Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:15-SP4
rear23a
rear23a-grub2-efi-install.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File rear23a-grub2-efi-install.patch of Package rear23a
Backport 675_install_shim.sh from ReaR devel Backport script 675_install_shim.sh from ReaR, upstream revision 8217c5ccee091e68844eb79294758cb269043ab0. Modifications and notes: * The script is extended to make /proc, /sys and /dev available in TARGET_FS_ROOT for shim-install/grub2-install to work correctly. The same logic is in the upstream code factored out and shared in usr/share/rear/finalize/default/110_bind_mount_proc_sys_dev_run.sh. * Invocation of shim-install has the --no-nvram option removed because the switch is available starting only from SLE12-SP3. This is ok because not updating NVRAM is implied by the option --removable that the script passes to the tool. * The script checks whether EFI_STUB is true and returns early if this is the case. EFI_STUB is never set by the patched ReaR version so this condition always evaluates as false. --- /dev/null +++ b/usr/share/rear/finalize/SUSE_LINUX/i386/675_install_shim.sh @@ -0,0 +1,79 @@ +# PAN, 2019-04-09: Introduce SUSE-specific EFI shim install + +# Only useful for UEFI systems in combination with grub[2]-efi + +# Begin of same tests as in finalize/Linux-i386/670_run_efibootmgr.sh + +# USING_UEFI_BOOTLOADER empty or not true means using BIOS: +is_true $USING_UEFI_BOOTLOADER || return 0 + +# EFISTUB will handle boot entry creation separately +# (cf. finalize/Linux-i386/610_EFISTUB_run_efibootmgr.sh): +is_true $EFI_STUB && return + +# When UEFI_BOOTLOADER is not a regular file in the restored target system +# (cf. how esp_mountpoint is set below) it means BIOS is used +# (cf. rescue/default/850_save_sysfs_uefi_vars.sh) +# which includes that also an empty UEFI_BOOTLOADER means using BIOS +# because when UEFI_BOOTLOADER is empty the test below evaluates to +# test -f /mnt/local/ +# which also returns false because /mnt/local/ is a directory +# (cf. https://github.com/rear/rear/pull/2051/files#r258826856): +test -f "$TARGET_FS_ROOT/$UEFI_BOOTLOADER" || return 0 + +# Determine where the EFI System Partition (ESP) is mounted in the currently running recovery system: +esp_mountpoint=$( df -P "$TARGET_FS_ROOT/$UEFI_BOOTLOADER" | tail -1 | awk '{print $6}' ) +# Use TARGET_FS_ROOT/boot/efi as fallback ESP mountpoint: +test "$esp_mountpoint" || esp_mountpoint="$TARGET_FS_ROOT/boot/efi" + +# Skip if there is no esp_mountpoint directory (e.g. the fallback ESP mountpoint may not exist). +# Double quotes are mandatory here because 'test -d' without any (possibly empty) argument results true: +test -d "$esp_mountpoint" || return 0 + +# End of same tests as in finalize/Linux-i386/670_run_efibootmgr.sh + +# If the BOOTLOADER variable (read by finalize/default/050_prepare_checks.sh) +# is not "GRUB2-EFI", skip this script: +test "GRUB2-EFI" = "$BOOTLOADER" || return 0 + +# Skip if GRUB2 (cf. "GRUB2-EFI" = "$BOOTLOADER" above) was not successfully installed +# because a successfully installed GRUB2 bootloader is a precondition for installing shim. +# In this case NOBOOTLOADER is true, cf. finalize/default/050_prepare_checks.sh +if is_true $NOBOOTLOADER ; then + LogPrintError "Cannot install secure boot loader (shim) because GRUB2 was not successfully installed" + return 1 +fi + +LogPrint "Installing secure boot loader (shim)..." + +local shiminstall_binary=$( chroot $TARGET_FS_ROOT /bin/bash -c 'PATH=/sbin:/usr/sbin:/usr/bin:/bin type -P shim-install' ) + +if ! test "$shiminstall_binary" ; then + LogPrintError "Cannot run shim-install (no shim-install found in $TARGET_FS_ROOT)" + # Tell the user we did not install the bootloader completely (cf. finalize/default/050_prepare_checks.sh) + # shim-install is needed in addition to GRUB2 at least on SUSE systems, see https://github.com/rear/rear/issues/2116 + NOBOOTLOADER=1 + return 1 +fi + +# Make /proc /sys /dev available in TARGET_FS_ROOT +# so that later things work in the "chroot TARGET_FS_ROOT" environment, +# cf. https://github.com/rear/rear/issues/1828#issuecomment-398717889 +# and do not umount them when leaving this script because +# it is better when also after "rear recover" things still +# work in the "chroot TARGET_FS_ROOT" environment so that +# the user could more easily adapt things after "rear recover": +for mount_device in proc sys dev ; do + umount $TARGET_FS_ROOT/$mount_device && sleep 1 + mount --bind /$mount_device $TARGET_FS_ROOT/$mount_device +done + +# PATH must be set for shim-install to run successfully: +if ! chroot $TARGET_FS_ROOT /bin/bash -c "PATH=/sbin:/usr/sbin:/usr/bin:/bin $shiminstall_binary --config-file=/boot/grub2/grub.cfg --removable" ; then + LogPrintError "$shiminstall_binary failed to install secure boot loader (shim) in $TARGET_FS_ROOT" + # Tell the user we did not install the bootloader completely (cf. finalize/default/050_prepare_checks.sh) + # shim-install is needed in addition to GRUB2 at least on SUSE systems, see https://github.com/rear/rear/issues/2116 + NOBOOTLOADER=1 + return 1 +fi +
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
