diskimage-builder/diskimage_builder/elements/opensuse
Steve Baker 27a326dafb Support secure-boot bootloader where possible
As of grub2 >= 2.02-95 on redhat family distros, calling grub2-install
on an EFI partition will fail with: "this utility cannot be used for
EFI platforms because it does not support UEFI Secure Boot."

This version of grub is now in centos8-stream and non-eus repos of
RHEL-8. It is not currently possible to build whole-disk UEFI images
on these distros, and when this package is promoted this will also
affect centos8 and RHEL-8 eus. The grub maintainers made this change
because the grub2-install generated /boot/efi/EFI/BOOT/BOOTX64.EFI
will never be capable of booting with Secure Boot.

This change defines a $EFI_BOOT_DIR for every distro element. When
directory /boot/efi/$EFI_BOOT_DIR exists a grub.cfg file in will be
generated there. This change also installs the shim package on redhat
family distros, which installs a copy of the shim bootloader to
/boot/efi/EFI/BOOT/BOOTX64.EFI. Using centos as an example, this
allows UEFI to boot the shim /boot/efi/EFI/BOOT/BOOTX64.EFI which
then chains to /boot/efi/EFI/centos/grubx64.efi.

If /boot/efi/$EFI_BOOT_DIR doesn't exist (such as for Ubuntu,
/boot/efi/EFI/ubuntu) the current behaviour of running grub-install to
generate /boot/efi/EFI/BOOT/BOOTX64.EFI will continue. For distros
such as Ubutnu where packaging does not populate /boot/efi/EFI/ubuntu
with .efi files, secure boot can be added in the future by copying
.efi files to /boot/efi/EFI/ubuntu and copying the shim file to
/boot/efi/EFI/BOOT/BOOTX64.EFI.

Change-Id: I90925218ff2aa4c4daffcf86e686b6d98d6b0f21
2021-03-11 10:27:59 +13:00
..
environment.d Support secure-boot bootloader where possible 2021-03-11 10:27:59 +13:00
extra-data.d Move elements & lib relative to diskimage_builder package 2016-11-01 17:27:41 -07:00
root.d Update test coverage for openSUSE/-minimal to 15.0 2019-05-08 14:59:51 +00:00
test-elements Rename openSUSE 15.1 testing to 15 2019-08-30 22:44:40 +02:00
element-deps Clear /etc/machine-id to avoid duplicate machine-ids 2017-08-06 13:56:58 -04:00
element-provides Move elements & lib relative to diskimage_builder package 2016-11-01 17:27:41 -07:00
package-installs.yaml Move elements & lib relative to diskimage_builder package 2016-11-01 17:27:41 -07:00
README.rst Update test coverage for openSUSE/-minimal to 15.1 2019-06-13 09:20:40 +02:00

========
opensuse
========
Use an openSUSE cloud image as the baseline for built disk images. The images are
located in distribution specific sub directories under

    https://download.opensuse.org/repositories/Cloud:/Images:/

These images should be considered experimental. There are currently only x86_64
images.

Environment Variables
---------------------

DIB_RELEASE
  :Required: No
  :Default: 15.1
  :Description: Set the desired openSUSE release.

DIB_CLOUD_IMAGES
  :Required: No
  :Default: https://download.opensuse.org/repositories/Cloud:/Images:/(openSUSE|Leap)_${DIB_RELEASE}
  :Description: Set the desired URL to fetch the images from.

Notes:

* There are very frequently new automated builds that include changes that
  happen during the product maintenance. The download directories contain an
  unversioned name and a versioned name. The unversioned name will always
  point to the latest image, but will frequently change its content. The versioned
  one will never change content, but will frequently be deleted and replaced
  by a newer build with a higher version-release number.