napcok/calamares
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #1868 from dalto8/fix-initcpio

Browse Source 
initcpio module fixes
This commit is contained in:
Adriaan de Groot 2022-01-12 11:19:36 +01:00 committed by GitHub
commit 624bb13736
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 34 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
src/modules/initcpio/InitcpioJob.cpp
View File

@ -1,6 +1,7 @@
/* === This file is part of Calamares - <https://calamares.io> === /* === This file is part of Calamares - <https://calamares.io> ===
* *
* SPDX-FileCopyrightText: 2019 Adriaan de Groot <groot@kde.org> * SPDX-FileCopyrightText: 2019 Adriaan de Groot <groot@kde.org>
* SPDX-FileCopyrightText: 2022 Evan James <dalto@fastmail.com>
* SPDX-License-Identifier: GPL-3.0-or-later * SPDX-License-Identifier: GPL-3.0-or-later
* *
* Calamares is Free Software: see the License-Identifier above. * Calamares is Free Software: see the License-Identifier above.
@ -31,15 +32,22 @@ InitcpioJob::prettyName() const
return tr( "Creating initramfs with mkinitcpio." ); return tr( "Creating initramfs with mkinitcpio." );
} }
/** @brief Sets secure permissions on each initramfs
*
* Iterates over each initramfs contained directly in the directory @p d.
* For each initramfs found, the permissions are set to owner read/write only.
*
*/
void void
fixPermissions( const QDir& d ) fixPermissions( const QDir& d )
{ {
for ( const auto& fi : d.entryInfoList( { "initramfs*" }, QDir::Files ) ) const auto initramList = d.entryInfoList( { "initramfs*" }, QDir::Files );
for ( const auto& fi : initramList )
{ {
QFile f( fi.absoluteFilePath() ); QFile f( fi.absoluteFilePath() );
if ( f.exists() ) if ( f.exists() )
{ {
cDebug() << "initcpio fixing permissions for" << f.fileName(); cDebug() << "initcpio setting permissions for" << f.fileName();
f.setPermissions( QFileDevice::ReadOwner | QFileDevice::WriteOwner ); f.setPermissions( QFileDevice::ReadOwner | QFileDevice::WriteOwner );
} }
} }
@ -63,9 +71,19 @@ InitcpioJob::exec()
} }
} }
// If the kernel option isn't set to a specific kernel, run mkinitcpio on all kernels
QStringList command = { "mkinitcpio" };
if ( m_kernel.isEmpty() || m_kernel == "all" )
{
command.append( "-P" );
}
else
{
command.append( { "-p", m_kernel } );
}
cDebug() << "Updating initramfs with kernel" << m_kernel; cDebug() << "Updating initramfs with kernel" << m_kernel;
auto r = CalamaresUtils::System::instance()->targetEnvCommand( auto r = CalamaresUtils::System::instance()->targetEnvCommand( command, QString(), QString() /* no timeout , 0 */ );
{ "mkinitcpio", "-p", m_kernel }, QString(), QString() /* no timeout , 0 */ );
return r.explainProcess( "mkinitcpio", std::chrono::seconds( 10 ) /* fake timeout */ ); return r.explainProcess( "mkinitcpio", std::chrono::seconds( 10 ) /* fake timeout */ );
} }
@ -73,28 +91,6 @@ void
InitcpioJob::setConfigurationMap( const QVariantMap& configurationMap ) InitcpioJob::setConfigurationMap( const QVariantMap& configurationMap )
{ {
m_kernel = CalamaresUtils::getString( configurationMap, "kernel" ); m_kernel = CalamaresUtils::getString( configurationMap, "kernel" );
if ( m_kernel.isEmpty() )
{
m_kernel = QStringLiteral( "all" );
}
else if ( m_kernel == "$uname" )
{
auto r = CalamaresUtils::System::runCommand( CalamaresUtils::System::RunLocation::RunInHost,
{ "/bin/uname", "-r" },
QString(),
QString(),
std::chrono::seconds( 3 ) );
if ( r.getExitCode() == 0 )
{
m_kernel = r.getOutput();
cDebug() << "*initcpio* using running kernel" << m_kernel;
}
else
{
cWarning() << "*initcpio* could not determine running kernel, using 'all'." << Logger::Continuation
<< r.getExitCode() << r.getOutput();
}
}
m_unsafe = CalamaresUtils::getBool( configurationMap, "be_unsafe", false ); m_unsafe = CalamaresUtils::getBool( configurationMap, "be_unsafe", false );
} }

23
src/modules/initcpio/initcpio.conf
View File

@ -5,21 +5,22 @@
--- ---
# This key defines the kernel to be loaded. # This key defines the kernel to be loaded.
# It can have the following values: # It can have the following values:
# - empty or unset, interpreted as "all" # - the name of a single mkinitcpio preset
# - the literal string "$uname" (without quotes, with dollar), # - empty or unset
# which will use the output of `uname -r` to determine the # - the literal string "all"
# running kernel, and use that.
# - any other string.
# #
# Whatever is set, that string is passed as *preset* argument to the # If kernel is set to "all" or empty/unset then mkinitpio is called for all
# `-p` option of *mkinitcpio*. Take care that both "$uname" operates # kernels. Otherwise it is called with a single preset with the value
# in the host system, and might not be correct if the target system is # contained in kernel.
# updated (to a newer kernel) as part of the installation.
# #
# Note that "all" is probably not a good preset to use either. kernel: linux
kernel: linux312
# Set this to true to turn off mitigations for lax file # Set this to true to turn off mitigations for lax file
# permissions on initramfs (which, in turn, can compromise # permissions on initramfs (which, in turn, can compromise
# your LUKS encryption keys, CVS-2019-13179). # your LUKS encryption keys, CVS-2019-13179).
#
# If your initramfs are stored in the EFI partition or another non-POSIX
# filesystem, this has no effect as the file permissions cannot be changed.
# In this case, ensure the partition is mounted securely.
#
be_unsafe: false be_unsafe: false