Commit b6936735 authored by Leo Le Bouter's avatar Leo Le Bouter

debian.package: Make path of UEFI application compliant to standard

UEFI standard asks that UEFI applications are located in an
/EFI/vendor folder. We therefore place them within /EFI/Nexedi
inside the EFI System Partition.
parent 479194ea
...@@ -7,24 +7,24 @@ guard-%: ...@@ -7,24 +7,24 @@ guard-%:
exit 1; \ exit 1; \
fi fi
uefi-boot-metadata-collect-agent.deb: uefi-boot-metadata-collect-agent/boot/efi/uefi-boot-metadata-collect-agent.efi uefi-boot-metadata-collect-agent.deb: uefi-boot-metadata-collect-agent/boot/efi/EFI/Nexedi/uefi-boot-metadata-collect-agent.efi
dpkg-deb --build uefi-boot-metadata-collect-agent || rm -fv $@ dpkg-deb --build uefi-boot-metadata-collect-agent || rm -fv $@
include dracut-conf-template.mk include dracut-conf-template.mk
uefi-boot-metadata-collect-agent/boot/efi/uefi-boot-metadata-collect-agent.efi: db.crt db.key db.cer uefi-boot-metadata-collect-agent/boot/efi/secboot.cer uefi-boot-metadata-collect-agent/boot/efi/EFI/Nexedi/uefi-boot-metadata-collect-agent.efi: db.crt db.key db.cer uefi-boot-metadata-collect-agent/boot/efi/secboot.cer
mkdir -p /tmp/dracut-empty mkdir -p /tmp/dracut-empty
echo "$${dracut_conf}" > dracut.conf echo "$${dracut_conf}" > dracut.conf
sudo dracut --force -c dracut.conf --confdir /tmp/dracut-empty --uefi-output $@ sudo dracut --force -c dracut.conf --confdir /tmp/dracut-empty --uefi-output $@
sudo chmod 755 $@ sudo chmod 755 $@
rm -rfv /tmp/dracut-empty rm -rfv /tmp/dracut-empty
uefi-boot-metadata-collect-agent/boot/efi/secboot.cer: uefi-boot-metadata-collect-agent/boot/efi db.cer uefi-boot-metadata-collect-agent/boot/efi/secboot.cer: uefi-boot-metadata-collect-agent/boot/efi/EFI/Nexedi db.cer
cp -fv db.cer $@ cp -fv db.cer $@
sudo chown 0:0 $@ sudo chown 0:0 $@
sudo chmod 755 $@ sudo chmod 755 $@
uefi-boot-metadata-collect-agent/boot/efi: uefi-boot-metadata-collect-agent/boot/efi/EFI/Nexedi:
mkdir -m 700 -p $@ mkdir -p $@
db.crt db.key: db.crt db.key:
openssl req -newkey rsa:4096 -nodes -keyout db.key -new -x509 -sha256 -days 3650 -subj "/CN=Nexedi's UEFI Signature Database key/" -out db.crt openssl req -newkey rsa:4096 -nodes -keyout db.key -new -x509 -sha256 -days 3650 -subj "/CN=Nexedi's UEFI Signature Database key/" -out db.crt
...@@ -33,4 +33,4 @@ db.cer: ...@@ -33,4 +33,4 @@ db.cer:
openssl x509 -outform DER -in db.crt -out db.cer openssl x509 -outform DER -in db.crt -out db.cer
clean: clean:
rm -fv uefi-boot-metadata-collect-agent.deb dracut.conf db.key db.crt db.cer uefi-boot-metadata-collect-agent/boot/efi/uefi-boot-metadata-collect-agent.efi uefi-boot-metadata-collect-agent/boot/efi/secboot.cer rm -fv uefi-boot-metadata-collect-agent.deb dracut.conf db.key db.crt db.cer uefi-boot-metadata-collect-agent/boot/efi/EFI/Nexedi/uefi-boot-metadata-collect-agent.efi uefi-boot-metadata-collect-agent/boot/efi/secboot.cer
\ No newline at end of file \ No newline at end of file
...@@ -4,7 +4,7 @@ EFI_DEV=$(mount | grep -Po '^.+(?= on /boot/efi )') ...@@ -4,7 +4,7 @@ EFI_DEV=$(mount | grep -Po '^.+(?= on /boot/efi )')
ROOT_DEV=$(mount | grep -Po '^.+(?= on / )') ROOT_DEV=$(mount | grep -Po '^.+(?= on / )')
if ! efibootmgr --disk "$EFI_DEV" --verbose | grep "uefi-boot-metadata-collect-agent.efi"; then if ! efibootmgr --disk "$EFI_DEV" --verbose | grep "uefi-boot-metadata-collect-agent.efi"; then
efibootmgr --create --disk "$EFI_DEV" --label 'UEFI metadata-collect-agent' --loader /uefi-boot-metadata-collect-agent.efi efibootmgr --create --disk "$EFI_DEV" --label 'UEFI metadata-collect-agent' --loader /EFI/Nexedi/uefi-boot-metadata-collect-agent.efi
#BOOT_CUR=$(efibootmgr | grep -Po '(?<=BootCurrent: ).+') #BOOT_CUR=$(efibootmgr | grep -Po '(?<=BootCurrent: ).+')
#BOOT_AGENT=$(efibootmgr | grep -Po '(?<=Boot)\d+(?=.+UEFI metadata-collect-agent)') #BOOT_AGENT=$(efibootmgr | grep -Po '(?<=Boot)\d+(?=.+UEFI metadata-collect-agent)')
#NEW_BOOT_ORDER=$(efibootmgr | grep -Po '(?<=BootOrder: ).+' | sed "s/$BOOT_CUR/$BOOT_AGENT,$BOOT_CUR/") #NEW_BOOT_ORDER=$(efibootmgr | grep -Po '(?<=BootOrder: ).+' | sed "s/$BOOT_CUR/$BOOT_AGENT,$BOOT_CUR/")
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment