diff options
| author | V3n3RiX <venerix@koprulu.sector> | 2025-01-03 06:31:16 +0000 |
|---|---|---|
| committer | V3n3RiX <venerix@koprulu.sector> | 2025-01-03 06:31:16 +0000 |
| commit | 5087ee3bf0055aae666159351774f2fb3610e571 (patch) | |
| tree | 203f4d869518e7391a255055ca9a4b874e7b2d19 /eclass | |
| parent | ff733bfb4d0bd82175e03255004faef8721b53ea (diff) | |
gentoo auto-resync : 03:01:2025 - 06:31:16
Diffstat (limited to 'eclass')
| -rw-r--r-- | eclass/Manifest.gz | bin | 40165 -> 40169 bytes | |||
| -rw-r--r-- | eclass/dist-kernel-utils.eclass | 25 | ||||
| -rw-r--r-- | eclass/kernel-build.eclass | 84 | ||||
| -rw-r--r-- | eclass/kernel-install.eclass | 14 | ||||
| -rw-r--r-- | eclass/linux-mod-r1.eclass | 4 | ||||
| -rw-r--r-- | eclass/mount-boot-utils.eclass | 16 | ||||
| -rw-r--r-- | eclass/toolchain.eclass | 18 |
7 files changed, 124 insertions, 37 deletions
diff --git a/eclass/Manifest.gz b/eclass/Manifest.gz Binary files differindex 04e8e3200428..6e1dc2448a49 100644 --- a/eclass/Manifest.gz +++ b/eclass/Manifest.gz diff --git a/eclass/dist-kernel-utils.eclass b/eclass/dist-kernel-utils.eclass index 210c586c8c29..3d7315e9e94e 100644 --- a/eclass/dist-kernel-utils.eclass +++ b/eclass/dist-kernel-utils.eclass @@ -1,4 +1,4 @@ -# Copyright 2020-2024 Gentoo Authors +# Copyright 2020-2025 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 # @ECLASS: dist-kernel-utils.eclass @@ -82,12 +82,33 @@ dist-kernel_install_kernel() { local success= # not an actual loop but allows error handling with 'break' while true; do + if [[ -n ${ROOT} ]] && in_iuse initramfs && use initramfs; then + if ! in_iuse generic-uki || ! use generic-uki; then + eerror + eerror "ROOT is set, and (re-)generation of an initramfs is requested" + eerror "via the USE=initramfs flag. However, this is currently not" + eerror "supported via the sys-kernel/installkernel mechanism." + eerror + if in_iuse generic-uki && ! use generic-uki; then + eerror "Generation and installation of a generic initramfs and/or" + eerror "Unified Kernel Image is possible via portage by enabling the" + eerror "USE=generic-uki flag. Please enable the generic-uki flag, or" + eerror "chroot into: ROOT=${ROOT}" + else + eerror "Please chroot into: ROOT=${ROOT}" + fi + break + fi + fi + nonfatal mount-boot_check_status || break + mkdir -p "${EROOT}/boot" || break ebegin "Installing the kernel via installkernel" # note: .config is taken relatively to System.map; # initrd relatively to bzImage - ARCH=$(tc-arch-kernel) installkernel "${version}" "${image}" "${map}" || break + ARCH=$(tc-arch-kernel) installkernel "${version}" "${image}" "${map}" \ + "${EROOT}/boot" || break eend ${?} || die -n "Installing the kernel failed" success=1 diff --git a/eclass/kernel-build.eclass b/eclass/kernel-build.eclass index 831027216321..aae55d9e3ac5 100644 --- a/eclass/kernel-build.eclass +++ b/eclass/kernel-build.eclass @@ -1,4 +1,4 @@ -# Copyright 2020-2024 Gentoo Authors +# Copyright 2020-2025 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 # @ECLASS: kernel-build.eclass @@ -108,10 +108,14 @@ IUSE="+strip" # @ECLASS_VARIABLE: KERNEL_GENERIC_UKI_CMDLINE # @USER_VARIABLE # @DESCRIPTION: -# If KERNEL_IUSE_GENERIC_UKI is set, this variable allows setting the -# built-in kernel command line for the UKI. If unset, the default is -# root=/dev/gpt-auto-root ro -: "${KERNEL_GENERIC_UKI_CMDLINE:="root=/dev/gpt-auto-root ro"}" +# If KERNEL_IUSE_GENERIC_UKI is set, and this variable is not +# empty, then the contents are used as the first kernel cmdline +# option of the multi-profile generic UKI. Supplementing the four +# standard options of: +# - root=/dev/gpt-auto-root ro +# - root=/dev/gpt-auto-root ro quiet splash +# - root=/dev/gpt-auto-root ro lockdown=integrity +# - root=/dev/gpt-auto-root ro quiet splash lockdown=integrity if [[ ${KERNEL_IUSE_MODULES_SIGN} ]]; then IUSE+=" modules-sign" @@ -497,10 +501,10 @@ kernel-build_src_install() { local dracut_modules=( base bash btrfs cifs crypt crypt-gpg crypt-loop dbus dbus-daemon - dm dmraid dracut-systemd fido2 i18n fs-lib kernel-modules + dm dmraid dracut-systemd drm fido2 i18n fs-lib kernel-modules kernel-network-modules kernel-modules-extra lunmask lvm nbd mdraid modsign network network-manager nfs nvdimm nvmf pcsc - pkcs11 qemu qemu-net resume rngd rootfs-block shutdown + pkcs11 plymouth qemu qemu-net resume rngd rootfs-block shutdown systemd systemd-ac-power systemd-ask-password systemd-initrd systemd-integritysetup systemd-pcrphase systemd-sysusers systemd-udevd systemd-veritysetup terminfo tpm2-tss udev-rules @@ -526,7 +530,7 @@ kernel-build_src_install() { --ro-mnt --modules "${dracut_modules[*]}" # Pulls in huge firmware files - --omit-drivers "nfp" + --omit-drivers "amdgpu i915 nfp nouveau nvidia xe" ) # Tries to update ld cache @@ -534,29 +538,77 @@ kernel-build_src_install() { dracut "${dracut_args[@]}" "${image%/*}/initrd" || die "Failed to generate initramfs" + # Note, we cannot use an associative array here because those are + # not ordered. + local profiles=() + local cmdlines=() + + # If defined, make the user entry the first and default + if [[ -n ${KERNEL_GENERIC_UKI_CMDLINE} ]]; then + profiles+=( + $'TITLE=User specified at build time\nID=user' + ) + cmdlines+=( "${KERNEL_GENERIC_UKI_CMDLINE}" ) + fi + + profiles+=( + $'TITLE=Default\nID=default' + $'TITLE=Default with splash\nID=splash' + $'TITLE=Default with lockdown\nID=lockdown' + $'TITLE=Default with splash and lockdown\nID=splash-lockdown' + ) + + cmdlines+=( + "root=/dev/gpt-auto-root ro" + "root=/dev/gpt-auto-root ro quiet splash" + "root=/dev/gpt-auto-root ro lockdown=integrity" + "root=/dev/gpt-auto-root ro quiet splash lockdown=integrity" + ) + local ukify_args=( --linux="${image}" --initrd="${image%/*}/initrd" - --cmdline="${KERNEL_GENERIC_UKI_CMDLINE}" --uname="${KV_FULL}" --output="${image%/*}/uki.efi" - ) + --profile="${profiles[0]}" + --cmdline="${cmdlines[0]}" + ) # 0th profile is default + + # Additional profiles have to be added with --join-profile + local i + for (( i=1; i<"${#profiles[@]}"; i++ )); do + ukify build \ + --profile="${profiles[i]}" \ + --cmdline="${cmdlines[i]}" \ + --output="${T}/profile${i}.efi" || + die "Failed to create profile ${i}" + + ukify_args+=( --join-profile="${T}/profile${i}.efi" ) + done if [[ ${KERNEL_IUSE_MODULES_SIGN} ]] && use secureboot; then + openssl x509 \ + -in "${SECUREBOOT_SIGN_CERT}" -inform PEM \ + -out ${T}/pcrpkey.der -outform DER || + die "Failed to convert certificate to DER format" ukify_args+=( - --signtool=sbsign --secureboot-private-key="${SECUREBOOT_SIGN_KEY}" --secureboot-certificate="${SECUREBOOT_SIGN_CERT}" + --pcrpkey="${T}/pcrpkey.der" + --measure ) if [[ ${SECUREBOOT_SIGN_KEY} == pkcs11:* ]]; then ukify_args+=( --signing-engine="pkcs11" + --pcr-private-key="${SECUREBOOT_SIGN_KEY}" + --pcr-public-key="${SECUREBOOT_SIGN_CERT}" + --phases="enter-initrd" + --pcr-private-key="${SECUREBOOT_SIGN_KEY}" + --pcr-public-key="${SECUREBOOT_SIGN_CERT}" + --phases="enter-initrd:leave-initrd enter-initrd:leave-initrd:sysinit enter-initrd:leave-initrd:sysinit:ready" ) else - # Sytemd-measure does not currently support pkcs11 ukify_args+=( - --measure - --pcrpkey="${ED}${kernel_dir}/certs/signing_key.x509" --pcr-private-key="${SECUREBOOT_SIGN_KEY}" --phases="enter-initrd" --pcr-private-key="${SECUREBOOT_SIGN_KEY}" @@ -565,9 +617,7 @@ kernel-build_src_install() { fi fi - # systemd<255 does not install ukify in /usr/bin - PATH="${PATH}:${BROOT}/usr/lib/systemd:${BROOT}/lib/systemd" \ - ukify build "${ukify_args[@]}" || die "Failed to generate UKI" + ukify build "${ukify_args[@]}" || die "Failed to generate UKI" # Overwrite unnecessary image types to save space > "${image}" || die diff --git a/eclass/kernel-install.eclass b/eclass/kernel-install.eclass index a341dd9426ff..6ca39e551110 100644 --- a/eclass/kernel-install.eclass +++ b/eclass/kernel-install.eclass @@ -1,4 +1,4 @@ -# Copyright 2020-2024 Gentoo Authors +# Copyright 2020-2025 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 # @ECLASS: kernel-install.eclass @@ -162,9 +162,10 @@ if [[ ${KERNEL_IUSE_GENERIC_UKI} ]]; then ["sys-apps/rng-tools"]="GPL-2" ["sys-apps/sed"]="GPL-3+" ["sys-apps/shadow"]="BSD GPL-2" - ["sys-apps/systemd[boot(-),cryptsetup,pkcs11,policykit,tpm,ukify(-)]"]="GPL-2 LGPL-2.1 MIT public-domain" + [">=sys-apps/systemd-257[boot(-),cryptsetup,pkcs11,policykit,tpm,ukify(-)]"]="GPL-2 LGPL-2.1 MIT public-domain" ["sys-apps/util-linux"]="GPL-2 GPL-3 LGPL-2.1 BSD-4 MIT public-domain" ["sys-auth/polkit"]="LGPL-2" + ["sys-boot/plymouth[drm,systemd(+),udev]"]="GPL-2+" ["sys-block/nbd"]="GPL-2" ["sys-devel/gcc"]="GPL-3+ LGPL-3+ || ( GPL-3+ libgcc libstdc++ gcc-runtime-library-exception-3.1 ) FDL-1.3+" ["sys-fs/btrfs-progs"]="GPL-2" @@ -190,6 +191,7 @@ if [[ ${KERNEL_IUSE_GENERIC_UKI} ]]; then ["sys-libs/readline"]="GPL-3+" ["sys-libs/zlib"]="ZLIB" ["sys-process/procps"]="GPL-2+ LGPL-2+ LGPL-2.1+" + ["x11-libs/libdrm"]="MIT" ["amd64? ( sys-firmware/intel-microcode )"]="amd64? ( intel-ucode )" ["x86? ( sys-firmware/intel-microcode )"]="x86? ( intel-ucode )" ) @@ -714,9 +716,7 @@ kernel-install_pkg_postinst() { dist-kernel_compressed_module_cleanup \ "${EROOT}/lib/modules/${KV_FULL}" - if [[ -z ${ROOT} ]]; then - kernel-install_install_all "${KV_FULL}" - fi + kernel-install_install_all "${KV_FULL}" if [[ ${KERNEL_IUSE_GENERIC_UKI} ]] && use generic-uki; then ewarn "The prebuilt initramfs and unified kernel image are highly experimental!" @@ -738,7 +738,7 @@ kernel-install_pkg_postinst() { kernel-install_pkg_postrm() { debug-print-function ${FUNCNAME} "$@" - if [[ -z ${ROOT} && ! ${KERNEL_IUSE_GENERIC_UKI} ]]; then + if [[ ! ${KERNEL_IUSE_GENERIC_UKI} ]]; then local kernel_dir=${EROOT}/usr/src/linux-${KV_FULL} local image_path=$(dist-kernel_get_image_path) ebegin "Removing initramfs" @@ -752,8 +752,6 @@ kernel-install_pkg_postrm() { # @DESCRIPTION: # Rebuild the initramfs and reinstall the kernel. kernel-install_pkg_config() { - [[ -z ${ROOT} ]] || die "ROOT!=/ not supported currently" - if [[ -z ${KV_FULL} ]]; then KV_FULL=${PV}${KV_LOCALVERSION} fi diff --git a/eclass/linux-mod-r1.eclass b/eclass/linux-mod-r1.eclass index 4e5b17548b04..f6a5d4f187d8 100644 --- a/eclass/linux-mod-r1.eclass +++ b/eclass/linux-mod-r1.eclass @@ -1,4 +1,4 @@ -# Copyright 2023-2024 Gentoo Authors +# Copyright 2023-2025 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 # @ECLASS: linux-mod-r1.eclass @@ -508,7 +508,7 @@ linux-mod-r1_pkg_postinst() { dist-kernel_compressed_module_cleanup "${EROOT}/lib/modules/${KV_FULL}" _modules_update_depmod - if [[ -z ${ROOT} && ${MODULES_INITRAMFS_IUSE} ]] && + if [[ ${MODULES_INITRAMFS_IUSE} ]] && use dist-kernel && use ${MODULES_INITRAMFS_IUSE#+} then dist-kernel_reinstall_initramfs "${KV_DIR}" "${KV_FULL}" diff --git a/eclass/mount-boot-utils.eclass b/eclass/mount-boot-utils.eclass index e24b4e0c0826..72b4c9ccd14a 100644 --- a/eclass/mount-boot-utils.eclass +++ b/eclass/mount-boot-utils.eclass @@ -1,4 +1,4 @@ -# Copyright 1999-2024 Gentoo Authors +# Copyright 1999-2025 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 # @ECLASS: mount-boot-utils.eclass @@ -16,6 +16,18 @@ # This eclass provides the functions used by mount-boot.eclass in an "inherit- # safe" way. This allows these functions to be used in other eclasses cleanly. +# @ECLASS_VARIABLE: DONT_MOUNT_BOOT +# @USER_VARIABLE +# @DESCRIPTION: +# May be set by the user or an ebuild to completely disable mount checking +# of the /boot partition and the EFI System Partition. + +# @ECLASS_VARIABLE: DONT_MOUNT_ESP +# @USER_VARIABLE +# @DESCRIPTION: +# May be set by the user or an ebuild to disable mount checking of the +# EFI System Partition only. + case ${EAPI} in 7|8) ;; *) die "${ECLASS}: EAPI ${EAPI:-0} not supported" ;; @@ -62,7 +74,7 @@ mount-boot_check_status() { local candidates=( /boot ) # If system is booted with UEFI, check for ESP as well - if [[ -d /sys/firmware/efi ]]; then + if [[ -d /sys/firmware/efi && -z ${DONT_MOUNT_ESP} ]]; then # Use same candidates for ESP as installkernel and eclean-kernel candidates+=( /efi /boot/efi /boot/EFI ) fi diff --git a/eclass/toolchain.eclass b/eclass/toolchain.eclass index c605c437f355..85b5a2b23392 100644 --- a/eclass/toolchain.eclass +++ b/eclass/toolchain.eclass @@ -688,6 +688,11 @@ toolchain_src_prepare() { eapply_user + # Workaround -march=native not working for stage1 with non-GCC (bug #933772). + if ! tc-is-gcc && [[ "${CFLAGS}${CXXFLAGS}" == *-march=native* ]] ; then + CLANG_DISABLE_CET_HACK=1 + fi + if ! use vanilla ; then tc_enable_hardened_gcc fi @@ -1178,11 +1183,6 @@ toolchain_src_configure() { export ac_cv_std_swap_in_utility=no fi - # Workaround -march=native not working for stage1 with non-GCC (bug #933772). - if ! tc-is-gcc && [[ "${CFLAGS}${CXXFLAGS}" == *-march=native* ]] ; then - CLANG_DISABLE_CET_HACK=1 - fi - local flag for flag in $(all-flag-vars) ; do einfo "${flag}=\"${!flag}\"" @@ -1804,7 +1804,7 @@ toolchain_src_configure() { fi case ${CBUILD}-${CHOST}-${CTARGET} in - *i686-w64-mingw32*|*x86_64-w64-mingw32*) + *-w*-mingw*) # config/i386/t-cygming requires fixincludes (bug #925204) GCC_RUN_FIXINCLUDES=1 ;; @@ -2961,6 +2961,12 @@ toolchain_pkg_postrm() { rm -f "${EROOT}"/usr/bin/${CTARGET}-{gcc,{g,c}++}{,32,64} fi return 0 + else + # Removed the last GCC installed (bug #906040) + if ! has_version "sys-devel/gcc" && has_version "sys-devel/clang" ; then + einfo "Last GCC version removed. Cleaning up ${EROOT}/etc/clang/gentoo-gcc-install.cfg." + echo > "${EROOT}"/etc/clang/gentoo-gcc-install.cfg + fi fi # gcc stopped installing .la files fixer in June 2020. |