fix

2024-12-28 06:39:16 +01:00 · 2024-12-28 06:39:16 +01:00 · b3e38cde60
commit b3e38cde60
parent 8a7ea6f8cf
4 changed files with 48 additions and 7 deletions
--- a/.woodpecker/build.yml
+++ b/.woodpecker/build.yml
@ -12,3 +12,4 @@ steps:
        from_secret: pacco_token
      KEY:
        from_secret: navos_key
+
--- a/src/install/kernel.rs
+++ b/src/install/kernel.rs
@ -1,16 +1,22 @@
 // MKINITCPIO + UKI

-use crate::{print_status, run_command};
+use crate::{config::DriveConfig, print_status, run_command};

 use super::str_vec;

-pub fn setup_mkinitcpio() {
+pub fn setup_mkinitcpio(conf: &DriveConfig) {
    print_status("Writing /etc/mkinitcpio.d/linux.preset");
    std::fs::write(
        "/mnt/etc/mkinitcpio.d/linux.preset",
        include_str!("../root/mkinitcpio/linux.preset"),
    )
    .unwrap();
+
+    // Set kernel cmdline
+    // TODO : Encryption support
+    std::fs::create_dir_all("/mnt/etc/kernel").unwrap();
+    std::fs::write("/mnt/etc/kernel/cmdline", format!("root={}", conf.root)).unwrap();
+
    // TODO : more configs
    print_status("Writing /etc/mkinitcpio.conf");
    std::fs::write(
--- a/src/install/mod.rs
+++ b/src/install/mod.rs
@ -119,7 +119,7 @@ pub fn install(conf: InstallConfig) {
    }

    setup_zram();
-    setup_mkinitcpio();
+    setup_mkinitcpio(&conf.drive);
    setup_secure_boot();

    if conf.general.encryption {
--- a/src/install/security.rs
+++ b/src/install/security.rs
@ -53,15 +53,34 @@ pub fn setup_secure_boot() {
        }
    }

-    run_command(&vec!["sbctl".into(), "create-keys".into()], None, false);
+    install_pkgs(&["sbctl", "sbsigntools"]);

    run_command(
-        &str_vec(vec!["sbctl", "enroll-keys", "--microsoft"]),
+        &vec![
+            "arch-chroot".into(),
+            "/mnt".into(),
+            "sbctl".into(),
+            "create-keys".into(),
+        ],
+        None,
+        false,
+    );
+
+    run_command(
+        &str_vec(vec![
+            "arch-chroot",
+            "/mnt",
+            "sbctl",
+            "enroll-keys",
+            "--microsoft",
+        ]),
        None,
        false,
    );
    run_command(
        &str_vec(vec![
+            "arch-chroot",
+            "/mnt",
            "sbctl",
            "sign",
            "-s",
@ -73,6 +92,8 @@ pub fn setup_secure_boot() {

    run_command(
        &str_vec(vec![
+            "arch-chroot",
+            "/mnt",
            "sbctl",
            "sign",
            "-s",
@ -84,6 +105,8 @@ pub fn setup_secure_boot() {

    run_command(
        &str_vec(vec![
+            "arch-chroot",
+            "/mnt",
            "sbctl",
            "sign",
            "-s",
@ -94,10 +117,21 @@ pub fn setup_secure_boot() {
    );

    run_command(
-        &str_vec(vec!["sbctl", "sign", "-s", "/boot/EFI/Boot/bootx64.efi"]),
+        &str_vec(vec![
+            "arch-chroot",
+            "/mnt",
+            "sbctl",
+            "sign",
+            "-s",
+            "/boot/EFI/Boot/bootx64.efi",
+        ]),
        None,
        false,
    );

-    run_command(&str_vec(vec!["sbctl", "verify"]), None, false);
+    run_command(
+        &str_vec(vec!["arch-chroot", "/mnt", "sbctl", "verify"]),
+        None,
+        false,
+    );
 }