diff mbox series

[isar-cip-core] efibootguard-efi: Use correct search path for the efibinary

Message ID 20220524145757.1704927-1-Quirin.Gylstorff@siemens.com (mailing list archive)
State New
Headers show
Series [isar-cip-core] efibootguard-efi: Use correct search path for the efibinary | expand

Commit Message

Quirin Gylstorff May 24, 2022, 2:57 p.m. UTC
From: Quirin Gylstorff <quirin.gylstorff@siemens.com>

This fixes the build error:
```
ERROR: _exec_cmd: cp /usr/share/efibootguard/efibootguardx64.efi /tmp/tmp.1Y4utA1zC2/sentron-product-sentron-sentron.wic/tmp.wic.ampnawp6/bootx64.efi returned '1' instead of 0
output: cp: cannot stat '/usr/share/efibootguard/efibootguardx64.efi': No such file or directory
```

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
 scripts/lib/wic/plugins/source/efibootguard-efi.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

Comments

Jan Kiszka May 24, 2022, 3:07 p.m. UTC | #1
On 24.05.22 16:57, Quirin Gylstorff wrote:
> From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
> 
> This fixes the build error:
> ```
> ERROR: _exec_cmd: cp /usr/share/efibootguard/efibootguardx64.efi /tmp/tmp.1Y4utA1zC2/sentron-product-sentron-sentron.wic/tmp.wic.ampnawp6/bootx64.efi returned '1' instead of 0
> output: cp: cannot stat '/usr/share/efibootguard/efibootguardx64.efi': No such file or directory
> ```
> 
> Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
> ---
>  scripts/lib/wic/plugins/source/efibootguard-efi.py | 6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)
> 
> diff --git a/scripts/lib/wic/plugins/source/efibootguard-efi.py b/scripts/lib/wic/plugins/source/efibootguard-efi.py
> index e1411cb..a01e484 100644
> --- a/scripts/lib/wic/plugins/source/efibootguard-efi.py
> +++ b/scripts/lib/wic/plugins/source/efibootguard-efi.py
> @@ -59,8 +59,10 @@ class EfibootguardEFIPlugin(SourcePlugin):
>          }
>  
>          distro_arch = get_bitbake_var("DISTRO_ARCH")
> -        bootloader = "/usr/share/efibootguard/efibootguard{}.efi".format(
> -            distro_to_efi_arch[distro_arch])
> +        rootfs_path = rootfs_dir.get('ROOTFS_DIR')
> +        bootloader = "{rootfs_path}/usr/share/efibootguard/efibootguard{efiarch}.efi".format(
> +            rootfs_path=rootfs_path,
> +            efiarch=distro_to_efi_arch[distro_arch])
>          part_rootfs_dir = "%s/disk/%s.%s" % (cr_workdir,
>                                               part.label,
>                                               part.lineno)

Makes sense in first sight - but why did it work so far? Or did I miss
to test one of the two cases (signed/unsigned)? Did you test both?

Jan
Quirin Gylstorff May 24, 2022, 3:23 p.m. UTC | #2
On 5/24/22 17:07, Jan Kiszka wrote:
> On 24.05.22 16:57, Quirin Gylstorff wrote:
>> From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>>
>> This fixes the build error:
>> ```
>> ERROR: _exec_cmd: cp /usr/share/efibootguard/efibootguardx64.efi /tmp/tmp.1Y4utA1zC2/sentron-product-sentron-sentron.wic/tmp.wic.ampnawp6/bootx64.efi returned '1' instead of 0
>> output: cp: cannot stat '/usr/share/efibootguard/efibootguardx64.efi': No such file or directory
>> ```
>>
>> Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>> ---
>>   scripts/lib/wic/plugins/source/efibootguard-efi.py | 6 ++++--
>>   1 file changed, 4 insertions(+), 2 deletions(-)
>>
>> diff --git a/scripts/lib/wic/plugins/source/efibootguard-efi.py b/scripts/lib/wic/plugins/source/efibootguard-efi.py
>> index e1411cb..a01e484 100644
>> --- a/scripts/lib/wic/plugins/source/efibootguard-efi.py
>> +++ b/scripts/lib/wic/plugins/source/efibootguard-efi.py
>> @@ -59,8 +59,10 @@ class EfibootguardEFIPlugin(SourcePlugin):
>>           }
>>   
>>           distro_arch = get_bitbake_var("DISTRO_ARCH")
>> -        bootloader = "/usr/share/efibootguard/efibootguard{}.efi".format(
>> -            distro_to_efi_arch[distro_arch])
>> +        rootfs_path = rootfs_dir.get('ROOTFS_DIR')
>> +        bootloader = "{rootfs_path}/usr/share/efibootguard/efibootguard{efiarch}.efi".format(
>> +            rootfs_path=rootfs_path,
>> +            efiarch=distro_to_efi_arch[distro_arch])
>>           part_rootfs_dir = "%s/disk/%s.%s" % (cr_workdir,
>>                                                part.label,
>>                                                part.lineno)
> 
> Makes sense in first sight - but why did it work so far? Or did I miss
> to test one of the two cases (signed/unsigned)? Did you test both?
> 
> Jan
> 
I am still try to find the reason why it work in isar-cip-core. The 
error occured in a downstream project.

Quirin
Quirin Gylstorff May 24, 2022, 3:38 p.m. UTC | #3
On 5/24/22 17:23, Quirin Gylstorff via lists.cip-project.org wrote:
> 
> 
> On 5/24/22 17:07, Jan Kiszka wrote:
>> On 24.05.22 16:57, Quirin Gylstorff wrote:
>>> From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>>>
>>> This fixes the build error:
>>> ```
>>> ERROR: _exec_cmd: cp /usr/share/efibootguard/efibootguardx64.efi 
>>> /tmp/tmp.1Y4utA1zC2/sentron-product-sentron-sentron.wic/tmp.wic.ampnawp6/bootx64.efi 
>>> returned '1' instead of 0
>>> output: cp: cannot stat 
>>> '/usr/share/efibootguard/efibootguardx64.efi': No such file or directory
>>> ```
>>>
>>> Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>>> ---
>>>   scripts/lib/wic/plugins/source/efibootguard-efi.py | 6 ++++--
>>>   1 file changed, 4 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/scripts/lib/wic/plugins/source/efibootguard-efi.py 
>>> b/scripts/lib/wic/plugins/source/efibootguard-efi.py
>>> index e1411cb..a01e484 100644
>>> --- a/scripts/lib/wic/plugins/source/efibootguard-efi.py
>>> +++ b/scripts/lib/wic/plugins/source/efibootguard-efi.py
>>> @@ -59,8 +59,10 @@ class EfibootguardEFIPlugin(SourcePlugin):
>>>           }
>>>           distro_arch = get_bitbake_var("DISTRO_ARCH")
>>> -        bootloader = 
>>> "/usr/share/efibootguard/efibootguard{}.efi".format(
>>> -            distro_to_efi_arch[distro_arch])
>>> +        rootfs_path = rootfs_dir.get('ROOTFS_DIR')
>>> +        bootloader = 
>>> "{rootfs_path}/usr/share/efibootguard/efibootguard{efiarch}.efi".format(
>>> +            rootfs_path=rootfs_path,
>>> +            efiarch=distro_to_efi_arch[distro_arch])
>>>           part_rootfs_dir = "%s/disk/%s.%s" % (cr_workdir,
>>>                                                part.label,
>>>                                                part.lineno)
>>
>> Makes sense in first sight - but why did it work so far? Or did I miss
>> to test one of the two cases (signed/unsigned)? Did you test both?
>>
>> Jan
>>
> I am still try to find the reason why it work in isar-cip-core. The 
> error occured in a downstream project.

In isar-cip-core the error never occured as we install `efibootguard`
as a dependency for wic[1].

efibootguard-boot uses the same logic[2] to access the kernel stub.


We should decide which is the correct way. I would prefer that we take 
both stubs from the buildchroot.

[1]: 
https://gitlab.com/cip-project/cip-core/isar-cip-core/-/blob/master/kas/opt/efibootguard.yml#L24

[2]: 
https://gitlab.com/cip-project/cip-core/isar-cip-core/-/blob/master/scripts/lib/wic/plugins/source/efibootguard-boot.py#L190

Quirin
Jan Kiszka May 24, 2022, 3:50 p.m. UTC | #4
On 24.05.22 17:38, Gylstorff Quirin wrote:
> 
> 
> On 5/24/22 17:23, Quirin Gylstorff via lists.cip-project.org wrote:
>>
>>
>> On 5/24/22 17:07, Jan Kiszka wrote:
>>> On 24.05.22 16:57, Quirin Gylstorff wrote:
>>>> From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>>>>
>>>> This fixes the build error:
>>>> ```
>>>> ERROR: _exec_cmd: cp /usr/share/efibootguard/efibootguardx64.efi
>>>> /tmp/tmp.1Y4utA1zC2/sentron-product-sentron-sentron.wic/tmp.wic.ampnawp6/bootx64.efi
>>>> returned '1' instead of 0
>>>> output: cp: cannot stat
>>>> '/usr/share/efibootguard/efibootguardx64.efi': No such file or
>>>> directory
>>>> ```
>>>>
>>>> Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>>>> ---
>>>>   scripts/lib/wic/plugins/source/efibootguard-efi.py | 6 ++++--
>>>>   1 file changed, 4 insertions(+), 2 deletions(-)
>>>>
>>>> diff --git a/scripts/lib/wic/plugins/source/efibootguard-efi.py
>>>> b/scripts/lib/wic/plugins/source/efibootguard-efi.py
>>>> index e1411cb..a01e484 100644
>>>> --- a/scripts/lib/wic/plugins/source/efibootguard-efi.py
>>>> +++ b/scripts/lib/wic/plugins/source/efibootguard-efi.py
>>>> @@ -59,8 +59,10 @@ class EfibootguardEFIPlugin(SourcePlugin):
>>>>           }
>>>>           distro_arch = get_bitbake_var("DISTRO_ARCH")
>>>> -        bootloader =
>>>> "/usr/share/efibootguard/efibootguard{}.efi".format(
>>>> -            distro_to_efi_arch[distro_arch])
>>>> +        rootfs_path = rootfs_dir.get('ROOTFS_DIR')
>>>> +        bootloader =
>>>> "{rootfs_path}/usr/share/efibootguard/efibootguard{efiarch}.efi".format(
>>>>
>>>> +            rootfs_path=rootfs_path,
>>>> +            efiarch=distro_to_efi_arch[distro_arch])
>>>>           part_rootfs_dir = "%s/disk/%s.%s" % (cr_workdir,
>>>>                                                part.label,
>>>>                                                part.lineno)
>>>
>>> Makes sense in first sight - but why did it work so far? Or did I miss
>>> to test one of the two cases (signed/unsigned)? Did you test both?
>>>
>>> Jan
>>>
>> I am still try to find the reason why it work in isar-cip-core. The
>> error occured in a downstream project.
> 
> In isar-cip-core the error never occured as we install `efibootguard`
> as a dependency for wic[1].
> 
> efibootguard-boot uses the same logic[2] to access the kernel stub.
> 
> 
> We should decide which is the correct way. I would prefer that we take
> both stubs from the buildchroot.
> 

Yes, the preferred source for bootloader artifacts should be the
buildchroot and NOT that target image. We are currently installing more
on the target as practically needed. If that should ever change, things
shouldn't break here at plugin level.

Jan

> [1]:
> https://gitlab.com/cip-project/cip-core/isar-cip-core/-/blob/master/kas/opt/efibootguard.yml#L24
> 
> [2]:
> https://gitlab.com/cip-project/cip-core/isar-cip-core/-/blob/master/scripts/lib/wic/plugins/source/efibootguard-boot.py#L190
> 
> Quirin
Quirin Gylstorff May 24, 2022, 4:03 p.m. UTC | #5
On 5/24/22 17:50, Jan Kiszka wrote:
> On 24.05.22 17:38, Gylstorff Quirin wrote:
>>
>>
>> On 5/24/22 17:23, Quirin Gylstorff via lists.cip-project.org wrote:
>>>
>>>
>>> On 5/24/22 17:07, Jan Kiszka wrote:
>>>> On 24.05.22 16:57, Quirin Gylstorff wrote:
>>>>> From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>>>>>
>>>>> This fixes the build error:
>>>>> ```
>>>>> ERROR: _exec_cmd: cp /usr/share/efibootguard/efibootguardx64.efi
>>>>> /tmp/tmp.1Y4utA1zC2/sentron-product-sentron-sentron.wic/tmp.wic.ampnawp6/bootx64.efi
>>>>> returned '1' instead of 0
>>>>> output: cp: cannot stat
>>>>> '/usr/share/efibootguard/efibootguardx64.efi': No such file or
>>>>> directory
>>>>> ```
>>>>>
>>>>> Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>>>>> ---
>>>>>    scripts/lib/wic/plugins/source/efibootguard-efi.py | 6 ++++--
>>>>>    1 file changed, 4 insertions(+), 2 deletions(-)
>>>>>
>>>>> diff --git a/scripts/lib/wic/plugins/source/efibootguard-efi.py
>>>>> b/scripts/lib/wic/plugins/source/efibootguard-efi.py
>>>>> index e1411cb..a01e484 100644
>>>>> --- a/scripts/lib/wic/plugins/source/efibootguard-efi.py
>>>>> +++ b/scripts/lib/wic/plugins/source/efibootguard-efi.py
>>>>> @@ -59,8 +59,10 @@ class EfibootguardEFIPlugin(SourcePlugin):
>>>>>            }
>>>>>            distro_arch = get_bitbake_var("DISTRO_ARCH")
>>>>> -        bootloader =
>>>>> "/usr/share/efibootguard/efibootguard{}.efi".format(
>>>>> -            distro_to_efi_arch[distro_arch])
>>>>> +        rootfs_path = rootfs_dir.get('ROOTFS_DIR')
>>>>> +        bootloader =
>>>>> "{rootfs_path}/usr/share/efibootguard/efibootguard{efiarch}.efi".format(
>>>>>
>>>>> +            rootfs_path=rootfs_path,
>>>>> +            efiarch=distro_to_efi_arch[distro_arch])
>>>>>            part_rootfs_dir = "%s/disk/%s.%s" % (cr_workdir,
>>>>>                                                 part.label,
>>>>>                                                 part.lineno)
>>>>
>>>> Makes sense in first sight - but why did it work so far? Or did I miss
>>>> to test one of the two cases (signed/unsigned)? Did you test both?
>>>>
>>>> Jan
>>>>
>>> I am still try to find the reason why it work in isar-cip-core. The
>>> error occured in a downstream project.
>>
>> In isar-cip-core the error never occured as we install `efibootguard`
>> as a dependency for wic[1].
>>
>> efibootguard-boot uses the same logic[2] to access the kernel stub.
>>
>>
>> We should decide which is the correct way. I would prefer that we take
>> both stubs from the buildchroot.
>>
> 
> Yes, the preferred source for bootloader artifacts should be the
> buildchroot and NOT that target image. We are currently installing more
> on the target as practically needed. If that should ever change, things
> shouldn't break here at plugin level.
> 
> Jan
> 
>> [1]:
>> https://gitlab.com/cip-project/cip-core/isar-cip-core/-/blob/master/kas/opt/efibootguard.yml#L24
>>
>> [2]:
>> https://gitlab.com/cip-project/cip-core/isar-cip-core/-/blob/master/scripts/lib/wic/plugins/source/efibootguard-boot.py#L190
>>
>> Quirin
> 


Should we move or reuse the files from salsa[3]? There the binaries are 
part of the dev package[4].

[3]: https://salsa.debian.org/debian/efibootguard/
[4]: 
https://salsa.debian.org/debian/efibootguard/-/blob/master/debian/libebgenv-dev.install

Quirin
Jan Kiszka May 24, 2022, 4:09 p.m. UTC | #6
On 24.05.22 18:03, Gylstorff Quirin wrote:
> 
> 
> On 5/24/22 17:50, Jan Kiszka wrote:
>> On 24.05.22 17:38, Gylstorff Quirin wrote:
>>>
>>>
>>> On 5/24/22 17:23, Quirin Gylstorff via lists.cip-project.org wrote:
>>>>
>>>>
>>>> On 5/24/22 17:07, Jan Kiszka wrote:
>>>>> On 24.05.22 16:57, Quirin Gylstorff wrote:
>>>>>> From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>>>>>>
>>>>>> This fixes the build error:
>>>>>> ```
>>>>>> ERROR: _exec_cmd: cp /usr/share/efibootguard/efibootguardx64.efi
>>>>>> /tmp/tmp.1Y4utA1zC2/sentron-product-sentron-sentron.wic/tmp.wic.ampnawp6/bootx64.efi
>>>>>>
>>>>>> returned '1' instead of 0
>>>>>> output: cp: cannot stat
>>>>>> '/usr/share/efibootguard/efibootguardx64.efi': No such file or
>>>>>> directory
>>>>>> ```
>>>>>>
>>>>>> Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>>>>>> ---
>>>>>>    scripts/lib/wic/plugins/source/efibootguard-efi.py | 6 ++++--
>>>>>>    1 file changed, 4 insertions(+), 2 deletions(-)
>>>>>>
>>>>>> diff --git a/scripts/lib/wic/plugins/source/efibootguard-efi.py
>>>>>> b/scripts/lib/wic/plugins/source/efibootguard-efi.py
>>>>>> index e1411cb..a01e484 100644
>>>>>> --- a/scripts/lib/wic/plugins/source/efibootguard-efi.py
>>>>>> +++ b/scripts/lib/wic/plugins/source/efibootguard-efi.py
>>>>>> @@ -59,8 +59,10 @@ class EfibootguardEFIPlugin(SourcePlugin):
>>>>>>            }
>>>>>>            distro_arch = get_bitbake_var("DISTRO_ARCH")
>>>>>> -        bootloader =
>>>>>> "/usr/share/efibootguard/efibootguard{}.efi".format(
>>>>>> -            distro_to_efi_arch[distro_arch])
>>>>>> +        rootfs_path = rootfs_dir.get('ROOTFS_DIR')
>>>>>> +        bootloader =
>>>>>> "{rootfs_path}/usr/share/efibootguard/efibootguard{efiarch}.efi".format(
>>>>>>
>>>>>>
>>>>>> +            rootfs_path=rootfs_path,
>>>>>> +            efiarch=distro_to_efi_arch[distro_arch])
>>>>>>            part_rootfs_dir = "%s/disk/%s.%s" % (cr_workdir,
>>>>>>                                                 part.label,
>>>>>>                                                 part.lineno)
>>>>>
>>>>> Makes sense in first sight - but why did it work so far? Or did I miss
>>>>> to test one of the two cases (signed/unsigned)? Did you test both?
>>>>>
>>>>> Jan
>>>>>
>>>> I am still try to find the reason why it work in isar-cip-core. The
>>>> error occured in a downstream project.
>>>
>>> In isar-cip-core the error never occured as we install `efibootguard`
>>> as a dependency for wic[1].
>>>
>>> efibootguard-boot uses the same logic[2] to access the kernel stub.
>>>
>>>
>>> We should decide which is the correct way. I would prefer that we take
>>> both stubs from the buildchroot.
>>>
>>
>> Yes, the preferred source for bootloader artifacts should be the
>> buildchroot and NOT that target image. We are currently installing more
>> on the target as practically needed. If that should ever change, things
>> shouldn't break here at plugin level.
>>
>> Jan
>>
>>> [1]:
>>> https://gitlab.com/cip-project/cip-core/isar-cip-core/-/blob/master/kas/opt/efibootguard.yml#L24
>>>
>>>
>>> [2]:
>>> https://gitlab.com/cip-project/cip-core/isar-cip-core/-/blob/master/scripts/lib/wic/plugins/source/efibootguard-boot.py#L190
>>>
>>>
>>> Quirin
>>
> 
> 
> Should we move or reuse the files from salsa[3]? There the binaries are
> part of the dev package[4].
> 

I don't think sticking the bootloader into the dev package is correct or
in line with other bootloaders (grub-dev? system-dev?). The main ebg
package should contain the bootloader, and if we want to split the tools
from it, that should go into a separate package.

Jan
diff mbox series

Patch

diff --git a/scripts/lib/wic/plugins/source/efibootguard-efi.py b/scripts/lib/wic/plugins/source/efibootguard-efi.py
index e1411cb..a01e484 100644
--- a/scripts/lib/wic/plugins/source/efibootguard-efi.py
+++ b/scripts/lib/wic/plugins/source/efibootguard-efi.py
@@ -59,8 +59,10 @@  class EfibootguardEFIPlugin(SourcePlugin):
         }
 
         distro_arch = get_bitbake_var("DISTRO_ARCH")
-        bootloader = "/usr/share/efibootguard/efibootguard{}.efi".format(
-            distro_to_efi_arch[distro_arch])
+        rootfs_path = rootfs_dir.get('ROOTFS_DIR')
+        bootloader = "{rootfs_path}/usr/share/efibootguard/efibootguard{efiarch}.efi".format(
+            rootfs_path=rootfs_path,
+            efiarch=distro_to_efi_arch[distro_arch])
         part_rootfs_dir = "%s/disk/%s.%s" % (cr_workdir,
                                              part.label,
                                              part.lineno)