diff options
author | V3n3RiX <venerix@koprulu.sector> | 2024-08-08 12:38:45 +0100 |
---|---|---|
committer | V3n3RiX <venerix@koprulu.sector> | 2024-08-08 12:38:45 +0100 |
commit | 14866757225815b9374acfc8453518951e0f910d (patch) | |
tree | 3fc69d84de25c5d40515dc05fdf5c5934ed69955 /sys-boot/grub/grub-9999.ebuild | |
parent | b8c7370a682e4e29cda623222d17a790c01c3642 (diff) |
gentoo auto-resync : 08:08:2024 - 12:38:45
Diffstat (limited to 'sys-boot/grub/grub-9999.ebuild')
-rw-r--r-- | sys-boot/grub/grub-9999.ebuild | 86 |
1 files changed, 85 insertions, 1 deletions
diff --git a/sys-boot/grub/grub-9999.ebuild b/sys-boot/grub/grub-9999.ebuild index f007f3aaa884..2b24a0433912 100644 --- a/sys-boot/grub/grub-9999.ebuild +++ b/sys-boot/grub/grub-9999.ebuild @@ -29,7 +29,8 @@ if [[ -n ${GRUB_AUTORECONF} ]]; then inherit autotools fi -inherit bash-completion-r1 flag-o-matic multibuild optfeature python-any-r1 toolchain-funcs +inherit bash-completion-r1 flag-o-matic multibuild optfeature python-any-r1 +inherit secureboot toolchain-funcs DESCRIPTION="GNU GRUB boot loader" HOMEPAGE="https://www.gnu.org/software/grub/" @@ -291,6 +292,70 @@ src_test() { grub_do emake -j1 check } +grub_mkstandalone_secureboot() { + use secureboot || return + + if tc-is-cross-compiler; then + ewarn "USE=secureboot is not supported when cross-compiling." + ewarn "No standalone EFI executable will be built." + return 1 + fi + + local standalone_targets + + case ${CTARGET:-${CHOST}} in + i?86* | x86_64*) + use grub_platforms_efi-32 && standalone_targets+=( i386-efi ) + use grub_platforms_efi-64 && standalone_targets+=( x86_64-efi ) + ;; + arm* | aarch64*) + use grub_platforms_efi-32 && standalone_targets+=( arm-efi ) + use grub_platforms_efi-64 && standalone_targets+=( arm64-efi ) + ;; + riscv*) + use grub_platforms_efi-32 && standalone_targets+=( riscv32-efi ) + use grub_platforms_efi-64 && standalone_targets+=( riscv64-efi ) + ;; + ia64*) + use grub_platforms_efi-64 && standalone_targets+=( ia64-efi ) + ;; + loongarch64*) + use grub_platforms_efi-64 && standalone_targets+=( loongarch64-efi ) + ;; + esac + + if [[ ${#standalone_targets[@]} -eq 0 ]]; then + ewarn "USE=secureboot is enabled, but no suitable EFI target in GRUB_PLATFORMS." + ewarn "No standalone EFI executable will be built." + return 1 + fi + + local target mkstandalone_args + + # grub-mkstandalone embeds a config file, make this config file chainload + # a config file in the same directory grub is installed in. This requires + # pre-loading the part_gpt and part_msdos modules. + echo 'configfile ${cmdpath}/grub.cfg' > "${T}/grub.cfg" || die + for target in "${standalone_targets[@]}"; do + ebegin "Building standalone EFI executable for ${target}" + mkstandalone_args=( + --verbose + --directory="${ED}/usr/lib/grub/${target}" + --locale-directory="${ED}/usr/share/locale" + --format="${target}" + --modules="part_gpt part_msdos" + --sbat="${ED}/usr/share/grub/sbat.csv" + --output="${ED}/usr/lib/grub/grub-${target%-efi}.efi" + "boot/grub/grub.cfg=${T}/grub.cfg" + ) + + "${ED}/usr/bin/grub-mkstandalone" "${mkstandalone_args[@]}" + eend ${?} || die "grub-mkstandalone failed to build EFI executable" + done + + secureboot_auto_sign +} + src_install() { grub_do emake install DESTDIR="${D}" bashcompletiondir="$(get_bashcompdir)" use doc && grub_do_once emake -C docs install-html DESTDIR="${D}" @@ -311,6 +376,8 @@ src_install() { # https://bugs.gentoo.org/900348 QA_CONFIG_IMPL_DECL_SKIP=( re_{compile_pattern,match,search,set_syntax} ) fi + + grub_mkstandalone_secureboot } pkg_postinst() { @@ -345,4 +412,21 @@ pkg_postinst() { ewarn "Due to security concerns, os-prober is disabled by default." ewarn "Set GRUB_DISABLE_OS_PROBER=false in /etc/default/grub to enable it." fi + + if use secureboot; then + elog + elog "The signed standalone grub EFI executable(s) are available in:" + elog " /usr/lib/grub/grub-<target>.efi(.signed)" + elog "These EFI executables should be copied to the usual location at:" + elog " ESP/EFI/Gentoo/grub<arch>.efi" + elog "Note that 'grub-install' does not install these images." + elog + elog "These standalone grub executables read the grub config file from" + elog "the grub.cfg in the same directory instead of the default" + elog "/boot/grub/grub.cfg. When sys-kernel/installkernel[grub] is used," + elog "the location of the grub.cfg may be overridden by setting the" + elog "GRUB_CFG environment variable:" + elog " GRUB_CFG=ESP/EFI/Gentoo/grub.cfg" + elog + fi } |