From 8c847caa3cda16b0efc8e2187c15e4161be109d5 Mon Sep 17 00:00:00 2001 From: jmckenna Date: Tue, 12 Jun 2018 15:13:58 -0400 Subject: [PATCH] Allow build-iso option to use udev This change allows the build-iso tool (and subscripts) to use udev rather than sudo when mounting EFI filesystem for modification. This will allow build-iso to continue to work in the container (default operation, using sudo) or to work in a native build environment (using udev, when user does not have sudo privileges). Operaion can be controlled via flag (--udev, --sudo) or via BUILD_ISO_USE_UDEV=1 environment setting Change-Id: I3d1ed0abfbdebd81facb839c6f1d1bbdba8bee73 --- build-tools/build-iso | 23 +++++-- build-tools/update-efiboot-image | 108 ++++++++++++++++--------------- 2 files changed, 75 insertions(+), 56 deletions(-) diff --git a/build-tools/build-iso b/build-tools/build-iso index f01f7dcd..8677f838 100755 --- a/build-tools/build-iso +++ b/build-tools/build-iso @@ -11,11 +11,19 @@ usage () { echo "" echo "Usage: " - echo " build-iso [--auto ] [--file ] [--device ] [--skip-sign]" + echo " build-iso [--auto ] [--file ] " + echo " [--device ] [--skip-sign]" + echo " [--sudo|udev]" echo " --file destination ISO file" - echo " --auto Modify kickstart to auto-install controller or cpe mode" + echo " --auto Modify kickstart to auto-install controller or cpe" + echo " mode" echo " --device Use a different boot/rootds device (default is sda)" echo " --skip-sign do not add file signature to RPMs" + echo " --sudo Use \"sudo\" command to access EFI image filesystem (default)" + echo " --udev Use udev to access EFI image filesystem" + echo "" + echo " Note that environment variable BUILD_ISO_USE_UDEV=1 will have the same effect" + echo " as the --udev option" echo "" } @@ -311,7 +319,9 @@ function init_output_dir { export MY_BUILD_CFG=$MY_BUILD_CFG; \ export MY_MOCK_ROOT=$MY_MOCK_ROOT; \ export PATH=$MY_REPO/build-tools:\$PATH; \ + export BUILD_ISO_USE_UDEV=$BUILD_ISO_USE_UDEV; \ update-efiboot-image" + echo $CMD if [ "$HOSTNAME" == "yow-cgts3-centos7" ]; then echo "Attempting to run update-efiboot-image on yow-cgts3-lx" @@ -356,7 +366,7 @@ function init_output_dir { fi # Run the script - $INTERNAL_REPO_ROOT/build-tools/update-efiboot-image + BUILD_ISO_USE_UDEV=$BUILD_ISO_USE_UDEV $INTERNAL_REPO_ROOT/build-tools/update-efiboot-image RET=$? if [ $RET != 0 ]; then printf "*** Error: update-efiboot-image script returned failure $RET *** \n" @@ -599,9 +609,12 @@ AUTO_INSTALL="" CUMULUS=0 SIGN_RPM_FILES=1 DEVICE="" +if [ -z "$BUILD_ISO_USE_UDEV" ]; then + BUILD_ISO_USE_UDEV=0 +fi # read the options -TEMP=`getopt -o hf:a:d: --long help,file:,auto:,device:,cumulus,clean,skip-sign -n 'test.sh' -- "$@"` +TEMP=`getopt -o hf:a:d: --long help,file:,auto:,device:,cumulus,clean,skip-sign,sudo,udev -n 'test.sh' -- "$@"` eval set -- "$TEMP" # extract options and their arguments into variables. @@ -614,6 +627,8 @@ while true ; do -f | --file) DEST_FILE="$2"; shift; shift ;; -d | --device) DEVICE="$2"; shift; shift ;; -a | --auto) AUTO_FLAG=1; AUTO_INSTALL="$2"; shift; shift ;; + --sudo) BUILD_ISO_USE_UDEV=0 ; shift ;; + --udev) BUILD_ISO_USE_UDEV=1 ; shift ;; --) shift ; break ;; *) echo "Internal error!" ; exit 1 ;; esac diff --git a/build-tools/update-efiboot-image b/build-tools/update-efiboot-image index 13915fc8..4c118c48 100755 --- a/build-tools/update-efiboot-image +++ b/build-tools/update-efiboot-image @@ -15,28 +15,6 @@ MY_YUM_CONF="" - -# Note: -# This needs to be in /usr/local/bin and /usr/local/bin needs to come first in path list. -# this file is a mod of $MY_REPO/build-tools/update-efiboot-image. The original requires -# a fully working udev with we don't have in the container. I use sudo instead. - -# shadowing the file fails since the WR stuff carefully recreates a local path before invocation. -# sigh... -# added instructions to rm and ln -s to this one in the README - -# check for changes to the original, since we are shadowing... -#ORIG_SUM="2df81b2461ea358b24df77f7539d7fb4" -#TEST_SUM=$(md5sum $MY_REPO/build-tools/update-efiboot-image | awk '{print $1}') -#if [ "$TEST_SUM" != "$ORIG_SUM" ]; then -# echo "The original build-tools/update-efiboot-image has changed or is missing. May need mods to this file!" -# echo "Desired sum = $ORIG_SUM" -# echo "Actual sum = $TEST_SUM" -# exit 1 -#fi - -#printf " Shadowing update-efiboot-image with the sudo centric one from /usr/local/bin due to lack of udev \n" - function setup_env_vars { mkdir -p $MY_WORKSPACE/export/ @@ -86,7 +64,7 @@ function setup_env_vars { setup_env_vars -printf " Calling update-efibot-image\n" +printf " Calling $(basename $0)\n" MOUNT_LOG_FILE=$OUTPUT_DIR/mounts_used.log # Clear old image file @@ -99,37 +77,59 @@ cp -L -u $DISTRO_REPO_DIR/images/efiboot.img $OUTPUT_DIR/ printf " Replacing the efiboot.img grub.cfg file with the Titanium Cloud one\n" -#RET=$(udisksctl loop-setup -f $OUTPUT_DIR/efiboot.img --no-user-interaction) -RET=$(sudo losetup --show -f $OUTPUT_DIR/efiboot.img) +# We can either use udev or sudo to mount loopback device, etc. +# This is controlled via env variable -if [ -z "$RET" ] ; then - printf " Error: failed sudo losetup command.\n" - exit 1 +if [ 0${BUILD_ISO_USE_UDEV} -eq 1 ]; then + RET=$(udisksctl loop-setup -f $OUTPUT_DIR/efiboot.img --no-user-interaction) + if [ $? -ne 0 ]; then + printf " Error: failed udev loop-setup command.\n" + exit 1 + fi + LOOP=$(echo $RET | awk '{print $5;}' | sed -e 's/\.//g') +else + # no udev - use losetup command + # retcode is the lo device used + RET=$(sudo losetup --show -f $OUTPUT_DIR/efiboot.img) + if [ -z "$RET" ] ; then + printf " Error: failed sudo losetup command.\n" + exit 1 + fi + + # Save the loop device used into a file + echo $(date) $RET >> $MOUNT_LOG_FILE + + LOOP=$(echo $RET) + if [ -z $LOOP ] ; then + printf " Error: failed losetup command.\n" + exit 1 + fi fi -printf " $RET\n" - -# Save the loop device used into a file -echo $(date) $RET >> $MOUNT_LOG_FILE - -#LOOP=$(echo $RET | awk '{print $5;}' | sed -e 's/\.//g') -LOOP=$(echo $RET) -if [ -z $LOOP ] ; then - printf " Error: failed losetup command.\n" - exit 1 +# Mount the filesystem +if [ 0${BUILD_ISO_USE_UDEV} -eq 1 ]; then + udisksctl mount -b $LOOP + EFI_MOUNT=$(udisksctl info -b $LOOP | grep MountPoints | awk '{print $2;}') +else + EFI_MOUNT=$(sudo mktemp -d -p /mnt -t EFI-noudev.XXXXXX) + sudo mount $LOOP $EFI_MOUNT fi -EFI_MOUNT=$(sudo mktemp -d -p /mnt -t EFI-noudev.XXXXXX) -sudo mount $LOOP $EFI_MOUNT -#udisksctl mount -b $LOOP -#EFI_MOUNT=$(udisksctl info -b $LOOP | grep MountPoints | awk '{print $2;}') if [ -z $EFI_MOUNT ] ; then printf " Error: failed mount command.\n" exit 1 fi +# Several commands may need to be executed with sudo if we're not using +# udev. Use a variable to hold the optional "sudo" part +if [ 0${BUILD_ISO_USE_UDEV} -eq 1 ]; then + SUDOPREFIX="" +else + SUDOPREFIX="sudo" +fi + # Update the vanilla UEFI Centos grub.cfg with the Titanium Cloud version -sudo cp $INTERNAL_REPO_ROOT/addons/wr-cgcs/layers/cgcs/common-bsp/files/grub.cfg $EFI_MOUNT/EFI/BOOT/grub.cfg +${SUDOPREFIX} cp $INTERNAL_REPO_ROOT/addons/wr-cgcs/layers/cgcs/mwa-beas/bsp-files/grub.cfg $EFI_MOUNT/EFI/BOOT/grub.cfg # Update the grub and shim executables with the Titanium Cloud signed versions # @@ -141,23 +141,27 @@ GRUBPKG=`find $MY_WORKSPACE/std/rpmbuild/RPMS/grub2-efi-[0-9]*.x86_64.rpm` pushd $TMPDIR >/dev/null rpm2cpio $SHIMPKG | cpio -id --quiet -sudo find . -name "shim.efi" | xargs -I '{}' sudo cp '{}' $EFI_MOUNT/EFI/BOOT/BOOTX64.EFI +${SUDOPREFIX} find . -name "shim.efi" | xargs -I '{}' ${SUDOPREFIX} cp '{}' $EFI_MOUNT/EFI/BOOT/BOOTX64.EFI rm -rf * rpm2cpio $GRUBPKG | cpio -id --quiet -sudo find . -name "grubx64.efi" | xargs -I '{}' sudo cp '{}' $EFI_MOUNT/EFI/BOOT/grubx64.efi +${SUDOPREFIX} find . -name "grubx64.efi" | xargs -I '{}' ${SUDOPREFIX} cp '{}' $EFI_MOUNT/EFI/BOOT/grubx64.efi popd >/dev/null rm -rf $TMPDIR # Create a directory for Secure Boot certificate -sudo mkdir -p $EFI_MOUNT/CERTS -sudo cp $INTERNAL_REPO_ROOT/build-tools/certificates/* $EFI_MOUNT/CERTS +${SUDOPREFIX} mkdir -p $EFI_MOUNT/CERTS +${SUDOPREFIX} cp $INTERNAL_REPO_ROOT/build-tools/certificates/* $EFI_MOUNT/CERTS # Cleanup mounts -sudo umount $LOOP -#udisksctl unmount -b $LOOP -RET=$(sudo losetup -d $LOOP) -#RET=$(udisksctl loop-delete -b $LOOP) +if [ 0${BUILD_ISO_USE_UDEV} -eq 1 ]; then + udisksctl unmount -b $LOOP + RET=$(udisksctl loop-delete -b $LOOP) +else + sudo umount $LOOP + RET=$(sudo losetup -d $LOOP) +fi + echo $(date) Deleted $LOOP. $RET >> $MOUNT_LOG_FILE -sudo rmdir $EFI_MOUNT +${SUDOPREFIX} rmdir $EFI_MOUNT exit 0