starlingx/tools
Code Issues Proposed changes

LAT: upgrade to 20220403 to add hook to customize iso

Browse Source 
In https://github.com/Wind-River/meta-lat/, it contains commits:
 e01f82d wic: add boot param BOOTIF=$net_default_mac to grub.cfg
 e8c43f8 genimage: correct typo for ISO image generation
 cd132bd genimage/debian_constant.py.in: correct typo
 2bfd727 lat installer: set to boot from disk as first order
 f2fe2cb lat debian: provide a hook as example to customize ISO image
 cfd4840 lat: add hook to customize iso
 facc678 wic: add hook to customize iso
 f08f82d genimage: do not copy ostree repo to PXE tarball
 efd6d2c lat intaller: try to find local kickstart configuration
 from instboot partition
 42a5482 grub-efi bbappend: add built-in commands

Edit base-bullseye.yaml to provide an example to customize
ISO image which add the following files to ISO image:
- kickstart: including self generated iso-ks.cfg and pxe-ks.cfg,
  copy kickstart.cfg from rootfs
- pxeboot: for both of EFI and Legacy BIOS, and support EFI secure
  boot if possible

iso/
├── kickstart
│   ├── iso-ks.cfg
│   ├── kickstart.cfg
│   └── pxe-ks.cfg
└── pxeboot
    ├── bzImage
    ├── bzImage.sig
    ├── EFI
    │   └── BOOT
    │       ├── bootx64.efi
    │       ├── bootx64-nosig.efi
    │       ├── grub.cfg
    │       ├── grub.cfg.sig
    │       ├── grubx64.efi
    │       ├── LockDown.efi
    │       ├── LockDown.efi.sig
    │       └── mmx64.efi
    ├── grubx64.efi
    ├── initrd
    ├── initrd.sig
    ├── ldlinux.c32
    ├── libcom32.c32
    ├── libutil.c32
    ├── pxelinux.0
    ├── pxelinux.cfg
    │   └── default
    └── vesamenu.c32

Story: 2008846
Task: 44920

PASS: Build ISO image with EFI secure boot feature enabled
PASS: Build ISO image with EFI secure boot feature disabled

Depends-On: https://review.opendev.org/c/starlingx/integ/+/836224

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Change-Id: Idf251857ca9bf486eeb36831ce8e9f99fdc2d5d3
This commit is contained in:
Hongxu Jia 2022-04-02 10:07:13 +08:00
parent 5e6e1f64d1
commit 1dae66b696
2 changed files with 114 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

113
debian-mirror-tools/config/debian/common/base-bullseye.yaml
View File

@ -115,6 +115,119 @@ ostree:
OSTREE_FDISK_VSZ: 20480
OSTREE_FDISK_FSZ: 32
OSTREE_CONSOLE: console=ttyS0,115200 console=tty1
iso-post-script: |
cd ${ISO_DIR}
# 1. Kickstart
mkdir -p kickstart
# 1.1 Kickstart example for PXE
cat << ENDOF > kickstart/pxe-ks.cfg
lat-disk --install-device=/dev/disk/by-path/pci-0000:af:00.0-scsi-0:2:0:0
ENDOF
# 1.2 Kickstart example for ISO
cat << ENDOF > kickstart/iso-ks.cfg
lat-disk --install-device=/dev/sda
ENDOF
# 1.3 Kickstart from image rootfs (provided by package platform-kickstarts)
if [ -e $IMAGE_ROOTFS/var/www/pages/feed/rel-22.02/kickstart.cfg ]; then
cp $IMAGE_ROOTFS/var/www/pages/feed/rel-22.02/kickstart.cfg kickstart/
fi
# 2. PXE
mkdir -p pxeboot/pxelinux.cfg
# 2.1 Kernel and initramfs
install -m 644 bzImage* pxeboot
install -m 644 initrd* pxeboot
# 2.2 Bootloader
# 2.2.1 Legacy BIOS PXE
cp $OECORE_TARGET_SYSROOT/usr/share/syslinux/pxelinux.0 pxeboot/
cp isolinux/isolinux.cfg pxeboot/pxelinux.cfg/default
for f in libcom32.c32 ldlinux.c32 libutil.c32 vesamenu.c32; do
cp isolinux/$f pxeboot/
done
# 2.2.2 EFI PXE
cp -a EFI pxeboot
if [ -e $OECORE_TARGET_SYSROOT/boot/efi/EFI/BOOT/bootx64-nosig.efi ]; then
cp $OECORE_TARGET_SYSROOT/boot/efi/EFI/BOOT/bootx64-nosig.efi pxeboot/EFI/BOOT/
fi
# 2.3 Edit grub.cfg and pxelinux.cfg/default
# 2.3.1 Drop to install from local ostree repo
sed -i "s#instl=/ostree_repo#@BOOTPARAMS@#g" \
pxeboot/EFI/BOOT/grub.cfg \
pxeboot/pxelinux.cfg/default
# 2.3.2 Install from remote ostree repo
sed -i "s#insturl=file://NOT_SET#insturl=http://pxecontroller:8080/feed/debian/ostree_repo#g" \
pxeboot/EFI/BOOT/grub.cfg \
pxeboot/pxelinux.cfg/default
# 2.3.3 Configure kickstart url
BOOT_PARAMS="ks=http://pxecontroller:8080/feed/debian/kickstart/pxe-ks.cfg"
# 2.3.4 Verbose installation
BOOT_PARAMS="${BOOT_PARAMS} instsh=2"
# 2.3.5 Update boot params
sed -i "s#@BOOTPARAMS@#${BOOT_PARAMS}#g" \
pxeboot/EFI/BOOT/grub.cfg \
pxeboot/pxelinux.cfg/default
# 2.3.6 Add `Boot from hard drive' entry to grub.cfg
cat <<ENDOF>> pxeboot/EFI/BOOT/grub.cfg
menuentry 'UEFI Boot from hard drive' {
search --set=root --label otaefi
configfile /efi/boot/grub.cfg
}
ENDOF
# 2.4 Tweak PXE if EFI secure boot enabled
if [ "$EFI_SECURE_BOOT" = enable ]; then
# On some host, PXE make bootx64.efi search grubx64.efi
# from tftp/ dir other than tftp/EFI/BOOT/
install -m 0644 EFI/BOOT/grubx64.efi pxeboot/
# Resign grub.cfg
rm pxeboot/EFI/BOOT/grub.cfg.sig
echo 'SecureCore' | gpg --pinentry-mode loopback \
--batch \
--homedir /tmp/.lat_gnupg_root \
-u SecureBootCore \
--detach-sign \
--passphrase-fd 0 \
pxeboot/EFI/BOOT/grub.cfg
fi
# 3. ISO
# 3.1 Edit grub.cfg and isolinux.cfg
# 3.1.1 Configure local kickstart url
BOOT_PARAMS="ks=file:///kickstart/iso-ks.cfg"
# 3.1.2 Verbose installation
BOOT_PARAMS="${BOOT_PARAMS} instsh=2"
# 3.1.3 Update boot params
sed -i "s#instl=/ostree_repo#& ${BOOT_PARAMS}#g" \
EFI/BOOT/grub.cfg \
isolinux/isolinux.cfg
# 3.2 Resign grub.cfg if EFI secure boot enabled
if [ "$EFI_SECURE_BOOT" = enable ]; then
rm EFI/BOOT/grub.cfg.sig
echo 'SecureCore' | gpg --pinentry-mode loopback \
--batch \
--homedir /tmp/.lat_gnupg_root \
-u SecureBootCore \
--detach-sign \
--passphrase-fd 0 \
EFI/BOOT/grub.cfg
fi
system:
- contains:
- /localdisk/deploy/lat-initramfs.yaml

2
stx/dockerfiles/stx-lat-tool.Dockerfile
View File

@ -16,7 +16,7 @@ FROM debian:bullseye
MAINTAINER Chen Qi <Qi.Chen@windriver.com>
ARG LAT_BINARY_RESOURCE_PATH=http://mirror.starlingx.cengn.ca/mirror/lat-sdk/lat-sdk-20220325
ARG LAT_BINARY_RESOURCE_PATH=http://mirror.starlingx.cengn.ca/mirror/lat-sdk/lat-sdk-20220403
# Install necessary packages
RUN apt-get -y update && apt-get --no-install-recommends -y install \