diff options
author | Andrew Ammerlaan <andrewammerlaan@gentoo.org> | 2023-12-19 09:03:22 +0100 |
---|---|---|
committer | Michał Górny <mgorny@gentoo.org> | 2023-12-23 18:35:08 +0100 |
commit | 31e23ab264c3a1479d57261f49a6aa7411152619 (patch) | |
tree | 6a422bc60c0f0d2bb850d827325b2aea1a9ae7c4 /eclass/kernel-install.eclass | |
parent | profiles: mask prebuilt uki on stable and unavailable arches (diff) | |
download | gentoo-31e23ab264c3a1479d57261f49a6aa7411152619.tar.gz gentoo-31e23ab264c3a1479d57261f49a6aa7411152619.tar.bz2 gentoo-31e23ab264c3a1479d57261f49a6aa7411152619.zip |
kernel-{build,install}.eclass: add USE=generic-uki
- optionally build a generic unified kernel image
- only install this uki.efi in any binary generated binpkgs, this saves space
- extract the initrd and kernel image from the uki in pkg_postinst
- own image, initrd and uki install paths
Signed-off-by: Andrew Ammerlaan <andrewammerlaan@gentoo.org>
Signed-off-by: Michał Górny <mgorny@gentoo.org>
Diffstat (limited to 'eclass/kernel-install.eclass')
-rw-r--r-- | eclass/kernel-install.eclass | 212 |
1 files changed, 204 insertions, 8 deletions
diff --git a/eclass/kernel-install.eclass b/eclass/kernel-install.eclass index c7118a720ba6..919a5d11fd84 100644 --- a/eclass/kernel-install.eclass +++ b/eclass/kernel-install.eclass @@ -21,6 +21,13 @@ # Additionally, the inherited mount-boot eclass exports pkg_pretend. # It also stubs out pkg_preinst and pkg_prerm defined by mount-boot. +# @ECLASS_VARIABLE: KERNEL_IUSE_GENERIC_UKI +# @PRE_INHERIT +# @DEFAULT_UNSET +# @DESCRIPTION: +# If set to a non-null value, adds IUSE=generic-uki and required +# logic to install a generic unified kernel image. + # @ECLASS_VARIABLE: KV_LOCALVERSION # @DEFAULT_UNSET # @DESCRIPTION: @@ -28,6 +35,13 @@ # Needs to be set only when installing binary kernels, # kernel-build.eclass obtains it from kernel config. +# @ECLASS_VARIABLE: INITRD_PACKAGES +# @INTERNAL +# @DESCRIPTION: +# Used with KERNEL_IUSE_GENERIC_UKI. The eclass sets this to an array of +# packages to depend on for building the generic UKI and their licenses. +# Used in kernel-build.eclass. + if [[ ! ${_KERNEL_INSTALL_ECLASS} ]]; then _KERNEL_INSTALL_ECLASS=1 @@ -46,8 +60,7 @@ RESTRICT+=" arm? ( test ) " -# note: we need installkernel with initramfs support! -IDEPEND=" +_IDEPEND_BASE=" !initramfs? ( || ( sys-kernel/installkernel-gentoo @@ -63,6 +76,146 @@ IDEPEND=" ) ) " + +LICENSE="GPL-2" +if [[ ${KERNEL_IUSE_GENERIC_UKI} ]]; then + IUSE+=" generic-uki" + # https://github.com/AndrewAmmerlaan/dist-kernel-log-to-licenses + # This script can help with generating the array below, keep in mind + # that it is not a fully automatic solution, i.e. use flags will + # still have to handled manually. + declare -gA INITRD_PACKAGES=( + ["app-alternatives/awk"]="CC0-1.0" + ["app-alternatives/gzip"]="CC0-1.0" + ["app-alternatives/sh"]="CC0-1.0" + ["app-arch/bzip2"]="BZIP2" + ["app-arch/gzip"]="GPL-3+" + ["app-arch/lz4"]="BSD-2 GPL-2" + ["app-arch/xz-utils"]="public-domain LGPL-2.1+ GPL-2+" + ["app-arch/zstd"]="|| ( BSD GPL-2 )" + ["app-crypt/argon2"]="|| ( Apache-2.0 CC0-1.0 )" + ["app-crypt/gnupg[smartcard,tpm(-)]"]="GPL-3+" + ["app-crypt/p11-kit"]="MIT" + ["app-crypt/tpm2-tools"]="BSD" + ["app-crypt/tpm2-tss"]="BSD-2" + ["app-misc/ddcutil"]="GPL-2" + ["app-misc/jq"]="MIT CC-BY-3.0" + ["app-shells/bash"]="GPL-3+" + ["dev-db/sqlite"]="public-domain" + ["dev-libs/cyrus-sasl"]="BSD-with-attribution" + ["dev-libs/expat"]="MIT" + ["dev-libs/glib"]="LGPL-2.1+" + ["dev-libs/hidapi"]="|| ( BSD GPL-3 HIDAPI )" + ["dev-libs/icu"]="BSD" + ["dev-libs/json-c"]="MIT" + ["dev-libs/libaio"]="LGPL-2" + ["dev-libs/libassuan"]="GPL-3 LGPL-2.1" + ["dev-libs/libevent"]="BSD" + ["dev-libs/libffi"]="MIT" + ["dev-libs/libgcrypt"]="LGPL-2.1 MIT" + ["dev-libs/libgpg-error"]="GPL-2 LGPL-2.1" + ["dev-libs/libp11"]="LGPL-2.1" + ["dev-libs/libpcre2"]="BSD" + ["dev-libs/libtasn1"]="LGPL-2.1+" + ["dev-libs/libunistring"]="|| ( LGPL-3+ GPL-2+ ) || ( FDL-1.2 GPL-3+ )" + ["dev-libs/libusb"]="LGPL-2.1" + ["dev-libs/lzo"]="GPL-2+" + ["dev-libs/npth"]="LGPL-2.1+" + ["dev-libs/nss"]="|| ( MPL-2.0 GPL-2 LGPL-2.1 )" + ["dev-libs/oniguruma"]="BSD-2" + ["dev-libs/opensc"]="LGPL-2.1" + ["dev-libs/openssl"]="Apache-2.0" + ["dev-libs/userspace-rcu"]="LGPL-2.1" + ["media-libs/libmtp"]="LGPL-2.1" + ["media-libs/libpng"]="libpng2" + ["media-libs/libv4l"]="LGPL-2.1+" + ["net-dns/c-ares"]="MIT ISC" + ["net-dns/libidn2"]="|| ( GPL-2+ LGPL-3+ ) GPL-3+ unicode" + ["net-fs/cifs-utils"]="GPL-3" + ["net-fs/nfs-utils"]="GPL-2" + ["net-fs/samba"]="GPL-3" + ["net-libs/libmnl"]="LGPL-2.1" + ["net-libs/libndp"]="LGPL-2.1+" + ["net-libs/libtirpc"]="BSD BSD-2 BSD-4 LGPL-2.1+" + ["net-libs/nghttp2"]="MIT" + ["net-misc/curl"]="BSD curl ISC" + ["net-misc/networkmanager[iwd]"]="GPL-2+ LGPL-2.1+" + ["net-nds/openldap"]="OPENLDAP GPL-2" + ["net-wireless/bluez"]="GPL-2+ LGPL-2.1+" + ["net-wireless/iwd"]="GPL-2" + ["sys-apps/acl"]="LGPL-2.1" + ["sys-apps/attr"]="LGPL-2.1" + ["sys-apps/baselayout"]="GPL-2" + ["sys-apps/coreutils"]="GPL-3+" + ["sys-apps/dbus"]="|| ( AFL-2.1 GPL-2 )" + ["sys-apps/fwupd"]="LGPL-2.1+" + ["sys-apps/gawk"]="GPL-3+" + ["sys-apps/hwdata"]="GPL-2+" + ["sys-apps/iproute2"]="GPL-2" + ["sys-apps/kbd"]="GPL-2" + ["sys-apps/keyutils"]="GPL-2 LGPL-2.1" + ["sys-apps/kmod"]="LGPL-2" + ["sys-apps/less"]="|| ( GPL-3 BSD-2 )" + ["sys-apps/nvme-cli"]="GPL-2 GPL-2+" + ["sys-apps/pcsc-lite"]="BSD ISC MIT GPL-3+ GPL-2" + ["sys-apps/rng-tools"]="GPL-2" + ["sys-apps/sandbox"]="GPL-2" + ["sys-apps/sed"]="GPL-3+" + ["sys-apps/shadow"]="BSD GPL-2" + ["sys-apps/systemd[boot(-),cryptsetup,pkcs11,policykit,tpm,ukify(-)]"]="GPL-2 LGPL-2.1 MIT public-domain" + ["sys-apps/util-linux"]="GPL-2 GPL-3 LGPL-2.1 BSD-4 MIT public-domain" + ["sys-auth/polkit"]="LGPL-2" + ["sys-block/nbd"]="GPL-2" + ["sys-block/open-isns"]="LGPL-2.1" + ["sys-boot/plymouth"]="GPL-2" + ["sys-devel/gcc"]="GPL-3+ LGPL-3+ || ( GPL-3+ libgcc libstdc++ gcc-runtime-library-exception-3.1 ) FDL-1.3+" + ["sys-fs/btrfs-progs"]="GPL-2" + ["sys-fs/cryptsetup"]="GPL-2+" + ["sys-fs/dmraid"]="GPL-2" + ["sys-fs/dosfstools"]="GPL-3" + ["sys-fs/e2fsprogs"]="GPL-2 BSD" + ["sys-fs/lvm2[lvm]"]="GPL-2" + ["sys-fs/mdadm"]="GPL-2" + ["sys-fs/multipath-tools"]="GPL-2" + ["sys-fs/xfsprogs"]="LGPL-2.1" + ["sys-kernel/dracut"]="GPL-2" + ["sys-kernel/linux-firmware[redistributable,-unknown-license]"]="GPL-2 GPL-2+ GPL-3 BSD MIT || ( MPL-1.1 GPL-2 ) linux-fw-redistributable BSD-2 BSD BSD-4 ISC MIT" + ["sys-libs/glibc"]="LGPL-2.1+ BSD HPND ISC inner-net rc PCRE" + ["sys-libs/libapparmor"]="GPL-2 LGPL-2.1" + ["sys-libs/libcap"]="|| ( GPL-2 BSD )" + ["sys-libs/libcap-ng"]="LGPL-2.1" + ["sys-libs/libnvme"]="LGPL-2.1+" + ["sys-libs/libseccomp"]="LGPL-2.1" + ["sys-libs/libxcrypt"]="LGPL-2.1+ public-domain BSD BSD-2" + ["sys-libs/ncurses"]="MIT" + ["sys-libs/pam"]="|| ( BSD GPL-2 )" + ["sys-libs/readline"]="GPL-3+" + ["sys-libs/zlib"]="ZLIB" + ["sys-process/procps"]="GPL-2+ LGPL-2+ LGPL-2.1+" + ["x11-libs/libdrm"]="MIT" + ["amd64? ( sys-firmware/intel-microcode )"]="amd64? ( intel-ucode )" + ["x86? ( sys-firmware/intel-microcode )"]="x86? ( intel-ucode )" + ) + LICENSE+=" + generic-uki? ( ${INITRD_PACKAGES[@]} ) + " + + IDEPEND=" + generic-uki? ( + || ( + >=sys-kernel/installkernel-systemd-3 + >=sys-kernel/installkernel-gentoo-8[-dracut(-),-ukify(-)] + ) + ) + !generic-uki? ( + ${_IDEPEND_BASE} + ) + " +else + IDEPEND="${_IDEPEND_BASE}" +fi +unset _IDEPEND_BASE + # needed by objtool that is installed along with the kernel and used # to build external modules # NB: linux-mod.eclass also adds this dep but it's cleaner to have @@ -442,6 +595,21 @@ kernel-install_pkg_preinst() { fi } +# @FUNCTION: kernel-install_extract_from_uki +# @USAGE: <type> <input> <output> +# @DESCRIPTION: +# Extracts kernel image or initrd from an UKI. <type> must be "linux" +# or "initrd". +kernel-install_extract_from_uki() { + [[ ${#} -eq 3 ]] || die "${FUNCNAME}: invalid arguments" + local extract_type=${1} + local uki=${2} + local out=${3} + + $(tc-getOBJCOPY) -O binary "-j.${extract_type}" "${uki}" "${out}" || + die "Failed to extract ${extract_type}" +} + # @FUNCTION: kernel-install_install_all # @USAGE: <ver> # @DESCRIPTION: @@ -459,26 +627,41 @@ kernel-install_install_all() { local dir_ver=${1} local kernel_dir=${EROOT}/usr/src/linux-${dir_ver} local relfile=${kernel_dir}/include/config/kernel.release + local image_path=${kernel_dir}/$(dist-kernel_get_image_path) + local image_dir=${image_path%/*} local module_ver module_ver=$(<"${relfile}") || die + if [[ ${KERNEL_IUSE_GENERIC_UKI} ]]; then + if use generic-uki; then + # Populate placeholders + kernel-install_extract_from_uki linux \ + "${image_dir}"/uki.efi \ + "${image_path}" + kernel-install_extract_from_uki initrd \ + "${image_dir}"/uki.efi \ + "${image_dir}"/initrd + else + # Remove placeholders, -f because these have already been removed + # when doing emerge --config. + rm -f "${image_dir}"/{initrd,uki.efi} || die + fi + fi + local success= # not an actual loop but allows error handling with 'break' while :; do nonfatal mount-boot_check_status || break - local image_path=$(dist-kernel_get_image_path) if use initramfs && has_version "<=sys-kernel/installkernel-gentoo-7"; then # putting it alongside kernel image as 'initrd' makes # kernel-install happier nonfatal dist-kernel_build_initramfs \ - "${kernel_dir}/${image_path%/*}/initrd" \ - "${module_ver}" || break + "${image_dir}/initrd" "${module_ver}" || break fi nonfatal dist-kernel_install_kernel "${module_ver}" \ - "${kernel_dir}/${image_path}" \ - "${kernel_dir}/System.map" || break + "${image_path}" "${kernel_dir}/System.map" || break success=1 break @@ -508,6 +691,19 @@ kernel-install_pkg_postinst() { if [[ -z ${ROOT} ]]; then kernel-install_install_all "${dir_ver}" fi + + if [[ ${KERNEL_IUSE_GENERIC_UKI} ]] && use generic-uki; then + ewarn "The prebuilt initramfs and unified kernel image are highly experimental!" + ewarn "These images may not work on your system. Please ensure that a working" + ewarn "alternative kernel(+initramfs) or UKI is also installed before rebooting!" + ewarn + ewarn "Note that when secureboot is enabled in the firmware settings any kernel" + ewarn "command line arguments supplied to the UKI by the bootloader are ignored." + ewarn "To ensure the root partition can be found, systemd-gpt-auto-generator must" + ewarn "be used. See [1] for more information." + ewarn + ewarn "[1]: https://wiki.gentoo.org/wiki/Systemd#Automatic_mounting_of_partitions_at_boot" + fi } # @FUNCTION: kernel-install_pkg_prerm @@ -525,7 +721,7 @@ kernel-install_pkg_prerm() { kernel-install_pkg_postrm() { debug-print-function ${FUNCNAME} "${@}" - if [[ -z ${ROOT} ]] && use initramfs; then + if [[ -z ${ROOT} && ! ${KERNEL_IUSE_GENERIC_UKI} ]] && use initramfs; then local dir_ver=${PV}${KV_LOCALVERSION} local kernel_dir=${EROOT}/usr/src/linux-${dir_ver} local image_path=$(dist-kernel_get_image_path) |