mirror of
https://github.com/flatcar/scripts.git
synced 2025-09-22 14:11:07 +02:00
grub_install: add support for verity and non-verity grub.cfg
This commit is contained in:
George Tankersley
parent
28da405b75
commit
aa879ddcce
@ -62,19 +62,19 @@ menuentry "CoreOS default" --id=coreos {
|
||||
gptprio.next -d usr -u usr_uuid
|
||||
if [ "$usr_uuid" = "7130c94a-213a-4e5a-8e26-6cce9662f132" ]; then
|
||||
linux$suf /coreos/vmlinuz-a $linux_console $linux_root \
|
||||
mount.usr=PARTUUID=$usr_uuid $linux_append
|
||||
@@MOUNTUSR@@=PARTUUID=$usr_uuid $linux_append
|
||||
else
|
||||
linux$suf /coreos/vmlinuz-b $linux_console $linux_root \
|
||||
mount.usr=PARTUUID=$usr_uuid $linux_append
|
||||
@@MOUNTUSR@@=PARTUUID=$usr_uuid $linux_append
|
||||
fi
|
||||
}
|
||||
|
||||
menuentry "CoreOS USR-A" --id=coreos-a {
|
||||
linux$suf /coreos/vmlinuz-a $linux_console $linux_root \
|
||||
mount.usr=PARTLABEL=USR-A $linux_append
|
||||
linux$suf /coreos/vmlinuz-a $linux_console $linux_root \
|
||||
@@MOUNTUSR@@=PARTLABEL=USR-A $linux_append
|
||||
}
|
||||
|
||||
menuentry "CoreOS USR-B" --id=coreos-b {
|
||||
linux$suf /coreos/vmlinuz-b $linux_console $linux_root \
|
||||
mount.usr=PARTLABEL=USR-B $linux_append
|
||||
linux$suf /coreos/vmlinuz-b $linux_console $linux_root \
|
||||
@@MOUNTUSR@@=PARTLABEL=USR-B $linux_append
|
||||
}
|
||||
|
||||
@ -20,6 +20,8 @@ DEFINE_string esp_dir "" \
|
||||
"Path to EFI System partition mount point."
|
||||
DEFINE_string disk_image "" \
|
||||
"The disk image containing the EFI System partition."
|
||||
DEFINE_boolean verity ${FLAGS_FALSE} \
|
||||
"Indicates that boot commands should enable dm-verity."
|
||||
|
||||
# Parse flags
|
||||
FLAGS "$@" || exit 1
|
||||
@ -71,6 +73,9 @@ cleanup() {
|
||||
if [[ -b "${LOOP_DEV}" ]]; then
|
||||
sudo losetup --detach "${LOOP_DEV}"
|
||||
fi
|
||||
if [[ -n "${GRUB_TEMP_DIR}" && -e "${GRUB_TEMP_DIR}" ]]; then
|
||||
rm -r "${GRUB_TEMP_DIR}"
|
||||
fi
|
||||
}
|
||||
trap cleanup EXIT
|
||||
|
||||
@ -116,10 +121,26 @@ set prefix=(memdisk)
|
||||
set
|
||||
EOF
|
||||
|
||||
# Generate a memdisk containing the appropriately generated grub.cfg. Doing
|
||||
# this because we need conflicting default behaviors between verity and
|
||||
# non-verity images.
|
||||
GRUB_TEMP_DIR=$(mktemp -d)
|
||||
if [[ ! -f "${ESP_DIR}/coreos/grub/grub.cfg.tar" ]]; then
|
||||
info "Generating grub.cfg memdisk"
|
||||
|
||||
if [[ ${FLAGS_verity} -eq ${FLAGS_TRUE} ]]; then
|
||||
# use dm-verity for /usr
|
||||
cat "${BUILD_LIBRARY_DIR}/grub.cfg" | \
|
||||
sed 's/@@MOUNTUSR@@/mount.usr=\/dev\/mapper\/usr verity.usr/' > \
|
||||
"${GRUB_TEMP_DIR}/grub.cfg"
|
||||
else
|
||||
# uses standard systemd /usr mount
|
||||
cat "${BUILD_LIBRARY_DIR}/grub.cfg" | \
|
||||
sed 's/@@MOUNTUSR@@/mount.usr/' > "${GRUB_TEMP_DIR}/grub.cfg"
|
||||
fi
|
||||
|
||||
sudo tar cf "${ESP_DIR}/coreos/grub/grub.cfg.tar" \
|
||||
-C "${BUILD_LIBRARY_DIR}" "grub.cfg"
|
||||
-C "${GRUB_TEMP_DIR}" "grub.cfg"
|
||||
fi
|
||||
|
||||
info "Generating ${GRUB_DIR}/${CORE_NAME}"
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user