mirrors/aports
3
0
Fork 0
mirror of https://gitlab.alpinelinux.org/alpine/aports.git synced 2025-04-12 14:56:53 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
aports/testing/systemd-boot/ukify.hook
Angelo Verlain ecfd0cea1c testing/systemd-boot: use PATH to find binaries
2025-03-19 20:59:12 +00:00

77 lines
2 KiB
Bash
Raw Permalink Blame History

#!/bin/ash
readonly HOOK_NAME=ukify
# Defaults
backup_name='alpine-{flavor}.bak.efi'
cmdline="@/etc/kernel/cmdline"
output_dir='/boot/EFI/Linux'
output_name='alpine-{flavor}.efi'
signing_cert='/etc/uefi-keys/db.crt'
signing_disabled=no
signing_key='/etc/uefi-keys/db.key'
die() {
printf "$HOOK_NAME: %s\n" "$2" >&2
exit "$1"
}
if [ $# -lt 2 ]; then
echo "Usage: $0 <flavor> <new-version> <old-version>" >&2
exit 1
fi
readonly FLAVOR="$1"
readonly NEW_VERSION="$2"
readonly OLD_VERSION="${3:-}"
# Hook triggered for the kernel removal, nothing to do here.
[ "$NEW_VERSION" ] || exit 0
. /etc/kernel-hooks.d/ukify.conf
[ "$cmdline" ] \
|| die 0 "cmdline is not specified in /etc/kernel-hooks.d/$HOOK_NAME.conf, skipping hook!"
if [ "$signing_disabled" != yes ]; then
[ -r "$signing_cert" ] \
|| die 2 "ERROR: signing cert '$signing_cert' does not exist or not readable!"
[ -r "$signing_key" ] \
|| die 2 "ERROR: signing key '$signing_key' does not exist or not readable!"
else
# Unset both if disabled.
signing_cert=""
signing_key=""
fi
output_name=$(echo "$output_name" \
| sed "s/{flavor}/$FLAVOR/; s/{version}/$NEW_VERSION/")
output="$output_dir/$output_name"
microcode=""
for path in /boot/intel-ucode.img /boot/amd-ucode.img; do
[ -f "$path" ] && microcode="$path"
done
if [ "$backup_name" != yes ] && [ -f "$output" ]; then
backup_name=$(echo "$backup_name" | sed "s/{flavor}/$FLAVOR/")
cp -a "$output" "$output_dir/$backup_name"
fi
tmpdir=$(mktemp -dt "$HOOK_NAME.XXXXXX")
trap "rm -f '$tmpdir'/*; rmdir '$tmpdir'" EXIT HUP INT TERM
echo "==> $HOOK_NAME: creating initramfs"
mkinitfs -o "$tmpdir"/initramfs "$NEW_VERSION-$FLAVOR"
echo "==> $HOOK_NAME: creating and signing UKI"
ukify build \
--uname "$NEW_VERSION-$FLAVOR" \
--linux "/boot/vmlinuz-$FLAVOR" \
--initrd "$tmpdir/initramfs" \
${signing_cert:+--secureboot-certificate $signing_cert} \
${signing_key:+--secureboot-private-key $signing_key} \
${microcode:+--microcode $microcode} \
--cmdline "$cmdline" \
--output "$output"
Reference in a new issue View git blame Copy permalink