From b3e38cde60ab7d53ea5292aff3d4ad9fa9194012 Mon Sep 17 00:00:00 2001 From: JMARyA Date: Sat, 28 Dec 2024 06:39:16 +0100 Subject: [PATCH] fix --- .woodpecker/build.yml | 1 + src/install/kernel.rs | 10 ++++++++-- src/install/mod.rs | 2 +- src/install/security.rs | 42 +++++++++++++++++++++++++++++++++++++---- 4 files changed, 48 insertions(+), 7 deletions(-) diff --git a/.woodpecker/build.yml b/.woodpecker/build.yml index f75bea0..c74ba93 100644 --- a/.woodpecker/build.yml +++ b/.woodpecker/build.yml @@ -12,3 +12,4 @@ steps: from_secret: pacco_token KEY: from_secret: navos_key + diff --git a/src/install/kernel.rs b/src/install/kernel.rs index 5fdd2db..bec10e7 100644 --- a/src/install/kernel.rs +++ b/src/install/kernel.rs @@ -1,16 +1,22 @@ // MKINITCPIO + UKI -use crate::{print_status, run_command}; +use crate::{config::DriveConfig, print_status, run_command}; use super::str_vec; -pub fn setup_mkinitcpio() { +pub fn setup_mkinitcpio(conf: &DriveConfig) { print_status("Writing /etc/mkinitcpio.d/linux.preset"); std::fs::write( "/mnt/etc/mkinitcpio.d/linux.preset", include_str!("../root/mkinitcpio/linux.preset"), ) .unwrap(); + + // Set kernel cmdline + // TODO : Encryption support + std::fs::create_dir_all("/mnt/etc/kernel").unwrap(); + std::fs::write("/mnt/etc/kernel/cmdline", format!("root={}", conf.root)).unwrap(); + // TODO : more configs print_status("Writing /etc/mkinitcpio.conf"); std::fs::write( diff --git a/src/install/mod.rs b/src/install/mod.rs index a0c0049..8d257f3 100644 --- a/src/install/mod.rs +++ b/src/install/mod.rs @@ -119,7 +119,7 @@ pub fn install(conf: InstallConfig) { } setup_zram(); - setup_mkinitcpio(); + setup_mkinitcpio(&conf.drive); setup_secure_boot(); if conf.general.encryption { diff --git a/src/install/security.rs b/src/install/security.rs index 383646a..f6a3386 100644 --- a/src/install/security.rs +++ b/src/install/security.rs @@ -53,15 +53,34 @@ pub fn setup_secure_boot() { } } - run_command(&vec!["sbctl".into(), "create-keys".into()], None, false); + install_pkgs(&["sbctl", "sbsigntools"]); run_command( - &str_vec(vec!["sbctl", "enroll-keys", "--microsoft"]), + &vec![ + "arch-chroot".into(), + "/mnt".into(), + "sbctl".into(), + "create-keys".into(), + ], + None, + false, + ); + + run_command( + &str_vec(vec![ + "arch-chroot", + "/mnt", + "sbctl", + "enroll-keys", + "--microsoft", + ]), None, false, ); run_command( &str_vec(vec![ + "arch-chroot", + "/mnt", "sbctl", "sign", "-s", @@ -73,6 +92,8 @@ pub fn setup_secure_boot() { run_command( &str_vec(vec![ + "arch-chroot", + "/mnt", "sbctl", "sign", "-s", @@ -84,6 +105,8 @@ pub fn setup_secure_boot() { run_command( &str_vec(vec![ + "arch-chroot", + "/mnt", "sbctl", "sign", "-s", @@ -94,10 +117,21 @@ pub fn setup_secure_boot() { ); run_command( - &str_vec(vec!["sbctl", "sign", "-s", "/boot/EFI/Boot/bootx64.efi"]), + &str_vec(vec![ + "arch-chroot", + "/mnt", + "sbctl", + "sign", + "-s", + "/boot/EFI/Boot/bootx64.efi", + ]), None, false, ); - run_command(&str_vec(vec!["sbctl", "verify"]), None, false); + run_command( + &str_vec(vec!["arch-chroot", "/mnt", "sbctl", "verify"]), + None, + false, + ); }