Add Makefile to build simple debian package with local kernel

c2b83bac · Leo Le Bouter · 025a9bea · c2b83bac · c2b83bac · c2b83bac
Commit c2b83bac authored Sep 08, 2020 by Leo Le Bouter
4 changed files
--- a/debian.package/Makefile
+++ b/debian.package/Makefile
+SECBOOT_CRT=$(shell pwd)/db.crt
+SECBOOT_KEY=$(shell pwd)/db.key
+
+guard-%:
+	@ if [ "${${*}}" = "" ]; then \
+		echo "Environment variable $* not set"; \
+		exit 1; \
+	fi
+
+uefi-boot-metadata-collect-agent.deb: uefi-boot-metadata-collect-agent/boot/efi/uefi-boot-metadata-collect-agent.efi
+	dpkg-deb --build uefi-boot-metadata-collect-agent || rm -fv $@
+
+include dracut-conf-template.mk
+uefi-boot-metadata-collect-agent/boot/efi/uefi-boot-metadata-collect-agent.efi: db.crt db.key db.cer
+	mkdir -p /tmp/dracut-empty
+	mkdir -m 700 -p uefi-boot-metadata-collect-agent/boot/efi
+	echo "$${dracut_conf}" > dracut.conf
+	sudo dracut -c dracut.conf --confdir /tmp/dracut-empty --uefi-output $@
+	sudo chmod 755 $@
+	rm -rfv /tmp/dracut-empty
+
+db.crt db.key:
+	openssl req -newkey rsa:4096 -nodes -keyout db.key -new -x509 -sha256 -days 3650 -subj "/CN=Nexedi's UEFI Signature Database key/" -out db.crt
+
+db.cer:
+	openssl x509 -outform DER -in db.crt -out db.cer
--- a/debian.package/dracut-conf-template.mk
+++ b/debian.package/dracut-conf-template.mk
+define dracut_conf :=
+add_dracutmodules="metadata-collect"
+hostonly=no
+hostonly_cmdline=no
+kernel_cmdline="root=LABEL=ROOT rd.auto rd.auto=1 rd.neednet=1 ip=dhcp"
+reproducible=yes
+compress=xz
+uefi=yes
+uefi_stub=/usr/lib/systemd/boot/efi/linuxx64.efi.stub
+uefi_secureboot_cert="$(SECBOOT_CRT)"
+uefi_secureboot_key="$(SECBOOT_KEY)"
+endef
+
+export dracut_conf
\ No newline at end of file
--- a/debian.package/uefi-boot-metadata-collect-agent/DEBIAN/control
+++ b/debian.package/uefi-boot-metadata-collect-agent/DEBIAN/control
+Package: uefi-boot-metadata-collect-agent
+Version: 0.1
+Section: custom
+Priority: optional
+Architecture: amd64
+Essential: no
+Maintainer: leo.le.bouter@nexedi.com
+Description: Signed UEFI boot application with embedded pre-configured metadata-collect-agent
--- a/debian.package/uefi-boot-metadata-collect-agent/DEBIAN/postinst
+++ b/debian.package/uefi-boot-metadata-collect-agent/DEBIAN/postinst
+#!/bin/sh
+
+EFI_DEV=$(mount | grep -Po '^.+(?= on /boot/efi )')
+ROOT_DEV=$(mount | grep -Po '^.+(?= on / )')
+
+efibootmgr --create --disk "$EFI_DEV" --label 'UEFI metadata-collect-agent' --loader /uefi-boot-metadata-collect-agent.efi
+
+e2label "$ROOT_DEV" "ROOT" || true
+btrfs filesystem label "$ROOT_DEV" "ROOT" || true
+reiserfstune -l "ROOT" "$ROOT_DEV" || true
+xfs_admin -L "ROOT" "$ROOT_DEV" || true
+cryptsetup config --label="ROOT" "$ROOT_DEV" || true
\ No newline at end of file