diff --git a/Makefile b/Makefile index 36b228a..2c39d9e 100644 --- a/Makefile +++ b/Makefile @@ -21,7 +21,7 @@ _IMAGE_REPO_DOUBLE_ESCAPED = $(subst \,\\\,$(_IMAGE_REPO_ESCAPED)) _VOLID = $(firstword $(subst -, ,$(IMAGE_NAME)))-$(ARCH)-$(IMAGE_TAG) _REPO_FILES = $(subst /etc/yum.repos.d,repos,$(REPOS)) _LORAX_TEMPLATES = $(subst .in,,$(shell ls lorax_templates/*.tmpl.in)) $(foreach file,$(shell ls lorax_templates/scripts/post),lorax_templates/post_$(file).tmpl) -_TEMPLATE_VARS = ARCH VERSION IMAGE_REPO IMAGE_NAME IMAGE_TAG VARIANT WEB_UI REPOS _IMAGE_REPO_ESCAPED _IMAGE_REPO_DOUBLE_ESCAPED +_TEMPLATE_VARS = ARCH VERSION IMAGE_REPO IMAGE_NAME IMAGE_TAG VARIANT WEB_UI REPOS _IMAGE_REPO_ESCAPED _IMAGE_REPO_DOUBLE_ESCAPED ENROLLMENT_PASSWORD ifeq ($(VARIANT),Server) _LORAX_ARGS = --macboot --noupgrade @@ -46,19 +46,30 @@ lorax_templates/post_%.tmpl: lorax_templates/scripts/post/% $(eval _ISO_FILE = usr/share/anaconda/interactive-defaults.ks) header=0; \ + skip=0; \ while read -r line; \ do \ - if [[ $$line =~ ^\<\% ]]; \ - then \ + if [[ $$line =~ ^\<\% ]]; \ + then \ echo $$line >> lorax_templates/post_$*.tmpl; \ echo >> lorax_templates/post_$*.tmpl; \ - else \ - if [[ $$header == 0 ]]; \ + else \ + if [[ $$header == 0 ]]; \ then \ - echo "append $(_ISO_FILE) \"%post --erroronfail\"" >> lorax_templates/post_$*.tmpl; \ + if [[ $$line =~ ^##\ (.*)$$ ]]; \ + then \ + echo "append $(_ISO_FILE) \"%post --erroronfail $${BASH_REMATCH[1]}\"" >> lorax_templates/post_$*.tmpl; \ + skip=1; \ + else \ + echo "append $(_ISO_FILE) \"%post --erroronfail\"" >> lorax_templates/post_$*.tmpl; \ + fi; \ header=1; \ fi; \ - echo "append $(_ISO_FILE) \"$$line\"" >> lorax_templates/post_$*.tmpl; \ + if [[ $$skip == 0 ]]; \ + then \ + echo "append $(_ISO_FILE) \"$$line\"" >> lorax_templates/post_$*.tmpl; \ + fi; \ + skip=0; \ fi; \ done < lorax_templates/scripts/post/$* echo "append $(_ISO_FILE) \"%end\"" >> lorax_templates/post_$*.tmpl @@ -67,18 +78,30 @@ lorax_templates/post_%.tmpl: lorax_templates/scripts/post/% $(eval _ISO_FILE = usr/share/anaconda/post-scripts/configure_upgrades.ks) header=0; \ + skip=0; \ while read -r line; \ do \ - if [[ $$line =~ ^\<\% ]]; \ - then \ + if [[ $$line =~ ^\<\% ]]; \ + then \ + echo $$line >> lorax_templates/post_$*.tmpl; \ echo >> lorax_templates/post_$*.tmpl; \ - else \ - if [[ $$header == 0 ]]; \ + else \ + if [[ $$header == 0 ]]; \ then \ - echo "append $(_ISO_FILE) \"%post --erroronfail\"" >> lorax_templates/post_$*.tmpl; \ + if [[ $$line =~ ^##\ (.*)$$ ]]; \ + then \ + echo "append $(_ISO_FILE) \"%post --erroronfail $${BASH_REMATCH[1]}\"" >> lorax_templates/post_$*.tmpl; \ + skip=1; \ + else \ + echo "append $(_ISO_FILE) \"%post --erroronfail\"" >> lorax_templates/post_$*.tmpl; \ + fi; \ header=1; \ fi; \ - echo "append $(_ISO_FILE) \"$$line\"" >> lorax_templates/post_$*.tmpl; \ + if [[ $$skip == 0 ]]; \ + then \ + echo "append $(_ISO_FILE) \"$$line\"" >> lorax_templates/post_$*.tmpl; \ + fi; \ + skip=0; \ fi; \ done < lorax_templates/scripts/post/$* echo "append $(_ISO_FILE) \"%end\"" >> lorax_templates/post_$*.tmpl @@ -103,12 +126,10 @@ boot.iso: $(_LORAX_TEMPLATES) $(_REPO_FILES) rm -Rf $(_BASE_DIR)/results || true rm /etc/rpm/macros.image-language-conf || true - # Set the enrollment password - sed 's/@ENROLLMENT_PASSWORD@/$(ENROLLMENT_PASSWORD)/' $(_BASE_DIR)/scripts/enroll-secureboot-key.sh.in > $(_BASE_DIR)/scripts/enroll-secureboot-key.sh - # Download the secure boot key - if [ -n "$(SECURE_BOOT_KEY_URL)" ]; then\ - curl --fail -L -o $(_BASE_DIR)/sb_pubkey.der $(SECURE_BOOT_KEY_URL);\ + if [ -n "$(SECURE_BOOT_KEY_URL)" ]; \ + then \ + curl --fail -L -o $(_BASE_DIR)/sb_pubkey.der $(SECURE_BOOT_KEY_URL); \ fi lorax -p $(IMAGE_NAME) -v $(VERSION) -r $(VERSION) -t $(VARIANT) \ diff --git a/scripts/enroll-secureboot-key.sh.in b/lorax_templates/scripts/post/enroll-secureboot-key similarity index 85% rename from scripts/enroll-secureboot-key.sh.in rename to lorax_templates/scripts/post/enroll-secureboot-key index dd1fd4e..5fa1402 100755 --- a/scripts/enroll-secureboot-key.sh.in +++ b/lorax_templates/scripts/post/enroll-secureboot-key @@ -1,8 +1,9 @@ -#!/bin/sh +<%page args="enrollment_password "/> +## --nochroot set -oue pipefail -readonly ENROLLMENT_PASSWORD=@ENROLLMENT_PASSWORD@ +readonly ENROLLMENT_PASSWORD=${enrollment_password} readonly SECUREBOOT_KEY="/run/install/repo/sb_pubkey.der" if [[ ! -d "/sys/firmware/efi" ]]; then diff --git a/lorax_templates/secure_boot_key.tmpl.in b/lorax_templates/secure_boot_key.tmpl.in deleted file mode 100644 index e0c9809..0000000 --- a/lorax_templates/secure_boot_key.tmpl.in +++ /dev/null @@ -1,9 +0,0 @@ -append usr/share/anaconda/interactive-defaults.ks "%post --logfile=/root/ks-post.log --erroronfail --nochroot" -append usr/share/anaconda/interactive-defaults.ks "set -m" -append usr/share/anaconda/interactive-defaults.ks "/run/install/repo/enroll-secureboot-key.sh" -append usr/share/anaconda/interactive-defaults.ks "%end" - -append usr/share/anaconda/post-scripts/secure_boot_key.ks "%post --logfile=/root/ks-post.log --erroronfail --nochroot" -append usr/share/anaconda/post-scripts/secure_boot_key.ks "set -m" -append usr/share/anaconda/post-scripts/secure_boot_key.ks "/run/install/repo/enroll-secureboot-key.sh" -append usr/share/anaconda/post-scripts/secure_boot_key.ks "%end" diff --git a/xorriso/gen_input.sh.in b/xorriso/gen_input.sh.in index 1784390..00acd91 100644 --- a/xorriso/gen_input.sh.in +++ b/xorriso/gen_input.sh.in @@ -9,8 +9,6 @@ if [ -f $(pwd)/sb_pubkey.der ]; then echo "-map $(pwd)/sb_pubkey.der sb_pubkey.der" echo "-chmod 0444 /sb_pubkey.der" fi -echo "-map $(pwd)/scripts/enroll-secureboot-key.sh enroll-secureboot-key.sh" -echo "-chmod 0777 enroll-secureboot-key.sh" pushd container >/dev/null for file in $(find ${IMAGE_NAME}-${IMAGE_TAG}); do echo "-map $(pwd)/${file} ${file}"