snap-pac-uki/src/snap-pac-uki.fish

177 lines
5.5 KiB
Fish
Executable File

#!/bin/fish
function error -d "prints an error and exits" -a error
echo $error 1>&2
exit 1
end
function check_deps -d "checks if all dependencies are available"
set -l dependencies \
"rg" \
"sed" \
for dep in $dependencies
which $dep >/dev/null 2>/dev/null
if test $status != "0"
error "missing depenency: $dep"
end
end
which "sbsign" >/dev/null 2>/dev/null
if test $status != "0" -a $CFG_SECUREBOOT = "yes"
set -g CFG_SECUREBOOT "no"
echo "CFG_SECUREBOOT overwriten to \"no\": 'sbsign' not available"
end
end
function find_ukiless_snapshots -d "find"
set -ge TASK_UKI
for id in (ls $CFG_SNAPSHOT_PATH)
if test $id = "0"
continue
end
if test -f "$CFG_UKI_DIR/arch-linux-$id.efi"
continue
end
set -ga TASK_UKI $id
end
end
function create_uki -d "creates a new uki" -a variant id
switch $variant
case "rolling"
set bd "$CFG_BUILD_DIR/current"
set current "-current"
case "fallback"
set bd "$CFG_BUILD_DIR/current"
set fallback "-fallback"
case "snapshot"
set bd "$CFG_BUILD_DIR/$id"
set snid "-$id"
set prefix "$CFG_SNAPSHOT_PATH/$id/snapshot"
case "*"
error "unknown uki variant: $variant"
end
# create initrd
set initrd "$bd/initramfs-linux$fallback.img"
cat "$prefix/boot/initramfs-linux$fallback.img" >> $initrd
# create uki
objcopy \
--add-section .osrel="$bd/os-release$fallback" --change-section-vma .osrel=0x20000 \
--add-section .cmdline="$bd/kernel-cmd$current$fallback" --change-section-vma .cmdline=0x30000 \
--add-section .splash="$prefix/usr/share/systemd/bootctl/splash-arch.bmp" --change-section-vma .splash=0x40000 \
--add-section .linux="$prefix/boot/vmlinuz-linux" --change-section-vma .linux=0x2000000 \
--add-section .initrd="$initrd" --change-section-vma .initrd=0x3000000 \
"$prefix/usr/lib/systemd/boot/efi/linuxx64.efi.stub" "$bd/arch-linux$fallback$snid.efi.unsigned"
# sign
if test "$CFG_SECUREBOOT" = "yes"
sbsign --key $CFG_SECUREBOOT_KEY \
--cert $CFG_SECUREBOOT_CERT \
--output "$bd/arch-linux$fallback$snid.efi" \
"$bd/arch-linux$fallback$snid.efi.unsigned"
else # otherwise move unsigned efi to location
mv "$bd/arch-linux$fallback$snid.efi.unsigned" "$bd/arch-linux$fallback$snid.efi"
end
end
function create_snapshot_uki -d "creates an uki for a snapshot" -a id
# create build directory
set bd "$CFG_BUILD_DIR/$id"
if test -f $bd
error "build dir for snapshot $id is a file"
else if test -d $bd
rm -rf "$bd/*"
else
mkdir -p $bd
end
# prepare files
sed "s/BUILD_ID=.*/BUILD_ID=\"snapshot $id\"/;s/PRETTY_NAME=\"\(.*\)\"/PRETTY_NAME=\"\1 (Snapshot $id)\"/" <"$CFG_SNAPSHOT_PATH/$id/snapshot/usr/lib/os-release" >"$bd/os-release"
sed "s/SNAPSHOT/$CFG_SNAPSHOT_SUBVOL\/$id\/snapshot/" <"$CFG_SNAPSHOT_PATH/$id/snapshot/etc/snap-pac-uki/kernel-cmd" >"$bd/kernel-cmd"
# create uki
create_uki snapshot $id
end
function create_current_uki -d "creates an uki for the current system"
# create build directory
set bd "$CFG_BUILD_DIR/current"
if test -f $bd
error "build dir for snapshot $id is a file"
else if test -d $bd
rm -rf "$bd/*"
else
mkdir -p $bd
end
# create default
cp "/usr/lib/os-release" "$bd/os-release"
sed "s/SNAPSHOT/$CFG_DEFAULT_SUBVOL/" <"/etc/snap-pac-uki/kernel-cmd-current" >"$bd/kernel-cmd-current"
create_uki rolling
# create fallbac
sed "s/BUILD_ID=.*/BUILD_ID=fallback/;s/PRETTY_NAME=\"\(.*\)\"/PRETTY_NAME=\"\1 (Fallback)\"/" <"/usr/lib/os-release" >"$bd/os-release-fallback"
sed "s/SNAPSHOT/$CFG_DEFAULT_SUBVOL/" <"/etc/snap-pac-uki/kernel-cmd-fallback" >"$bd/kernel-cmd-fallback"
create_uki fallback
end
function main
# prepare for execution
source "/etc/snap-pac-uki/config.fish"
config
if test "$CFG_ENABLED" != "yes"
echo "==> snap-pac-uki not enabled in config file" 1>&2
exit 0
end
check_deps
switch $argv[1]
case "snapshots"
find_ukiless_snapshots
for id in $TASK_UKI
echo "==> found snapshot without uki: $id"
create_snapshot_uki $id
echo " -> created uki for snapshot $id"
cp "$CFG_BUILD_DIR/$id/arch-linux-$id.efi" "$CFG_UKI_DIR"
echo " -> copied uki for snapshot $id into uki directory"
end
case "current"
echo "==> creating current ukis"
create_current_uki
echo " -> created ukis"
cp "$CFG_BUILD_DIR/current/arch-linux.efi" "$CFG_UKI_DIR"
cp "$CFG_BUILD_DIR/current/arch-linux-fallback.efi" "$CFG_UKI_DIR"
echo " -> copied ukis into uki directory"
case "clean"
echo "==> cleaning ukis"
set ids (ls $CFG_SNAPSHOT_PATH)
for uki in (ls "$CFG_UKI_DIR" | rg "[0-9]" | sed "s/arch-linux-\([0-9]*\).efi/\1/")
if not contains "$uki" $ids
echo " -> cleaning uki and boot entry for removed snapshot $uki"
rm "$CFG_UKI_DIR/arch-linux-$uki.efi"
end
end
case "*"
error "unknown command"
end
end
main $argv