adminconf/debian-uki
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Alexandre CATTEAU 2023-06-25 12:28:34 +02:00
commit b4f4ca7a0e
5 changed files with 66 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
99build-uki Normal file
View File

@ -0,0 +1,2 @@
# Invoke script to build and sign UKI
DPkg::Post-Invoke {"PH_PATH"};

18
README.md Normal file
View File

@ -0,0 +1,18 @@
# Debian UKI
The purpose is automatize building and signing of a Unified Kernel Image on Debian and derivatives after kernel or
initramfs update.
### Important
The auto-update of this script should be disabled! Make sure to create `.disabled` file.
### Files
* `build-uki.sh` is the main script, which builds and signs the UKI.
* `99build-uki` is an APT hook to invoke the main script.
* `variables.conf.template` contains examples variables definitions, and should be copied locally to `variables.conf`
(with any required modifications).
#### Installation
* `install.sh` script copies APT hook to its destination, so the script is invoked after updates.
### TODO
* find a way to invoke script **only** on kernel or initramfs update

16
build-uki.sh Executable file
View File

@ -0,0 +1,16 @@
#!/usr/bin/env bash
run_directory=$(dirname $(readlink -f "$0"))
source "$run_directory/variables.conf"
# Build UKI
objcopy \
--add-section .osrel=/etc/os-release --change-section-vma .osrel=0x20000 \
--add-section .cmdline="/etc/kernel/cmdline" --change-section-vma .cmdline=0x30000 \
--add-section .linux="$path_to_vmlinuz_link/vmlinuz" --change-section-vma .linux=0x40000 \
--add-section .initrd="$path_to_vmlinuz_link/initrd.img" --change-section-vma .initrd=0x3000000 \
/usr/lib/systemd/boot/efi/linuxx64.efi.stub $path_to_uki
# TODO Sign UKI
exit 0

24
install.sh Executable file
View File

@ -0,0 +1,24 @@
#!/usr/bin/env bash
run_directory=$(dirname $(readlink -f "$0"))
user=$(whoami)
source "$run_directory/variables.conf"
if [ -f $run_directory/.disabled ]; then
echo "Installation is disabled. Exiting..."
exit 0
fi
if [[ $user != 'root' ]]; then
sudo="sudo"
else
sudo=""
fi
echo "Copying APT hook to APT conf directory..."
$sudo cp $run_directory/99build-uki /etc/apt/apt.conf.d/99build-uki
$sudo sed -i -e "s:PH_PATH:$run_directory/build-uki.sh:g" /etc/apt/apt.conf.d/99build-uki
echo "Finished install. Exiting..."
exit 0

6
variables.conf.template Normal file
View File

@ -0,0 +1,6 @@
#!/usr/bin/env bash
# Copy this file as variables.conf, with the correct values
path_to_vmlinuz_link=/boot # /boot in Ubuntu 22.04, / in Debian 11
path_to_uki=/efi/EFI/debian/debian-linux.efi