Merge "Correct boot path to cover FIPS usage cases"
This commit is contained in:
commit
9c1ee6dcd8
@ -316,6 +316,20 @@ class BlockDevice(object):
|
|||||||
print("%s" % root_fs['type'])
|
print("%s" % root_fs['type'])
|
||||||
return 0
|
return 0
|
||||||
|
|
||||||
|
if symbol == "boot-label":
|
||||||
|
try:
|
||||||
|
boot_mount = self._config_get_mount("/boot")
|
||||||
|
boot_fs = self._config_get_mkfs(boot_mount['base'])
|
||||||
|
# If not explicitly defined, we appear to fallback
|
||||||
|
# to name for a label, which we can only get from the
|
||||||
|
# resulting filesystem config.
|
||||||
|
boot_label = boot_fs.get('label', boot_fs.get('name', ''))
|
||||||
|
except AssertionError:
|
||||||
|
boot_label = ''
|
||||||
|
logger.debug("boot-label [%s]", boot_label)
|
||||||
|
print("%s" % boot_label)
|
||||||
|
return 0
|
||||||
|
|
||||||
if symbol == 'mount-points':
|
if symbol == 'mount-points':
|
||||||
mount_points = self._config_get_all_mount_points()
|
mount_points = self._config_get_all_mount_points()
|
||||||
# we return the mountpoints joined by a pipe, because it is not
|
# we return the mountpoints joined by a pipe, because it is not
|
||||||
|
@ -88,6 +88,29 @@ echo "GRUB_TIMEOUT=${DIB_GRUB_TIMEOUT:-5}" >>/etc/default/grub
|
|||||||
echo 'GRUB_TERMINAL="serial console"' >>/etc/default/grub
|
echo 'GRUB_TERMINAL="serial console"' >>/etc/default/grub
|
||||||
echo 'GRUB_GFXPAYLOAD_LINUX=auto' >>/etc/default/grub
|
echo 'GRUB_GFXPAYLOAD_LINUX=auto' >>/etc/default/grub
|
||||||
|
|
||||||
|
# NOTE(TheJulia): We need to remove any boot entry from the /etc/default/grub
|
||||||
|
# file that may already exist, such as what was added by fips being setup on
|
||||||
|
# either in the source image or by by an element, as we repack the image.
|
||||||
|
# with new filesystems.
|
||||||
|
# Matches any element which looks like " boot=" and the associated value
|
||||||
|
# in order for us to have a clean starting point to put a value in place,
|
||||||
|
# if applicable.
|
||||||
|
# Removes entry trailing with a space, or any entry where boot is set as
|
||||||
|
# the last argument on the line.
|
||||||
|
sed -i 's/\ boot=[0-9A-Za-z/=\-]\+//' /etc/default/grub
|
||||||
|
# NOTE(TheJulia): When using FIPS, dracut wants to evaluate
|
||||||
|
# the hmac files for the kernel checksum. However, if /boot is
|
||||||
|
# located on a separate filesystem from the root filesystem,
|
||||||
|
# than this fails. As a result, we need to identify IF /boot
|
||||||
|
# is a separate filesystem, and convey this fact as a boot
|
||||||
|
# argument so dracut does not halt the system on boot.
|
||||||
|
|
||||||
|
if [[ -n "${DIB_BOOT_LABEL}" ]]; then
|
||||||
|
BOOT_FS="boot=LABEL=${DIB_BOOT_LABEL}"
|
||||||
|
else
|
||||||
|
BOOT_FS=""
|
||||||
|
fi
|
||||||
|
|
||||||
if [[ -n "${DIB_BOOTLOADER_SERIAL_CONSOLE}" ]]; then
|
if [[ -n "${DIB_BOOTLOADER_SERIAL_CONSOLE}" ]]; then
|
||||||
SERIAL_CONSOLE="${DIB_BOOTLOADER_SERIAL_CONSOLE}"
|
SERIAL_CONSOLE="${DIB_BOOTLOADER_SERIAL_CONSOLE}"
|
||||||
elif [[ "powerpc ppc64 ppc64le" =~ "$ARCH" ]]; then
|
elif [[ "powerpc ppc64 ppc64le" =~ "$ARCH" ]]; then
|
||||||
@ -100,7 +123,7 @@ else
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
GRUB_CMDLINE_LINUX_DEFAULT="console=tty0 console=${SERIAL_CONSOLE} no_timer_check"
|
GRUB_CMDLINE_LINUX_DEFAULT="console=tty0 console=${SERIAL_CONSOLE} no_timer_check"
|
||||||
echo "GRUB_CMDLINE_LINUX_DEFAULT=\"${GRUB_CMDLINE_LINUX_DEFAULT} ${DIB_BOOTLOADER_DEFAULT_CMDLINE}\"" >>/etc/default/grub
|
echo "GRUB_CMDLINE_LINUX_DEFAULT=\"${GRUB_CMDLINE_LINUX_DEFAULT} ${DIB_BOOTLOADER_DEFAULT_CMDLINE} ${BOOT_FS}\"" >>/etc/default/grub
|
||||||
echo 'GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1"' >>/etc/default/grub
|
echo 'GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1"' >>/etc/default/grub
|
||||||
|
|
||||||
# os-prober leaks /dev/sda into config file in dual-boot host
|
# os-prober leaks /dev/sda into config file in dual-boot host
|
||||||
|
@ -343,6 +343,11 @@ export DIB_ROOT_LABEL
|
|||||||
DIB_ROOT_FSTYPE=$(${DIB_BLOCK_DEVICE} getval root-fstype)
|
DIB_ROOT_FSTYPE=$(${DIB_BLOCK_DEVICE} getval root-fstype)
|
||||||
export DIB_ROOT_FSTYPE
|
export DIB_ROOT_FSTYPE
|
||||||
|
|
||||||
|
# Need to get the boot device label because, if defined, we may
|
||||||
|
# need to update boot configuration in some cases
|
||||||
|
DIB_BOOT_LABEL=$(${DIB_BLOCK_DEVICE} getval boot-label)
|
||||||
|
export DIB_BOOT_LABEL
|
||||||
|
|
||||||
# retrieve mount points so we can reuse in elements
|
# retrieve mount points so we can reuse in elements
|
||||||
DIB_MOUNTPOINTS=$(${DIB_BLOCK_DEVICE} getval mount-points)
|
DIB_MOUNTPOINTS=$(${DIB_BLOCK_DEVICE} getval mount-points)
|
||||||
export DIB_MOUNTPOINTS
|
export DIB_MOUNTPOINTS
|
||||||
|
@ -0,0 +1,10 @@
|
|||||||
|
---
|
||||||
|
fixes:
|
||||||
|
- |
|
||||||
|
Fixes the GRUB2 bootloader kernel command line where a prior ``boot``
|
||||||
|
parameter could cause issues with bootloader configuration when
|
||||||
|
an image is rebuilt and the ``bootloader`` element is utilized.
|
||||||
|
We now remove any prior ``boot`` parameter in */etc/default/grub*
|
||||||
|
when executing the ``bootloader`` element, and then assert a
|
||||||
|
valid entry ``boot`` parameter if a */boot* partition is defined
|
||||||
|
as part of the image build.
|
Loading…
Reference in New Issue
Block a user