usr/lib/modules/*; do
      [ -f "$candidate/pkgbase" ] || continue
      if read -r pkgbase &> /dev/null < "$candidate/pkgbase"; then      
        kernels["${pkgbase}"]="$(basename "$candidate")"
      fi
    done
  fi
}

while getopts ":hag:sxyz" arg; do
  case ${arg} in
    g)
      found=0
      for line in $(pacman -Qql "$OPTARG"); do
        if [[ $line =~ ^/usr/lib/modules/([^/]+)/pkgbase$ ]]; then
          read -r pkgbase < "/${line}"
          kernels["${pkgbase}"]="${BASH_REMATCH[1]}"
          found=1
          break
        fi
      done
      if (( ! found )); then
        error "Error occurred during '$OPTARG' package traversal"
        exit 1
      fi
      ;;
    a)
      kernels_all=1
      match_kernels
      ;;
    x)
      check_root
      # Trigger some IO on ESP path to be sure it's mounted by autofs if it's the case
      # Otherwise upgrading systemd may cause ESP partition not mounted at the time dracut attempt to write new image
      stat "$ESP_PATH" >/dev/null
      [ "$ESP_PATH" = "$BOOT_PATH" ] || stat "$BOOT_PATH" >/dev/null
      exit 0
      ;;
    y)
      sanity_check 0
      match_kernels
      for kernel in "${!kernels[@]}"; do
        remove_uki "$kernel"
      done
      exit 0
      ;;
    s)
      sanity_check 1
      exit 0
      ;;
    z)
      sanity_check 0   
      match_kernels
      ;;
    h)
      usage
      ;;
    *)
      usage
      ;;
  esac
done

function gen_image() {
  check_root
  local kernel="$1"
  local version="$2"
  local path="/usr/lib/modules/${version}/pkgbase"
  local vmlinuz="/usr/lib/modules/${version}/vmlinuz"

  msg "dracut-ukify -g %s" "$kernel"

  for variant in "${!ukify_variants[@]}"; do
    local image="$(uki_path "$kernel" "$version" "$variant")"
    local version_name=$(variant_name "$version" "$variant")

    read -r pkgbase < "$path"

    local initrd=$(mktemp --tmpdir ukify.XXXXXXXXXX)
    trap "cleanup \"$initrd\"" ERR EXIT

    msg2 "Building initrd image %s (%s)" "$kernel" "$version_name"
    dracut -q -f --no-hostonly-cmdline --no-uefi --kver "${version}" ${ukify_variants[$variant]} "$initrd"

    local os_release=$(mktemp --tmpdir ukify.XXXXXXXXXX)
    trap "cleanup \"$initrd\" \"$os_release\"" ERR EXIT

    grep -v '^BUILD_ID=' /etc/os-release > "$os_release"
    echo "BUILD_ID=\"$version_name\"" >> "$os_release"
    echo "VERSION_ID=\"$(variant_name "$pkgbase" "$variant")\"" >> "$os_release"

    local -a ukify_args=(build)
    ukify_args+=("${ukify_global_args[@]}")
    ukify_args+=(--uname "$version")
    ukify_args+=(--os-release "@$os_release")
    ukify_args+=(--output "$image")

    local cmdline="${ukify_cmdline["$variant"]}"
    if [ -z "${cmdline}" ]; then
        for i in "${!ukify_args[@]}"; do
            [[ "${ukify_args[i]}" = "--cmdline" ]] && break
        done
        if [ "${ukify_args[i]}" == "--cmdline" ]; then
            cmdline="${ukify_args[i + 1]}"
        fi
    fi
    if [ -z "${cmdline}" ] && [ -f /etc/kernel/cmdline ]; then
        cmdline=$(parse_cmdline /etc/kernel/cmdline)
    fi
    if [ -z "${cmdline}" ] && [ -f /usr/lib/kernel/cmdline ]; then
        cmdline=$(parse_cmdline /usr/lib/kernel/cmdline)
    fi
    if [ -z "${cmdline}" ] && [ -f /proc/cmdline ]; then
        cmdline=$(</proc/cmdline)
    fi
    if [ -n "${cmdline}" ]; then
      for i in "${!ukify_args[@]}"; do
         [[ "${ukify_args[i]}" = "--cmdline" ]] && break
      done
      if [ "${ukify_args[i]}" == "--cmdline" ]; then
        # Global args contains cmdline, override it
        ukify_args[i + 1]="${cmdline}"
      else
        # There is no global cmdline, append it
        ukify_args+=("--cmdline" "${cmdline}")
      fi
    fi

    ukify_args+=(--linux "$vmlinuz")
    ukify_args+=(--initrd "$initrd")

    msg2 "Ukify image %s (%s)" "$kernel" "$version_name"

    /usr/lib/systemd/ukify "${ukify_args[@]}"

    # Remove temporary files
    rm "$initrd"
    rm "$os_release"
    trap - ERR EXIT

    # Mark image as default if needed
    if [[ "$pkgbase" == "$default_kernel_package" && "$variant" == "default" ]]; then
      if ! bootctl is-installed --quiet; then
        warning "systemd-boot is not installed, unable to mark image as default"
      else
        msg2 "Mark linux image %s (%s) as default" "$kernel" "$version"
        bootctl set-default "$(basename "$image")" || {
          error "Unable to mark linux image $kernel ($version) as default due to error"
        }
      fi
    fi
  done
}

for kernel in "${!kernels[@]}"; do
  gen_image "$kernel" "${kernels[$kernel]}"
done