06e3d7c767
ubuntu-signed element would install 'linux-signed-image-generic' that provides signed kernel that can be used for deploy in UEFI secure boot mode. Package 'linux-signed-image-generic' ships signed kernel with extension '.efi.signed' (Ex. '/boot/vmlinuz-3.13.0-49-generic.efi.signed'). The kernel modules directory for signed kernel and unsigned kernel is same. It is without 'efi.signed' extension to its name. This is different from normal practice of directory naming in '/lib/modules' (Ex. For signed kernel 'vmlinuz-3.13.0-49-generic.efi.signed', modules directory is '/lib/modules/3.13.0-49-generic'). This needed some changes in '/lib/ramdisk-functions' and 'ramdisk' element to copy kernel modules. The signed kernel package contains both signed and unsigned kernel. The unsiged kernel is without extension '.efi.signed' (Ex. '/boot/vmlinuz-3.13.0-49-generic'). This required change into '/lib/img-functions' and 'baremetal' element to pick up signed kernel version when this element is used. Closes-Bug: 1443076 Change-Id: I60061cbea847b47fa752b9463cfd387e8e7f0635
70 lines
1.8 KiB
Bash
Executable File
70 lines
1.8 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
if [ ${DIB_DEBUG_TRACE:-1} -gt 0 ]; then
|
|
set -x
|
|
fi
|
|
set -eu
|
|
set -o pipefail
|
|
|
|
_LIB="/tmp/ramdisk-build"
|
|
|
|
source $_LIB/common-defaults
|
|
source $_LIB/img-defaults
|
|
source $_LIB/ramdisk-defaults
|
|
|
|
source $_LIB/common-functions
|
|
source $_LIB/img-functions
|
|
source $_LIB/ramdisk-functions
|
|
|
|
KERNEL_VERSION=${DIB_KERNEL_VERSION:-$(find_kernel_version)}
|
|
|
|
MODULE_DIR=$MODULE_ROOT/lib/modules/$KERNEL_VERSION
|
|
if [ -f /dib-signed-kernel-version ] ; then
|
|
. /dib-signed-kernel-version
|
|
fi
|
|
if [ -n "${DIB_SIGNED_KERNEL_VERSION:-}" ]; then
|
|
# Though kernel name is suffixed with efi.signed, modules directory is
|
|
# without that suffix
|
|
MOD_KERNEL_NAME=`echo "$DIB_SIGNED_KERNEL_VERSION" |sed "s/\.efi\.signed//g"`
|
|
MODULE_DIR=$MODULE_ROOT/lib/modules/$MOD_KERNEL_NAME
|
|
fi
|
|
|
|
FIRMWARE_DIR=$MODULE_ROOT/lib/firmware
|
|
LIB_UDEV=$LIB_UDEV_ROOT/lib/udev
|
|
INIT="$_LIB/scripts/init"
|
|
FUNCTIONS_D="$_LIB/scripts/d"
|
|
BUSYBOX=${BUSYBOX:-$(which busybox)}
|
|
# NOTE(bnemec): IMAGE_ELEMENT is normally set in disk-image-create, but we're
|
|
# not using that to build the image here.
|
|
IMAGE_ELEMENT=
|
|
|
|
mk_build_dir
|
|
mkdir -p $TMP_BUILD_DIR/mnt
|
|
export TMP_HOOKS_PATH=/tmp
|
|
export TMP_MOUNT_PATH=$TMP_BUILD_DIR/mnt
|
|
|
|
echo "building ramdisk in $TMP_MOUNT_PATH"
|
|
|
|
create_ramdisk_base
|
|
populate_lib
|
|
populate_busybox
|
|
populate_init
|
|
populate_udev
|
|
SCRIPT_HOME=/tmp/in_target.d/bin TMP_HOOKS_PATH=/tmp/in_target.d run_d ramdisk-install
|
|
finalise_image
|
|
save_image /tmp/ramdisk
|
|
# In the past save_image did this for us. If EXIT handler is not
|
|
# reset ramdisk image builds fail.
|
|
trap EXIT
|
|
cp /boot/vmlinu[zx]-${KERNEL_VERSION} /tmp/kernel
|
|
if [ -n "${DIB_SIGNED_KERNEL_VERSION:-}" ]; then
|
|
cp /boot/vmlinu[zx]-${DIB_SIGNED_KERNEL_VERSION} /tmp/kernel
|
|
fi
|
|
|
|
chmod o+r /tmp/kernel
|
|
|
|
if [ -f /dib-signed-kernel-version ] ; then
|
|
echo "Removing /dib-signed-kernel-version"
|
|
rm -f /dib-signed-kernel-version
|
|
fi
|