From 7c7589c36d18382bf5f77791a9b37dfb9bc5b616 Mon Sep 17 00:00:00 2001 From: Gardouille Date: Fri, 18 Aug 2023 15:10:50 +0200 Subject: [PATCH] Create unified kernel for arch linux --- archlinux/create-efi-kernel.sh | 418 +++++++++++++++++++++++++++++++++ 1 file changed, 418 insertions(+) create mode 100755 archlinux/create-efi-kernel.sh diff --git a/archlinux/create-efi-kernel.sh b/archlinux/create-efi-kernel.sh new file mode 100755 index 0000000..138a62b --- /dev/null +++ b/archlinux/create-efi-kernel.sh @@ -0,0 +1,418 @@ +#!/bin/sh +# +# Purpose {{{ +# This script will create an Unified Kernel + UEFI entry for ArchLinux +# 1. Verify dependancies (efibootmgr, objcopy…). +# 2. Clean older unified kernels. +# 3. Backup last unified kernel. +# 4. Create a new unified kernel from vmlinuz, initramfs, UUID of root,… +# 5. Ensure an UEFI entry exists for this unified kernel. +# +# 2023-08-17 +# }}} +# TODO {{{ +# 1. Encrypted LVM is not yet supported. See crypt_part_uuid relative comments. +# }}} +# Flags {{{ +## Exit on error {{{ +set -o errexit +## }}} +## Exit on unset var {{{ +### Use "${VARNAME-}" to test a var that may not have been set +set -o nounset +## }}} +## Pipeline command is treated as failed {{{ +### Not available in POSIX sh − https://github.com/koalaman/shellcheck/wiki/SC3040 +#set -o pipefail +## }}} +## Help with debugging {{{ +### Call the script by prefixing it with "TRACE=1 ./script.sh" +if [ "${TRACE-0}" -eq 1 ]; then set -o xtrace; fi +## }}} +# }}} +# Vars {{{ +PROGNAME=$(basename "${0}"); readonly PROGNAME +PROGDIR=$(readlink --canonicalize-missing $(dirname "${0}")); readonly PROGDIR +ARGS="${*}"; readonly ARGS +readonly NBARGS="${#}" +[ -z "${DEBUG-}" ] && DEBUG=1 +## Export DEBUG for sub-script +export DEBUG + +## Default values for Unified kernel +readonly ROOT_UUID_DEFAULT=$(findmnt --kernel --noheadings --output UUID -- /) +readonly ROOT_FSTYPE_DEFAULT=$(findmnt --kernel --noheadings --output FSTYPE -- /) +readonly CRYPT_PART_UUID_DEFAULT=$(blkid | sed --silent 's;/dev/.*_crypt.*UUID="\(.*\)".*TYPE=.*;\1;p') +readonly UEFI_BOOT_STUB_FILE_DEFAULT="/usr/lib/systemd/boot/efi/linuxx64.efi.stub" + +## Default values for UEFI entry +readonly EFI_BASE_LABEL_DEFAULT="Arch Linux unified" +readonly EFI_MOUNT_PATH_DEFAULT="/boot/efi" + +## Temp files +readonly temp_kernel_command_file="/tmp/kernel.command.temp" + +## Colors +readonly PURPLE='\033[1;35m' +readonly RED='\033[0;31m' +readonly RESET='\033[0m' +readonly COLOR_DEBUG="${PURPLE}" +# }}} +usage() { # {{{ + + cat <<- HELP +usage: $PROGNAME [-d|-h|-b|-f|-k|-u|-l|-m] + +Script to build unified kernel for Arch Linux will all required informations +(vmlinuz, initramfs, UUID of root's partition,…) and create an UEFI entry. + +EXAMPLES : + - Build unified kernel with default : + ${PROGNAME} + + - Build unified kernel with current command line : + ${PROGNAME} --kernel "\$(< /proc/cmdline)" + +OPTIONS : + -d,--debug + Enable debug messages. + + -h,--help + Print this help message. + +Unified kernel OPTIONS : + + -b,--boot-stub,--uefi-boot + Define UEFI boot stub file to use. + (default: ${UEFI_BOOT_STUB_FILE_DEFAULT}) + For more infos, see: https://man.archlinux.org/man/linuxx64.efi.stub.7.en + + -f,--fs,--root-fs + Define a different root partition's filesystem. + (default: ${ROOT_FSTYPE_DEFAULT}) + Thanks to command : findmnt --kernel --noheadings --output FSTYPE -- / + + -u,--uuid,--root-uuid + Define a different root partition's UUID. + (default: ${ROOT_UUID_DEFAULT}) + Thanks to command : findmnt --kernel --noheadings --output UUID -- / + + -k,--kernel,--kernel-cmd + Define the kernel command line to use. + (default: build with root-fs|root-uuid and add_efi_memmap + ro options) + +UEFI entry OPTIONS : + + -l,--label + Set a new label for UEFI entry. + (default: ${EFI_BASE_LABEL_DEFAULT}) + + -m,--mount-path,--esp + Define a different mountpoint for the EFI partition. + (default: ${EFI_MOUNT_PATH_DEFAULT}) +HELP +} +# }}} +debug_message() { # {{{ + + local_debug_message="${1}" + + ## Print message if DEBUG is enable (=0) + [ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6b\e[m\n' "DEBUG − ${PROGNAME} : ${local_debug_message}" + + unset local_debug_message + + return 0 +} +# }}} +error_message() { # {{{ + + local_error_message="${1}" + local_error_code="${2}" + + ## Print message + printf '%b\n' "ERROR − ${PROGNAME} : ${RED}${local_error_message}${RESET}" >&2 + + unset local_error_message + + exit "${local_error_code:=66}" +} +# }}} +define_vars() { # {{{ + + # If root_uuid wasn't defined (argument) {{{ + if [ -z "${root_uuid-}" ]; then + ## Use default value + readonly root_uuid="${ROOT_UUID_DEFAULT}" + fi + # }}} + # If root_fstype wasn't defined (argument) {{{ + if [ -z "${root_fstype-}" ]; then + ## Use default value + readonly root_fstype="${ROOT_FSTYPE_DEFAULT}" + fi + # }}} + # If kernel_command_line wasn't defined (argument) {{{ + if [ -z "${kernel_command_line-}" ]; then + ## Use default value + readonly kernel_command_line="root=UUID=${root_uuid} rootfstype=${root_fstype} add_efi_memmap ro" + ## For encrypted LVM + #readonly kernel_command_line="root=UUID=${root_uuid} rootfstype=${root_fstype} add_efi_memmap ro cryptdevice=UUID=${crypt_part_uuid}:lvm" + fi + # }}} + # If uefi_boot_stub_file wasn't defined (argument) {{{ + if [ -z "${uefi_boot_stub_file-}" ]; then + ## Use default value + readonly uefi_boot_stub_file="${UEFI_BOOT_STUB_FILE_DEFAULT}" + fi + # }}} + + # If efi_base_label wasn't defined (argument) {{{ + if [ -z "${efi_base_label-}" ]; then + ## Use default value + readonly efi_base_label="${EFI_BASE_LABEL_DEFAULT}" + fi + # }}} + # If efi_mount_path wasn't defined (argument) {{{ + if [ -z "${efi_mount_path-}" ]; then + ## Use default value + readonly efi_mount_path="${EFI_MOUNT_PATH_DEFAULT}" + fi + # }}} + + # If esp_device wasn't defined (argument) {{{ + if [ -z "${esp_device-}" ]; then + ## Use default value + readonly esp_device=$(findmnt -kno SOURCE "${efi_mount_path}" | grep --invert-match -- systemd | sed s-/dev/--) + fi + # }}} + # If esp_disk wasn't defined (argument) {{{ + if [ -z "${esp_disk-}" ]; then + ## Use default value + readonly esp_disk=$(lsblk /dev/"${esp_device}" -no pkname) + fi + # }}} + # If esp_part wasn't defined (argument) {{{ + if [ -z "${esp_part-}" ]; then + ## Use default value + readonly esp_part=$(cat /sys/class/block/"${esp_device}"/partition) + fi + # }}} + +} +# }}} + +is_command_available() { # {{{ + + local_command_available_cmd="${1}" + debug_prefix="${2:-}" + + ## Return False by default + return_command_available="1" + + if [ "$(command -v ${local_command_available_cmd})" ]; then + debug_message "${debug_prefix}is_command_available − \ +${RED}${local_command_available_cmd}${COLOR_DEBUG} seems present on this host." + return_command_available="0" + else + debug_message "${debug_prefix}is_command_available − \ +${RED}${local_command_available_cmd}${COLOR_DEBUG} is not available on this host." + return_command_available="1" + fi + + unset local_command_available_cmd + unset debug_prefix + + return "${return_command_available}" +} +# }}} + +main() { # {{{ + + debug_message "--- MAIN BEGIN" + + ## If a efibootmgr is missing {{{ + ### Exit with error message + is_command_available "efibootmgr" "| " \ + || error_message "No efibootmgr command available. Please install efibootmgr package with your package manager (pacman -S efibootmgr)." 01 + ## }}} + ## If a objcopy is missing {{{ + ### Exit with error message + is_command_available "objcopy" "| " \ + || error_message "No objcopy command available. Please install binutils package with your package manager (pacman -S binutils)." 02 + ## }}} + + ## Define all vars + define_vars + debug_message "| Define vars" + + ## If UEFI boot stub is missing {{{ + ### Exit with error message + test -f "${uefi_boot_stub_file}" \ + || error_message "No UEFI boot stub file available (${uefi_boot_stub_file}). Please verify your systemd installation (systemd or systemd-boot-efi packages)." 03 + ## }}} + ## Ensure EFI device is mounted {{{ + if ! mountpoint --quiet "${efi_mount_path}"; then + mount "${efi_mount_path}" \ + || error_message "Can't mount EFI device" 04 + fi + ## }}} + + ## Put Kernel command line in temp file {{{ + rm --force -- "${temp_kernel_command_file}" ; touch "${temp_kernel_command_file}" + printf "%s" "${kernel_command_line}" >> "${temp_kernel_command_file}" + ## }}} + + ## Calculate address values to use for each section {{{ + osrel_offs=$(objdump --section-headers -- "${uefi_boot_stub_file}" | awk 'NF==7 {size=strtonum("0x"$3); offset=strtonum("0x"$4)} END {print size + offset}') + cmdline_offs=$((osrel_offs + $(stat --dereference --format=%s -- "/usr/lib/os-release"))) + linux_offs=$((cmdline_offs + $(stat --dereference --format=%s -- "${temp_kernel_command_file}"))) + #linux_offs=$((cmdline_offs + $(stat --dereference --format=%s -- "/proc/cmdline"))) + initrd_offs=$((linux_offs + $(stat --dereference --format=%s -- "/boot/vmlinuz-linux"))) + ## }}} + + ## Debug message {{{ + debug_message "Try to build Unified kernel with from this informations :\r + * UEFI boot stub file: ${RED}${uefi_boot_stub_file}${COLOR_DEBUG}\r + * Root's UUID: ${RED}${root_uuid}${COLOR_DEBUG}\r + * Root's filesystem: ${RED}${root_fstype}${COLOR_DEBUG}\r + * Kernel command line: ${RED}${kernel_command_line}${COLOR_DEBUG}\r + * EFI device: ${RED}${esp_device}${COLOR_DEBUG}\r + * EFI disk: ${RED}${esp_disk}${COLOR_DEBUG}\r + * EFI partition number: ${RED}${esp_part}${COLOR_DEBUG}\r +Addresses values :\r + * osrel : ${RED}${osrel_offs}${COLOR_DEBUG}\r + * cmdline : ${RED}${cmdline_offs}${COLOR_DEBUG}\r + * linux : ${RED}${linux_offs}${COLOR_DEBUG}\r + * initrd : ${RED}${initrd_offs}${COLOR_DEBUG}\r +And generate UEFI entry :\r + * Label: ${RED}${efi_base_label}${COLOR_DEBUG}" + + ## }}} + + ## Ensure EFI mount path subdirectories exists + mkdir --parents -- "${efi_mount_path}/EFI/arch/" + ## Create unified kernel blob {{{ + objcopy \ + --add-section .osrel="/usr/lib/os-release" --change-section-vma .osrel=$(printf 0x%x $osrel_offs) \ + --add-section .cmdline="${temp_kernel_command_file}" --change-section-vma .cmdline=$(printf 0x%x $cmdline_offs) \ + --add-section .linux="/boot/vmlinuz-linux" --change-section-vma .linux=$(printf 0x%x $linux_offs) \ + --add-section .initrd="/boot/initramfs-linux.img" --change-section-vma .initrd=$(printf 0x%x $initrd_offs) \ + "${uefi_boot_stub_file}" "${efi_mount_path}/EFI/arch/linux.arch.efi" + ## }}} + ## If no UEFI entry for this label + kernel {{{ + ## Create one + efibootmgr | grep --quiet -- "${efi_base_label}.*\\\EFI\\\arch\\\linux.arch.efi" \ + || efibootmgr --disk /dev/"${esp_disk}" --part "${esp_part}" --create --label "${efi_base_label}" --loader "\\EFI\\arch\\linux.arch.efi" + ## }}} + + ## Remove temp files + rm --force -- "${temp_kernel_command_file}" + + debug_message "--- MAIN END" +} +# }}} + +# Manage arguments # {{{ +# This code can't be in a function due to argument management + +if [ ! "${NBARGS}" -eq "0" ]; then + + manage_arg="0" + + ## If the first argument ask for help (h|help|-h|-help|-*h|-*help) {{{ + if printf -- '%s' "${1-}" | grep --quiet --extended-regexp -- "^-*h(elp)?$"; then + usage + exit 0 + fi + ## }}} + + ## If the first argument is not an option + if ! printf -- '%s' "${1}" | grep --quiet --extended-regexp -- "^-+"; + then + ## Print help message and exit + printf '%b\n' "${RED}Invalid option: ${1}${RESET}" + printf '%b\n' "---" + usage + + exit 1 + fi + + # Parse all options (start with a "-") one by one + while printf -- '%s' "${1-}" | grep --quiet --extended-regexp -- "^-+"; do + + case "${1}" in + ## OPTIONS + -d|--debug ) ## debug + DEBUG=0 + debug_message "--- Manage argument BEGIN" + ;; + -h|--help ) ## display help message + usage + exit 0 + ;; + ## Unified kernel OPTIONS + -u|--boot-stub|--uefi-boot ) ## Define uefi_boot_stub_file with given arg + ## Move to the next argument + shift + ## Define var + readonly uefi_boot_stub_file="${1}" + ;; + -k|--kernel|--kernel-cmd ) ## Define kernel_command_line with given arg + ## Move to the next argument + shift + ## Define var + readonly kernel_command_line="${1}" + ;; + -f|--fs|--root-fs ) ## Define root_fstype with given arg + ## Move to the next argument + shift + ## Define var + readonly root_fstype="${1}" + ;; + -u|--uuid|--root-uuid ) ## Define root_uuid with given arg + ## Move to the next argument + shift + ## Define var + readonly root_uuid="${1}" + ;; + ## UEFI entry OPTIONS + -l|--label ) ## Define efi_base_label with given arg + ## Move to the next argument + shift + ## Define var + readonly efi_base_label="${1}" + ;; + -m|--mount-path|--esp ) ## Define efi_mount_path with given arg + ## Move to the next argument + shift + ## Define var + readonly efi_mount_path="${1}" + ;; + * ) ## unknow option + printf '%b\n' "${RED}Invalid option: ${1}${RESET}" + printf '%b\n' "---" + usage + exit 1 + ;; + esac + + debug_message "| ${RED}${1}${COLOR_DEBUG} option managed." + + ## Move to the next argument + shift + manage_arg=$((manage_arg+1)) + + done + + debug_message "| ${RED}${manage_arg}${COLOR_DEBUG} argument(s) successfully managed." +else + debug_message "| No arguments/options to manage." +fi + + debug_message "--- Manage argument END" +# }}} + +main + +exit 0