starlingx/root
Code Issues Proposed changes

Allow build-iso option to use udev

Browse Source 
This change allows the build-iso tool (and subscripts) to use udev
rather than sudo when mounting EFI filesystem for modification.
This will allow build-iso to continue to work in the container
(default operation, using sudo) or to work in a native build
environment (using udev, when user does not have sudo privileges).

Operaion can be controlled via flag (--udev, --sudo) or via
BUILD_ISO_USE_UDEV=1 environment setting

Change-Id: I3d1ed0abfbdebd81facb839c6f1d1bbdba8bee73
This commit is contained in:
jmckenna 2018-06-12 15:13:58 -04:00
parent f11ca677a1
commit 8c847caa3c
2 changed files with 75 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
build-tools/build-iso
View File

@ -11,11 +11,19 @@
usage () { usage () {
echo "" echo ""
echo "Usage: " echo "Usage: "
echo " build-iso [--auto <mode>] [--file <filename>] [--device <device>] [--skip-sign]" echo " build-iso [--auto <mode>] [--file <filename>] "
echo " [--device <device>] [--skip-sign]"
echo " [--sudo|udev]"
echo " --file <bootimage.iso> destination ISO file" echo " --file <bootimage.iso> destination ISO file"
echo " --auto <controller|cpe> Modify kickstart to auto-install controller or cpe mode" echo " --auto <controller|cpe> Modify kickstart to auto-install controller or cpe"
echo " mode"
echo " --device <sda> Use a different boot/rootds device (default is sda)" echo " --device <sda> Use a different boot/rootds device (default is sda)"
echo " --skip-sign do not add file signature to RPMs" echo " --skip-sign do not add file signature to RPMs"
echo " --sudo Use \"sudo\" command to access EFI image filesystem (default)"
echo " --udev Use udev to access EFI image filesystem"
echo ""
echo " Note that environment variable BUILD_ISO_USE_UDEV=1 will have the same effect"
echo " as the --udev option"
echo "" echo ""
} }
@ -311,7 +319,9 @@ function init_output_dir {
export MY_BUILD_CFG=$MY_BUILD_CFG; \ export MY_BUILD_CFG=$MY_BUILD_CFG; \
export MY_MOCK_ROOT=$MY_MOCK_ROOT; \ export MY_MOCK_ROOT=$MY_MOCK_ROOT; \
export PATH=$MY_REPO/build-tools:\$PATH; \ export PATH=$MY_REPO/build-tools:\$PATH; \
export BUILD_ISO_USE_UDEV=$BUILD_ISO_USE_UDEV; \
update-efiboot-image" update-efiboot-image"
echo $CMD
if [ "$HOSTNAME" == "yow-cgts3-centos7" ]; then if [ "$HOSTNAME" == "yow-cgts3-centos7" ]; then
echo "Attempting to run update-efiboot-image on yow-cgts3-lx" echo "Attempting to run update-efiboot-image on yow-cgts3-lx"
@ -356,7 +366,7 @@ function init_output_dir {
fi fi
# Run the script # Run the script
$INTERNAL_REPO_ROOT/build-tools/update-efiboot-image BUILD_ISO_USE_UDEV=$BUILD_ISO_USE_UDEV $INTERNAL_REPO_ROOT/build-tools/update-efiboot-image
RET=$? RET=$?
if [ $RET != 0 ]; then if [ $RET != 0 ]; then
printf "*** Error: update-efiboot-image script returned failure $RET *** \n" printf "*** Error: update-efiboot-image script returned failure $RET *** \n"
@ -599,9 +609,12 @@ AUTO_INSTALL=""
CUMULUS=0 CUMULUS=0
SIGN_RPM_FILES=1 SIGN_RPM_FILES=1
DEVICE="" DEVICE=""
if [ -z "$BUILD_ISO_USE_UDEV" ]; then
BUILD_ISO_USE_UDEV=0
fi
# read the options # read the options
TEMP=`getopt -o hf:a:d: --long help,file:,auto:,device:,cumulus,clean,skip-sign -n 'test.sh' -- "$@"` TEMP=`getopt -o hf:a:d: --long help,file:,auto:,device:,cumulus,clean,skip-sign,sudo,udev -n 'test.sh' -- "$@"`
eval set -- "$TEMP" eval set -- "$TEMP"
# extract options and their arguments into variables. # extract options and their arguments into variables.
@ -614,6 +627,8 @@ while true ; do
-f | --file) DEST_FILE="$2"; shift; shift ;; -f | --file) DEST_FILE="$2"; shift; shift ;;
-d | --device) DEVICE="$2"; shift; shift ;; -d | --device) DEVICE="$2"; shift; shift ;;
-a | --auto) AUTO_FLAG=1; AUTO_INSTALL="$2"; shift; shift ;; -a | --auto) AUTO_FLAG=1; AUTO_INSTALL="$2"; shift; shift ;;
--sudo) BUILD_ISO_USE_UDEV=0 ; shift ;;
--udev) BUILD_ISO_USE_UDEV=1 ; shift ;;
--) shift ; break ;; --) shift ; break ;;
*) echo "Internal error!" ; exit 1 ;; *) echo "Internal error!" ; exit 1 ;;
esac esac

108
build-tools/update-efiboot-image
View File

@ -15,28 +15,6 @@
MY_YUM_CONF="" MY_YUM_CONF=""
# Note:
# This needs to be in /usr/local/bin and /usr/local/bin needs to come first in path list.
# this file is a mod of $MY_REPO/build-tools/update-efiboot-image. The original requires
# a fully working udev with we don't have in the container. I use sudo instead.
# shadowing the file fails since the WR stuff carefully recreates a local path before invocation.
# sigh...
# added instructions to rm and ln -s to this one in the README
# check for changes to the original, since we are shadowing...
#ORIG_SUM="2df81b2461ea358b24df77f7539d7fb4"
#TEST_SUM=$(md5sum $MY_REPO/build-tools/update-efiboot-image | awk '{print $1}')
#if [ "$TEST_SUM" != "$ORIG_SUM" ]; then
# echo "The original build-tools/update-efiboot-image has changed or is missing. May need mods to this file!"
# echo "Desired sum = $ORIG_SUM"
# echo "Actual sum = $TEST_SUM"
# exit 1
#fi
#printf " Shadowing update-efiboot-image with the sudo centric one from /usr/local/bin due to lack of udev \n"
function setup_env_vars { function setup_env_vars {
mkdir -p $MY_WORKSPACE/export/ mkdir -p $MY_WORKSPACE/export/
@ -86,7 +64,7 @@ function setup_env_vars {
setup_env_vars setup_env_vars
printf " Calling update-efibot-image\n" printf " Calling $(basename $0)\n"
MOUNT_LOG_FILE=$OUTPUT_DIR/mounts_used.log MOUNT_LOG_FILE=$OUTPUT_DIR/mounts_used.log
# Clear old image file # Clear old image file
@ -99,37 +77,59 @@ cp -L -u $DISTRO_REPO_DIR/images/efiboot.img $OUTPUT_DIR/
printf " Replacing the efiboot.img grub.cfg file with the Titanium Cloud one\n" printf " Replacing the efiboot.img grub.cfg file with the Titanium Cloud one\n"
#RET=$(udisksctl loop-setup -f $OUTPUT_DIR/efiboot.img --no-user-interaction) # We can either use udev or sudo to mount loopback device, etc.
RET=$(sudo losetup --show -f $OUTPUT_DIR/efiboot.img) # This is controlled via env variable
if [ -z "$RET" ] ; then if [ 0${BUILD_ISO_USE_UDEV} -eq 1 ]; then
printf " Error: failed sudo losetup command.\n" RET=$(udisksctl loop-setup -f $OUTPUT_DIR/efiboot.img --no-user-interaction)
exit 1 if [ $? -ne 0 ]; then
printf " Error: failed udev loop-setup command.\n"
exit 1
fi
LOOP=$(echo $RET | awk '{print $5;}' | sed -e 's/\.//g')
else
# no udev - use losetup command
# retcode is the lo device used
RET=$(sudo losetup --show -f $OUTPUT_DIR/efiboot.img)
if [ -z "$RET" ] ; then
printf " Error: failed sudo losetup command.\n"
exit 1
fi
# Save the loop device used into a file
echo $(date) $RET >> $MOUNT_LOG_FILE
LOOP=$(echo $RET)
if [ -z $LOOP ] ; then
printf " Error: failed losetup command.\n"
exit 1
fi
fi fi
printf " $RET\n" # Mount the filesystem
if [ 0${BUILD_ISO_USE_UDEV} -eq 1 ]; then
# Save the loop device used into a file udisksctl mount -b $LOOP
echo $(date) $RET >> $MOUNT_LOG_FILE EFI_MOUNT=$(udisksctl info -b $LOOP | grep MountPoints | awk '{print $2;}')
else
#LOOP=$(echo $RET | awk '{print $5;}' | sed -e 's/\.//g') EFI_MOUNT=$(sudo mktemp -d -p /mnt -t EFI-noudev.XXXXXX)
LOOP=$(echo $RET) sudo mount $LOOP $EFI_MOUNT
if [ -z $LOOP ] ; then
printf " Error: failed losetup command.\n"
exit 1
fi fi
EFI_MOUNT=$(sudo mktemp -d -p /mnt -t EFI-noudev.XXXXXX)
sudo mount $LOOP $EFI_MOUNT
#udisksctl mount -b $LOOP
#EFI_MOUNT=$(udisksctl info -b $LOOP | grep MountPoints | awk '{print $2;}')
if [ -z $EFI_MOUNT ] ; then if [ -z $EFI_MOUNT ] ; then
printf " Error: failed mount command.\n" printf " Error: failed mount command.\n"
exit 1 exit 1
fi fi
# Several commands may need to be executed with sudo if we're not using
# udev. Use a variable to hold the optional "sudo" part
if [ 0${BUILD_ISO_USE_UDEV} -eq 1 ]; then
SUDOPREFIX=""
else
SUDOPREFIX="sudo"
fi
# Update the vanilla UEFI Centos grub.cfg with the Titanium Cloud version # Update the vanilla UEFI Centos grub.cfg with the Titanium Cloud version
sudo cp $INTERNAL_REPO_ROOT/addons/wr-cgcs/layers/cgcs/common-bsp/files/grub.cfg $EFI_MOUNT/EFI/BOOT/grub.cfg ${SUDOPREFIX} cp $INTERNAL_REPO_ROOT/addons/wr-cgcs/layers/cgcs/mwa-beas/bsp-files/grub.cfg $EFI_MOUNT/EFI/BOOT/grub.cfg
# Update the grub and shim executables with the Titanium Cloud signed versions # Update the grub and shim executables with the Titanium Cloud signed versions
# #
@ -141,23 +141,27 @@ GRUBPKG=`find $MY_WORKSPACE/std/rpmbuild/RPMS/grub2-efi-[0-9]*.x86_64.rpm`
pushd $TMPDIR >/dev/null pushd $TMPDIR >/dev/null
rpm2cpio $SHIMPKG | cpio -id --quiet rpm2cpio $SHIMPKG | cpio -id --quiet
sudo find . -name "shim.efi" | xargs -I '{}' sudo cp '{}' $EFI_MOUNT/EFI/BOOT/BOOTX64.EFI ${SUDOPREFIX} find . -name "shim.efi" | xargs -I '{}' ${SUDOPREFIX} cp '{}' $EFI_MOUNT/EFI/BOOT/BOOTX64.EFI
rm -rf * rm -rf *
rpm2cpio $GRUBPKG | cpio -id --quiet rpm2cpio $GRUBPKG | cpio -id --quiet
sudo find . -name "grubx64.efi" | xargs -I '{}' sudo cp '{}' $EFI_MOUNT/EFI/BOOT/grubx64.efi ${SUDOPREFIX} find . -name "grubx64.efi" | xargs -I '{}' ${SUDOPREFIX} cp '{}' $EFI_MOUNT/EFI/BOOT/grubx64.efi
popd >/dev/null popd >/dev/null
rm -rf $TMPDIR rm -rf $TMPDIR
# Create a directory for Secure Boot certificate # Create a directory for Secure Boot certificate
sudo mkdir -p $EFI_MOUNT/CERTS ${SUDOPREFIX} mkdir -p $EFI_MOUNT/CERTS
sudo cp $INTERNAL_REPO_ROOT/build-tools/certificates/* $EFI_MOUNT/CERTS ${SUDOPREFIX} cp $INTERNAL_REPO_ROOT/build-tools/certificates/* $EFI_MOUNT/CERTS
# Cleanup mounts # Cleanup mounts
sudo umount $LOOP if [ 0${BUILD_ISO_USE_UDEV} -eq 1 ]; then
#udisksctl unmount -b $LOOP udisksctl unmount -b $LOOP
RET=$(sudo losetup -d $LOOP) RET=$(udisksctl loop-delete -b $LOOP)
#RET=$(udisksctl loop-delete -b $LOOP) else
sudo umount $LOOP
RET=$(sudo losetup -d $LOOP)
fi
echo $(date) Deleted $LOOP. $RET >> $MOUNT_LOG_FILE echo $(date) Deleted $LOOP. $RET >> $MOUNT_LOG_FILE
sudo rmdir $EFI_MOUNT ${SUDOPREFIX} rmdir $EFI_MOUNT
exit 0 exit 0