overlay coreos-firmware: update to 20230625_p20230724

Update coreos-firmware to 20230625_p20230724, syncing with
linux-firmware of Gentoo, mainly to address CVE-2023-20593.

Gentoo ref: 6390ce05738eac80fc06663a73ca6b22fdaee8d1

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-firmware/Manifest

@@ -1 +1 @@
-DIST linux-firmware-20230625.tar.xz 280854212 BLAKE2B 8ad8ce864e2a7b7d542569f5171ae0a7d9b05a1d55a04c507dbfb1939a60507ac8275eef24a165814aca8fdf93e6dbf3f7fbeaf25a8f46f022ca47b7b512401d SHA512 0e48aa7f63495485426d37491c7cb61843165625bd47f912c5d83628c6de871759f1a78be3af3d651f7c396bd87dff07e21ba7afc47896c1c143106d5f16d351
+DIST linux-firmware-20230625_p20230724.tar.gz 441906566 BLAKE2B 5bed31d9ad78440bb12feeacb1ba27a07ad30b0eb8c7bfd03a4e7a7590012af1f9535a49fbf031abf79dd05ca90be79566f06db6f955910edfdca61281831c67 SHA512 daaf07422eb6f3e1b50f8a5dba5bfff747fe6750c0210ab798745f61d774eef7642ab45b9b404c668cf017d6b7fcf89c34bce9e6c77053b1b81f1a3498c5be18

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-firmware/coreos-firmware-99999999.ebuild

@@ -1,197 +1,403 @@
-# Copyright 1999-2020 Gentoo Authors
+# Copyright 1999-2023 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=7
-
-# Tell linux-info where to find the kernel source/build
-KERNEL_DIR="${SYSROOT%/}/usr/src/linux"
-KBUILD_OUTPUT="${SYSROOT%/}/var/cache/portage/sys-kernel/coreos-kernel"
-inherit linux-info savedconfig
+inherit linux-info mount-boot savedconfig multiprocessing
 
 # In case this is a real snapshot, fill in commit below.
 # For normal, tagged releases, leave blank
-MY_COMMIT=
+MY_COMMIT="59fbffa9ec8e4b0b31d2d13e715cf6580ad0e99c"
 
 if [[ ${PV} == 99999999* ]]; then
 	inherit git-r3
-	EGIT_REPO_URI="https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git"
+	EGIT_REPO_URI="https://git.kernel.org/pub/scm/linux/kernel/git/firmware/${PN}.git"
 else
 	if [[ -n "${MY_COMMIT}" ]]; then
-		SRC_URI="https://git.kernel.org/cgit/linux/kernel/git/firmware/linux-firmware.git/snapshot/${MY_COMMIT}.tar.gz -> linux-firmware-${PV}.tar.gz"
+		SRC_URI="https://git.kernel.org/cgit/linux/kernel/git/firmware/linux-firmware.git/snapshot/${MY_COMMIT}.tar.gz -> ${P}.tar.gz"
+		S="${WORKDIR}/${MY_COMMIT}"
 	else
-		SRC_URI="https://mirrors.edge.kernel.org/pub/linux/kernel/firmware/linux-firmware-${PV}.tar.xz -> linux-firmware-${PV}.tar.xz"
+		SRC_URI="https://mirrors.edge.kernel.org/pub/linux/kernel/firmware/${P}.tar.xz"
 	fi
-	KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~mips ppc ppc64 s390 sparc x86"
+
+	KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86"
 fi
 
 DESCRIPTION="Linux firmware files"
 HOMEPAGE="https://git.kernel.org/?p=linux/kernel/git/firmware/linux-firmware.git"
 
 LICENSE="GPL-2 GPL-2+ GPL-3 BSD MIT || ( MPL-1.1 GPL-2 )
-	BSD-2 BSD BSD-4 ISC MIT no-source-code"
+	redistributable? ( linux-fw-redistributable BSD-2 BSD BSD-4 ISC MIT )
+	unknown-license? ( all-rights-reserved )"
 SLOT="0"
-IUSE="savedconfig"
+IUSE="compress-xz compress-zstd initramfs +redistributable savedconfig unknown-license"
+REQUIRED_USE="initramfs? ( redistributable )
+	?? ( compress-xz compress-zstd )"
+
+RESTRICT="binchecks strip test
+	unknown-license? ( bindist )"
+
+BDEPEND="initramfs? ( app-arch/cpio )
+	compress-xz? ( app-arch/xz-utils )
+	compress-zstd? ( app-arch/zstd )"
 
-CDEPEND=">=sys-kernel/coreos-modules-4.6.3-r1:="
-DEPEND="${CDEPEND}
-		sys-kernel/coreos-sources"
 #add anything else that collides to this
 RDEPEND="!savedconfig? (
-		!sys-firmware/alsa-firmware[alsa_cards_ca0132]
-		!sys-firmware/alsa-firmware[alsa_cards_korg1212]
-		!sys-firmware/alsa-firmware[alsa_cards_maestro3]
-		!sys-firmware/alsa-firmware[alsa_cards_sb16]
-		!sys-firmware/alsa-firmware[alsa_cards_ymfpci]
-		!net-dialup/ueagle-atm
-		!net-dialup/ueagle4-atm
-		!sys-block/qla-fc-firmware
-		!sys-firmware/iwl1000-ucode
-		!sys-firmware/iwl6005-ucode
-		!sys-firmware/iwl6030-ucode
-		!sys-firmware/iwl6050-ucode
-		!sys-firmware/iwl3160-ucode
-		!sys-firmware/iwl7260-ucode
-		!sys-firmware/iwl3160-7260-bt-ucode
+		redistributable? (
+			!sys-firmware/alsa-firmware[alsa_cards_ca0132]
+			!sys-block/qla-fc-firmware
+			!sys-firmware/iwl1000-ucode
+			!sys-firmware/iwl6005-ucode
+			!sys-firmware/iwl6030-ucode
+			!sys-firmware/iwl3160-ucode
+			!sys-firmware/iwl7260-ucode
+			!sys-firmware/iwl3160-7260-bt-ucode
+			!sys-firmware/raspberrypi-wifi-ucode
+		)
+		unknown-license? (
+			!sys-firmware/alsa-firmware[alsa_cards_korg1212]
+			!sys-firmware/alsa-firmware[alsa_cards_maestro3]
+			!sys-firmware/alsa-firmware[alsa_cards_sb16]
+			!sys-firmware/alsa-firmware[alsa_cards_ymfpci]
+		)
 	)"
 
-RESTRICT="binchecks strip"
+QA_PREBUILT="*"
 
-# source name is linux-firmware, not coreos-firmware
-S="${WORKDIR}/linux-firmware-${PV}"
+pkg_setup() {
+	if use compress-xz || use compress-zstd ; then
+		local CONFIG_CHECK
 
-CXGB_VERSION="1.27.3.0"
-ICE_DDP_VERSION="1.3.30.0"
+		if kernel_is -ge 5 19; then
+			use compress-xz && CONFIG_CHECK="~FW_LOADER_COMPRESS_XZ"
+			use compress-zstd && CONFIG_CHECK="~FW_LOADER_COMPRESS_ZSTD"
+		else
+			use compress-xz && CONFIG_CHECK="~FW_LOADER_COMPRESS"
+			if use compress-zstd; then
+				eerror "Kernels <5.19 do not support ZSTD-compressed firmware files"
+			fi
+		fi
+		linux-info_pkg_setup
+	fi
+}
+
+pkg_pretend() {
+	use initramfs && mount-boot_pkg_pretend
+}
 
 src_unpack() {
 	if [[ ${PV} == 99999999* ]]; then
 		git-r3_src_unpack
 	else
 		default
-		# Upstream linux-firmware tarball does not contain
-		# symlinks for cxgb4 firmware files, but "modinfo
-		# cxgb4.ko" shows it requires t?fw.bin files. These
-		# normally are installed by the copy-firmware.sh
-		# script, which refers to the WHENCE file. Both the
-		# script and the file are in the tarball. The WHENCE
-		# file actually mentions that these symlinks should be
-		# created, but apparently our ebuild is not using this
-		# way of installing the firmware files, so we need to
-		# create the symlinks to avoid failures at the
-		# firmware scanning stage.
-		ln -sfn t4fw-${CXGB_VERSION}.bin linux-firmware-${PV}/cxgb4/t4fw.bin
-		ln -sfn t5fw-${CXGB_VERSION}.bin linux-firmware-${PV}/cxgb4/t5fw.bin
-		ln -sfn t6fw-${CXGB_VERSION}.bin linux-firmware-${PV}/cxgb4/t6fw.bin
-
-		# Upstream linux-firmware tarball does not contain
-		# a correct symlink to intel/ice/ddp/ice-1.3.28.0.pkg,
-		# but "modinfo ice.ko" shows it requires ice.pkg.
-		# So we need to create the symlink to avoid failures at the
-		# firmware scanning stage.
-		ln -sfn ice-${ICE_DDP_VERSION}.pkg linux-firmware-${PV}/intel/ice/ddp/ice.pkg
-
-		# The xhci-pci.ko kernel module started requiring a
-		# renesas_usb_fw.mem firmware file, but this file is
-		# nowhere to be found in the tarball. So we just fake
-		# the existence of the firmware, so the firmware
-		# scanning stage won't fail. Obviously, this means
-		# that if someone is going to use this specific
-		# renesas controller that requires the firmware, it
-		# won't work. Hopefully that file appears at some
-		# point in the tarball.
-		touch "linux-firmware-${PV}/renesas_usb_fw.mem"
+		# rename directory from git snapshot tarball
+		if [[ ${#GIT_COMMIT} -gt 8 ]]; then
+			mv ${PN}-*/ ${P} || die
+		fi
 	fi
 }
 
 src_prepare() {
-	local kernel_mods="${SYSROOT%/}/lib/modules/${KV_FULL}"
-
-	# Fail if any firmware is missing.
-	einfo "Scanning for files required by ${KV_FULL}"
-	echo -n > "${T}/firmware-scan"
-	local kofile fwfile failed
-	for kofile in $(find "${kernel_mods}" -name '*.ko' -o -name '*.ko.xz'); do
-		for fwfile in $(modinfo --field firmware "${kofile}"); do
-			if [[ ! -e "${fwfile}" ]]; then
-				eerror "Missing firmware: ${fwfile} (${kofile##*/})"
-				failed=1
-			elif [[ -L "${fwfile}" ]]; then
-				echo "${fwfile}" >> "${T}/firmware-scan"
-				realpath --relative-to=. "${fwfile}" >> "${T}/firmware-scan"
-			else
-				echo "${fwfile}" >> "${T}/firmware-scan"
-			fi
-		done
-	done
-	if [[ -n "${failed}" ]]; then
-		die "Missing firmware"
-	fi
-
-	# AMD's microcode is shipped as part of coreos-firmware, but not a dependency to
-	# any module, so add it manually
-	use amd64 && find amd-ucode/ -type f -not -name "*.asc" >> "${T}/firmware-scan"
-
-	einfo "Pruning all unneeded firmware files..."
-	sort -u "${T}/firmware-scan" > "${T}/firmware"
-	find * -not -type d \
-		| sort "${T}/firmware" "${T}/firmware" - \
-		| uniq -u | xargs -r rm
-	find * -type f -name "* *" -exec rm -f {} \;
-
 	default
 
-	echo "# Remove files that shall not be installed from this list." > ${PN}.conf
-	find * \( \! -type d -and \! -name ${PN}.conf \) >> ${PN}.conf
+	find . -type f -not -perm 0644 -print0 \
+		| xargs --null --no-run-if-empty chmod 0644 \
+		|| die
 
-	if use savedconfig; then
-		restore_config ${PN}.conf
-		ebegin "Removing all files not listed in config"
+	chmod +x copy-firmware.sh || die
 
-		local file delete_file preserved_file preserved_files=()
+	if use initramfs; then
+		if [[ -d "${S}/amd-ucode" ]]; then
+			local UCODETMP="${T}/ucode_tmp"
+			local UCODEDIR="${UCODETMP}/kernel/x86/microcode"
+			mkdir -p "${UCODEDIR}" || die
+			echo 1 > "${UCODETMP}/early_cpio"
 
-		while IFS= read -r file; do
-			# Ignore comments.
-			if [[ ${file} != "#"* ]]; then
-				preserved_files+=("${file}")
+			local amd_ucode_file="${UCODEDIR}/AuthenticAMD.bin"
+			cat "${S}"/amd-ucode/*.bin > "${amd_ucode_file}" || die "Failed to concat amd cpu ucode"
+
+			if [[ ! -s "${amd_ucode_file}" ]]; then
+				die "Sanity check failed: '${amd_ucode_file}' is empty!"
 			fi
-		done < ${PN}.conf || die
 
-		while IFS= read -d "" -r file; do
-			delete_file=true
-			for preserved_file in "${preserved_files[@]}"; do
-				if [[ "${file}" == "${preserved_file}" ]]; then
-					delete_file=false
-				fi
-			done
-
-			if ${delete_file}; then
-				rm "${file}" || die
+			pushd "${UCODETMP}" &>/dev/null || die
+			find . -print0 | cpio --quiet --null -o -H newc -R 0:0 > "${S}"/amd-uc.img
+			popd &>/dev/null || die
+			if [[ ! -s "${S}/amd-uc.img" ]]; then
+				die "Failed to create '${S}/amd-uc.img'!"
 			fi
-		done < <(find * \( \! -type d -and \! -name ${PN}.conf \) -print0 || die)
-
-		eend || die
-
-		# remove empty directories, bug #396073
-		find -type d -empty -delete || die
+		else
+			# If this will ever happen something has changed which
+			# must be reviewed
+			die "'${S}/amd-ucode' not found!"
+		fi
 	fi
+
+	# whitelist of misc files
+	local misc_files=(
+		copy-firmware.sh
+		WHENCE
+		README
+	)
+
+	# whitelist of images with a free software license
+	local free_software=(
+		# keyspan_pda (GPL-2+)
+		keyspan_pda/keyspan_pda.fw
+		keyspan_pda/xircom_pgs.fw
+		# dsp56k (GPL-2+)
+		dsp56k/bootstrap.bin
+		# ath9k_htc (BSD GPL-2+ MIT)
+		ath9k_htc/htc_7010-1.4.0.fw
+		ath9k_htc/htc_9271-1.4.0.fw
+		# pcnet_cs, 3c589_cs, 3c574_cs, serial_cs (dual GPL-2/MPL-1.1)
+		cis/LA-PCM.cis
+		cis/PCMLM28.cis
+		cis/DP83903.cis
+		cis/NE2K.cis
+		cis/tamarack.cis
+		cis/PE-200.cis
+		cis/PE520.cis
+		cis/3CXEM556.cis
+		cis/3CCFEM556.cis
+		cis/MT5634ZLX.cis
+		cis/RS-COM-2P.cis
+		cis/COMpad2.cis
+		cis/COMpad4.cis
+		# serial_cs (GPL-3)
+		cis/SW_555_SER.cis
+		cis/SW_7xx_SER.cis
+		cis/SW_8xx_SER.cis
+		# dvb-ttpci (GPL-2+)
+		av7110/bootcode.bin
+		# usbdux, usbduxfast, usbduxsigma (GPL-2+)
+		usbdux_firmware.bin
+		usbduxfast_firmware.bin
+		usbduxsigma_firmware.bin
+		# brcmfmac (GPL-2+)
+		brcm/brcmfmac4330-sdio.Prowise-PT301.txt
+		brcm/brcmfmac43340-sdio.meegopad-t08.txt
+		brcm/brcmfmac43362-sdio.cubietech,cubietruck.txt
+		brcm/brcmfmac43362-sdio.lemaker,bananapro.txt
+		brcm/brcmfmac43430a0-sdio.jumper-ezpad-mini3.txt
+		"brcm/brcmfmac43430a0-sdio.ONDA-V80 PLUS.txt"
+		brcm/brcmfmac43430-sdio.AP6212.txt
+		brcm/brcmfmac43430-sdio.Hampoo-D2D3_Vi8A1.txt
+		brcm/brcmfmac43430-sdio.MUR1DX.txt
+		brcm/brcmfmac43430-sdio.raspberrypi,3-model-b.txt
+		brcm/brcmfmac43455-sdio.raspberrypi,3-model-b-plus.txt
+		brcm/brcmfmac4356-pcie.gpd-win-pocket.txt
+		# isci (GPL-2)
+		isci/isci_firmware.bin
+		# carl9170 (GPL-2+)
+		carl9170-1.fw
+		# atusb (GPL-2+)
+		atusb/atusb-0.2.dfu
+		atusb/atusb-0.3.dfu
+		atusb/rzusb-0.3.bin
+		# mlxsw_spectrum (dual BSD/GPL-2)
+		mellanox/mlxsw_spectrum-13.1420.122.mfa2
+		mellanox/mlxsw_spectrum-13.1530.152.mfa2
+		mellanox/mlxsw_spectrum-13.1620.192.mfa2
+		mellanox/mlxsw_spectrum-13.1702.6.mfa2
+		mellanox/mlxsw_spectrum-13.1703.4.mfa2
+		mellanox/mlxsw_spectrum-13.1910.622.mfa2
+		mellanox/mlxsw_spectrum-13.2000.1122.mfa2
+	)
+
+	# blacklist of images with unknown license
+	local unknown_license=(
+		korg/k1212.dsp
+		ess/maestro3_assp_kernel.fw
+		ess/maestro3_assp_minisrc.fw
+		yamaha/ds1_ctrl.fw
+		yamaha/ds1_dsp.fw
+		yamaha/ds1e_ctrl.fw
+		ttusb-budget/dspbootcode.bin
+		emi62/bitstream.fw
+		emi62/loader.fw
+		emi62/midi.fw
+		emi62/spdif.fw
+		ti_3410.fw
+		ti_5052.fw
+		mts_mt9234mu.fw
+		mts_mt9234zba.fw
+		whiteheat.fw
+		whiteheat_loader.fw
+		cpia2/stv0672_vp4.bin
+		vicam/firmware.fw
+		edgeport/boot.fw
+		edgeport/boot2.fw
+		edgeport/down.fw
+		edgeport/down2.fw
+		edgeport/down3.bin
+		sb16/mulaw_main.csp
+		sb16/alaw_main.csp
+		sb16/ima_adpcm_init.csp
+		sb16/ima_adpcm_playback.csp
+		sb16/ima_adpcm_capture.csp
+		sun/cassini.bin
+		acenic/tg1.bin
+		acenic/tg2.bin
+		adaptec/starfire_rx.bin
+		adaptec/starfire_tx.bin
+		yam/1200.bin
+		yam/9600.bin
+		ositech/Xilinx7OD.bin
+		qlogic/isp1000.bin
+		myricom/lanai.bin
+		yamaha/yss225_registers.bin
+		lgs8g75.fw
+	)
+
+	if use !unknown-license; then
+		einfo "Removing files with unknown license ..."
+		rm -v "${unknown_license[@]}" || die
+	fi
+
+	if use !redistributable; then
+		# remove files _not_ in the free_software or unknown_license lists
+		# everything else is confirmed (or assumed) to be redistributable
+		# based on upstream acceptance policy
+		einfo "Removing non-redistributable files ..."
+		local OLDIFS="${IFS}"
+		local IFS=$'\n'
+		set -o pipefail
+		find ! -type d -printf "%P\n" \
+			| grep -Fvx -e "${misc_files[*]}" -e "${free_software[*]}" -e "${unknown_license[*]}" \
+			| xargs -d '\n' --no-run-if-empty rm -v
+
+		[[ ${?} -ne 0 ]] && die "Failed to remove non-redistributable files"
+
+		IFS="${OLDIFS}"
+	fi
+
+	restore_config ${PN}.conf
 }
 
 src_install() {
-	# Flatcar: Don't save the firmware config to /etc/portage/savedconfig/
-	# if use !savedconfig; then
-	# 	save_config ${PN}.conf
-	# fi
-	rm ${PN}.conf || die
-	insinto /lib/firmware/
-	doins -r *
+	./copy-firmware.sh -v "${ED}/lib/firmware" || die
+
+	pushd "${ED}/lib/firmware" &>/dev/null || die
+
+	# especially use !redistributable will cause some broken symlinks
+	einfo "Removing broken symlinks ..."
+	find * -xtype l -print -delete || die
+
+	if use savedconfig; then
+		if [[ -s "${S}/${PN}.conf" ]]; then
+			local files_to_keep="${T}/files_to_keep.lst"
+			grep -v '^#' "${S}/${PN}.conf" 2>/dev/null > "${files_to_keep}" || die
+			[[ -s "${files_to_keep}" ]] || die "grep failed, empty config file?"
+
+			einfo "Applying USE=savedconfig; Removing all files not listed in config ..."
+			find ! -type d -printf "%P\n" \
+				| grep -Fvx -f "${files_to_keep}" \
+				| xargs -d '\n' --no-run-if-empty rm -v
+
+			if [[ ${PIPESTATUS[0]} -ne 0 ]]; then
+				die "Find failed to print installed files"
+			elif [[ ${PIPESTATUS[1]} -eq 2 ]]; then
+				# grep returns exit status 1 if no lines were selected
+				# which is the case when we want to keep all files
+				die "Grep failed to select files to keep"
+			elif [[ ${PIPESTATUS[2]} -ne 0 ]]; then
+				die "Failed to remove files not listed in config"
+			fi
+		fi
+	fi
+
+	# remove empty directories, bug #396073
+	find -type d -empty -delete || die
+
+	# sanity check
+	if ! ( shopt -s failglob; : * ) 2>/dev/null; then
+		eerror "No files to install. Check your USE flag settings"
+		eerror "and the list of files in your saved configuration."
+		die "Refusing to install an empty package"
+	fi
+
+	# create config file
+	echo "# Remove files that shall not be installed from this list." > "${S}"/${PN}.conf || die
+	find * ! -type d >> "${S}"/${PN}.conf || die
+	save_config "${S}"/${PN}.conf
+
+	if use compress-xz || use compress-zstd; then
+		einfo "Compressing firmware ..."
+		local target
+		local ext
+		local compressor
+
+		if use compress-xz; then
+			ext=xz
+			compressor="xz -T1 -C crc32"
+		elif use compress-zstd; then
+			ext=zst
+			compressor="zstd -15 -T1 -C -q --rm"
+		fi
+
+		# rename symlinks
+		while IFS= read -r -d '' f; do
+			# skip symlinks pointing to directories
+			[[ -d ${f} ]] && continue
+
+			target=$(readlink "${f}")
+			[[ $? -eq 0 ]] || die
+			ln -sf "${target}".${ext} "${f}" || die
+			mv -T "${f}" "${f}".${ext} || die
+		done < <(find . -type l -print0) || die
+
+		find . -type f ! -path "./amd-ucode/*" -print0 | \
+			xargs -0 -P $(makeopts_jobs) -I'{}' ${compressor} '{}' || die
+
+	fi
+
+	popd &>/dev/null || die
+
+	if use initramfs ; then
+		insinto /boot
+		doins "${S}"/amd-uc.img
+	fi
 }
 
 pkg_preinst() {
 	if use savedconfig; then
 		ewarn "USE=savedconfig is active. You must handle file collisions manually."
 	fi
+
+	# Fix 'symlink is blocked by a directory' Bug #871315
+	if has_version "<${CATEGORY}/${PN}-20220913-r2" ; then
+		rm -rf "${EROOT}"/lib/firmware/qcom/LENOVO/21BX
+	fi
+
+	# Make sure /boot is available if needed.
+	use initramfs && mount-boot_pkg_preinst
 }
 
 pkg_postinst() {
 	elog "If you are only interested in particular firmware files, edit the saved"
 	elog "configfile and remove those that you do not want."
+
+	local ver
+	for ver in ${REPLACING_VERSIONS}; do
+		if ver_test ${ver} -lt 20190514; then
+			elog
+			elog 'Starting with version 20190514, installation of many firmware'
+			elog 'files is controlled by USE flags. Please review your USE flag'
+			elog 'and package.license settings if you are missing some files.'
+			break
+		fi
+	done
+
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postinst
+}
+
+pkg_prerm() {
+	# Make sure /boot is mounted so that we can remove /boot/amd-uc.img!
+	use initramfs && mount-boot_pkg_prerm
+}
+
+pkg_postrm() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postrm
 }