Merge pull request #28999 from keszybz/two-man-ukify-fixe

Make ukify non-experimental
2024-07-21 02:05:05 +00:00 · 2023-08-29 16:08:49 +01:00 · 2023-08-29 16:08:49 +01:00 · de6906b1c1
parent 6a73a4f7c4 594e27b0bc
commit de6906b1c1
4 changed files with 27 additions and 11 deletions
--- a/man/ukify.xml
+++ b/man/ukify.xml
@ -22,19 +22,28 @@

  <refsynopsisdiv>
    <cmdsynopsis>
-      <command>/usr/lib/systemd/ukify</command>
+      <command>ukify</command>
      <arg choice="opt" rep="repeat">OPTIONS</arg>
      <arg choice="plain">build</arg>
+    </cmdsynopsis>
+
+    <cmdsynopsis>
+      <command>ukify</command>
+      <arg choice="opt" rep="repeat">OPTIONS</arg>
      <arg choice="plain">genkey</arg>
    </cmdsynopsis>
+
+    <cmdsynopsis>
+      <command>ukify</command>
+      <arg choice="opt" rep="repeat">OPTIONS</arg>
+      <arg choice="plain">inspect</arg>
+      <arg choice="plain" rep="repeat">FILE</arg>
+    </cmdsynopsis>
  </refsynopsisdiv>

  <refsect1>
    <title>Description</title>

-    <para>Note: this command is experimental for now. While it is intended to become a regular component of
-    systemd, it might still change in behaviour and interface.</para>
-
    <para><command>ukify</command> is a tool whose primary purpose is to combine components (usually a
    kernel, an initrd, and a UEFI boot stub) to create a
    <ulink url="https://uapi-group.org/specifications/specs/unified_kernel_image/">Unified Kernel Image (UKI)</ulink>
@ -505,7 +514,7 @@
    <example>
      <title>All the bells and whistles</title>

-      <programlisting>$ /usr/lib/systemd/ukify build \
+      <programlisting>$ ukify build \
      --linux=/lib/modules/6.0.9-300.fc37.x86_64/vmlinuz \
      --initrd=early_cpio \
      --initrd=/some/path/initramfs-6.0.9-300.fc37.x86_64.img \
@ -564,7 +573,7 @@ Phases=enter-initrd:leave-initrd
       enter-initrd:leave-initrd:sysinit
       enter-initrd:leave-initrd:sysinit:ready

-$ /usr/lib/systemd/ukify -c ukify.conf build \
+$ ukify -c ukify.conf build \
        --linux=/lib/modules/6.0.9-300.fc37.x86_64/vmlinuz \
        --initrd=/some/path/initramfs-6.0.9-300.fc37.x86_64.img
      </programlisting>
@ -600,7 +609,7 @@ $ /usr/lib/systemd/ukify -c ukify.conf build \
 <xi:include href="uki.conf.example" parse="text" />EOF</programlisting>

      <para>Next, we can generate the certificate and keys:</para>
-      <programlisting># /usr/lib/systemd/ukify genkey --config=/etc/kernel/uki.conf
+      <programlisting># ukify genkey --config=/etc/kernel/uki.conf
 Writing SecureBoot private key to /etc/kernel/secure-boot.key.pem
 Writing SecureBoot certificate to /etc/kernel/secure-boot.cert.pem
 Writing private key for PCR signing to /etc/kernel/pcr-initrd.key.pem
@ -613,7 +622,7 @@ Writing public key for PCR signing to /etc/kernel/pcr-system.pub.pem
      to <filename>/etc/kernel/</filename>.)</para>

      <para>Subsequent invocations of using the config file
-      (<command>/usr/lib/systemd/ukify build --config=/etc/kernel/uki.conf</command>)
+      (<command>ukify build --config=/etc/kernel/uki.conf</command>)
      will use this certificate and key files. Note that the
      <citerefentry><refentrytitle>kernel-install</refentrytitle><manvolnum>8</manvolnum></citerefentry>
      plugin <filename>60-ukify.install</filename> uses <filename>/etc/kernel/uki.conf</filename>
--- a/meson.build
+++ b/meson.build
@ -2417,9 +2417,13 @@ ukify = custom_target(
        command : [jinja2_cmdline, '@INPUT@', '@OUTPUT@'],
        install : want_ukify,
        install_mode : 'rwxr-xr-x',
-        install_dir : libexecdir)
+        install_dir : bindir)
 if want_ukify
        public_programs += ukify
+
+        meson.add_install_script(sh, '-c',
+                                 ln_s.format(bindir / 'ukify',
+                                             libexecdir / 'ukify'))
 endif

 ############################################################
--- a/src/kernel-install/60-ukify.install.in
+++ b/src/kernel-install/60-ukify.install.in
@ -34,7 +34,7 @@ except (KeyError, ValueError):
    VERBOSE = False

 # Override location of ukify and the boot stub for testing and debugging.
-UKIFY = os.getenv('KERNEL_INSTALL_UKIFY', '/usr/lib/systemd/ukify')
+UKIFY = os.getenv('KERNEL_INSTALL_UKIFY', 'ukify')
 BOOT_STUB = os.getenv('KERNEL_INSTALL_BOOT_STUB')


--- a/src/ukify/ukify.py
+++ b/src/ukify/ukify.py
@ -1413,7 +1413,10 @@ def apply_config(namespace, filename=None):
    # Do not make keys lowercase
    cp.optionxform = lambda option: option

-    cp.read(filename)
+    # The API is not great.
+    read = cp.read(filename)
+    if not read:
+        raise IOError(f'Failed to read {filename}')

    for section_name, section in cp.items():
        idx = section_name.find(':')