woodci/alma
1
0
Fork 0
mirror of https://github.com/philmmanjaro/alma.git synced 2025-07-25 22:49:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

Enable secure boot (fix #44) (#65)

Browse Source
This commit is contained in:
Roey Darwish Dror 2020-11-30 08:09:50 +02:00 committed by Philip Mueller
parent 38d0085ba1
commit f594fc2ffc
1 changed files with 78 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

137
src/main.rs
View File

@ -225,10 +225,14 @@ fn create(command: args::CreateCommand) -> anyhow::Result<()> {
packages.extend(presets.packages); packages.extend(presets.packages);
let use_aur = !(presets.aur_packages.is_empty() && command.aur_packages.is_empty()); let aur_pacakges = {
if use_aur { let mut p = vec![String::from("shim-signed")];
packages.extend(constants::AUR_DEPENDENCIES.iter().map(|s| String::from(*s))); p.extend(presets.aur_packages);
} p.extend(command.aur_packages);
p
};
packages.extend(constants::AUR_DEPENDENCIES.iter().map(|s| String::from(*s)));
info!("Bootstrapping system"); info!("Bootstrapping system");
pacstrap pacstrap
@ -277,68 +281,66 @@ fn create(command: args::CreateCommand) -> anyhow::Result<()> {
.run() .run()
.context("locale-gen failed")?; .context("locale-gen failed")?;
if use_aur { info!("Installing AUR packages");
info!("Installing AUR packages");
arch_chroot arch_chroot
.execute() .execute()
.arg(mount_point.path()) .arg(mount_point.path())
.args(&["useradd", "-m", "aur"]) .args(&["useradd", "-m", "aur"])
.run() .run()
.context("Failed to create temporary user to install AUR packages")?; .context("Failed to create temporary user to install AUR packages")?;
let aur_sudoers = mount_point.path().join("etc/sudoers.d/aur"); let aur_sudoers = mount_point.path().join("etc/sudoers.d/aur");
fs::write(&aur_sudoers, "aur ALL=(ALL) NOPASSWD: ALL") fs::write(&aur_sudoers, "aur ALL=(ALL) NOPASSWD: ALL")
.context("Failed to modify sudoers file for AUR packages")?; .context("Failed to modify sudoers file for AUR packages")?;
arch_chroot arch_chroot
.execute() .execute()
.arg(mount_point.path()) .arg(mount_point.path())
.args(&["sudo", "-u", "aur"]) .args(&["sudo", "-u", "aur"])
.arg("git") .arg("git")
.arg("clone") .arg("clone")
.arg(format!( .arg(format!(
"https://aur.archlinux.org/{}.git", "https://aur.archlinux.org/{}.git",
&command.aur_helper.package_name &command.aur_helper.package_name
)) ))
.arg(format!("/home/aur/{}", &command.aur_helper.name)) .arg(format!("/home/aur/{}", &command.aur_helper.name))
.run() .run()
.context("Failed to clone AUR helper package")?; .context("Failed to clone AUR helper package")?;
arch_chroot arch_chroot
.execute() .execute()
.arg(mount_point.path()) .arg(mount_point.path())
.args(&[ .args(&[
"bash", "bash",
"-c", "-c",
&format!( &format!(
"cd /home/aur/{} && sudo -u aur makepkg -s -i --noconfirm", "cd /home/aur/{} && sudo -u aur makepkg -s -i --noconfirm",
&command.aur_helper.name &command.aur_helper.name
), ),
]) ])
.run() .run()
.context("Failed to build AUR helper")?; .context("Failed to build AUR helper")?;
arch_chroot arch_chroot
.execute() .execute()
.arg(mount_point.path()) .arg(mount_point.path())
.args(&["sudo", "-u", "aur"]) .args(&["sudo", "-u", "aur"])
.args(&command.aur_helper.install_command) .args(&command.aur_helper.install_command)
.args(presets.aur_packages) .args(aur_pacakges)
.args(&command.aur_packages) .run()
.run() .context("Failed to install AUR packages")?;
.context("Failed to install AUR packages")?;
// Clean up aur user: // Clean up aur user:
arch_chroot arch_chroot
.execute() .execute()
.arg(mount_point.path()) .arg(mount_point.path())
.args(&["userdel", "-r", "aur"]) .args(&["userdel", "-r", "aur"])
.run() .run()
.context("Failed to delete temporary aur user")?; .context("Failed to delete temporary aur user")?;
fs::remove_file(&aur_sudoers).context("Cannot delete the AUR sudoers temporary file")?;
fs::remove_file(&aur_sudoers).context("Cannot delete the AUR sudoers temporary file")?;
}
if !presets.scripts.is_empty() { if !presets.scripts.is_empty() {
info!("Running custom scripts"); info!("Running custom scripts");
} }
@ -457,6 +459,23 @@ fn create(command: args::CreateCommand) -> anyhow::Result<()> {
.arg(format!("grub-install --target=i386-pc --boot-directory /boot {} && grub-install --target=x86_64-efi --efi-directory /boot --boot-directory /boot --removable && grub-mkconfig -o /boot/grub/grub.cfg", disk_path.display())) .arg(format!("grub-install --target=i386-pc --boot-directory /boot {} && grub-install --target=x86_64-efi --efi-directory /boot --boot-directory /boot --removable && grub-mkconfig -o /boot/grub/grub.cfg", disk_path.display()))
.run().context("Failed to install grub")?; .run().context("Failed to install grub")?;
let bootloader = mount_point.path().join("boot/EFI/BOOT/BOOTX64.efi");
fs::rename(
&bootloader,
mount_point.path().join("boot/EFI/BOOT/grubx64.efi"),
)
.context("Cannot move out grub")?;
fs::copy(
mount_point.path().join("usr/share/shim-signed/mmx64.efi"),
mount_point.path().join("boot/EFI/BOOT/mmx64.efi"),
)
.context("Failed copying mmx64")?;
fs::copy(
mount_point.path().join("usr/share/shim-signed/shimx64.efi"),
bootloader,
)
.context("Failed copying shim")?;
debug!( debug!(
"GRUB configuration: {}", "GRUB configuration: {}",
fs::read_to_string(mount_point.path().join("boot/grub/grub.cfg")) fs::read_to_string(mount_point.path().join("boot/grub/grub.cfg"))