Shivanand Tendulker 06e3d7c767 Add element ubuntu-signed to provide signed kernel
ubuntu-signed element would install 'linux-signed-image-generic' that
provides signed kernel that can be used for deploy in UEFI secure boot mode.

Package 'linux-signed-image-generic' ships signed kernel with extension
'.efi.signed' (Ex. '/boot/vmlinuz-3.13.0-49-generic.efi.signed').

The kernel modules directory for signed kernel and unsigned kernel is same.
It is without 'efi.signed' extension to its name. This is different from normal
practice of directory naming in '/lib/modules' (Ex. For signed kernel
'vmlinuz-3.13.0-49-generic.efi.signed', modules directory is
'/lib/modules/3.13.0-49-generic').
This needed some changes in '/lib/ramdisk-functions' and 'ramdisk' element to
copy kernel modules.

The signed kernel package contains both signed and unsigned kernel. The
unsiged kernel is without extension '.efi.signed' (Ex.
'/boot/vmlinuz-3.13.0-49-generic'). This required change into
'/lib/img-functions' and 'baremetal' element to pick up signed kernel version
when this element is used.

Closes-Bug: 1443076
Change-Id: I60061cbea847b47fa752b9463cfd387e8e7f0635
2015-04-12 11:36:17 -07:00

70 lines
1.8 KiB
Bash
Executable File

#!/bin/bash
if [ ${DIB_DEBUG_TRACE:-1} -gt 0 ]; then
set -x
fi
set -eu
set -o pipefail
_LIB="/tmp/ramdisk-build"
source $_LIB/common-defaults
source $_LIB/img-defaults
source $_LIB/ramdisk-defaults
source $_LIB/common-functions
source $_LIB/img-functions
source $_LIB/ramdisk-functions
KERNEL_VERSION=${DIB_KERNEL_VERSION:-$(find_kernel_version)}
MODULE_DIR=$MODULE_ROOT/lib/modules/$KERNEL_VERSION
if [ -f /dib-signed-kernel-version ] ; then
. /dib-signed-kernel-version
fi
if [ -n "${DIB_SIGNED_KERNEL_VERSION:-}" ]; then
# Though kernel name is suffixed with efi.signed, modules directory is
# without that suffix
MOD_KERNEL_NAME=`echo "$DIB_SIGNED_KERNEL_VERSION" |sed "s/\.efi\.signed//g"`
MODULE_DIR=$MODULE_ROOT/lib/modules/$MOD_KERNEL_NAME
fi
FIRMWARE_DIR=$MODULE_ROOT/lib/firmware
LIB_UDEV=$LIB_UDEV_ROOT/lib/udev
INIT="$_LIB/scripts/init"
FUNCTIONS_D="$_LIB/scripts/d"
BUSYBOX=${BUSYBOX:-$(which busybox)}
# NOTE(bnemec): IMAGE_ELEMENT is normally set in disk-image-create, but we're
# not using that to build the image here.
IMAGE_ELEMENT=
mk_build_dir
mkdir -p $TMP_BUILD_DIR/mnt
export TMP_HOOKS_PATH=/tmp
export TMP_MOUNT_PATH=$TMP_BUILD_DIR/mnt
echo "building ramdisk in $TMP_MOUNT_PATH"
create_ramdisk_base
populate_lib
populate_busybox
populate_init
populate_udev
SCRIPT_HOME=/tmp/in_target.d/bin TMP_HOOKS_PATH=/tmp/in_target.d run_d ramdisk-install
finalise_image
save_image /tmp/ramdisk
# In the past save_image did this for us. If EXIT handler is not
# reset ramdisk image builds fail.
trap EXIT
cp /boot/vmlinu[zx]-${KERNEL_VERSION} /tmp/kernel
if [ -n "${DIB_SIGNED_KERNEL_VERSION:-}" ]; then
cp /boot/vmlinu[zx]-${DIB_SIGNED_KERNEL_VERSION} /tmp/kernel
fi
chmod o+r /tmp/kernel
if [ -f /dib-signed-kernel-version ] ; then
echo "Removing /dib-signed-kernel-version"
rm -f /dib-signed-kernel-version
fi