[isar-cip-core][PATCH] efibootguard-efi: Use correct search path for the efibinary


Quirin Gylstorff
 

From: Quirin Gylstorff <quirin.gylstorff@...>

This fixes the build error:
```
ERROR: _exec_cmd: cp /usr/share/efibootguard/efibootguardx64.efi /tmp/tmp.1Y4utA1zC2/sentron-product-sentron-sentron.wic/tmp.wic.ampnawp6/bootx64.efi returned '1' instead of 0
output: cp: cannot stat '/usr/share/efibootguard/efibootguardx64.efi': No such file or directory
```

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
---
scripts/lib/wic/plugins/source/efibootguard-efi.py | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/scripts/lib/wic/plugins/source/efibootguard-efi.py b/scripts/lib/wic/plugins/source/efibootguard-efi.py
index e1411cb..a01e484 100644
--- a/scripts/lib/wic/plugins/source/efibootguard-efi.py
+++ b/scripts/lib/wic/plugins/source/efibootguard-efi.py
@@ -59,8 +59,10 @@ class EfibootguardEFIPlugin(SourcePlugin):
}

distro_arch = get_bitbake_var("DISTRO_ARCH")
- bootloader = "/usr/share/efibootguard/efibootguard{}.efi".format(
- distro_to_efi_arch[distro_arch])
+ rootfs_path = rootfs_dir.get('ROOTFS_DIR')
+ bootloader = "{rootfs_path}/usr/share/efibootguard/efibootguard{efiarch}.efi".format(
+ rootfs_path=rootfs_path,
+ efiarch=distro_to_efi_arch[distro_arch])
part_rootfs_dir = "%s/disk/%s.%s" % (cr_workdir,
part.label,
part.lineno)
--
2.35.1


Jan Kiszka
 

On 24.05.22 16:57, Quirin Gylstorff wrote:
From: Quirin Gylstorff <quirin.gylstorff@...>

This fixes the build error:
```
ERROR: _exec_cmd: cp /usr/share/efibootguard/efibootguardx64.efi /tmp/tmp.1Y4utA1zC2/sentron-product-sentron-sentron.wic/tmp.wic.ampnawp6/bootx64.efi returned '1' instead of 0
output: cp: cannot stat '/usr/share/efibootguard/efibootguardx64.efi': No such file or directory
```

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
---
scripts/lib/wic/plugins/source/efibootguard-efi.py | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/scripts/lib/wic/plugins/source/efibootguard-efi.py b/scripts/lib/wic/plugins/source/efibootguard-efi.py
index e1411cb..a01e484 100644
--- a/scripts/lib/wic/plugins/source/efibootguard-efi.py
+++ b/scripts/lib/wic/plugins/source/efibootguard-efi.py
@@ -59,8 +59,10 @@ class EfibootguardEFIPlugin(SourcePlugin):
}

distro_arch = get_bitbake_var("DISTRO_ARCH")
- bootloader = "/usr/share/efibootguard/efibootguard{}.efi".format(
- distro_to_efi_arch[distro_arch])
+ rootfs_path = rootfs_dir.get('ROOTFS_DIR')
+ bootloader = "{rootfs_path}/usr/share/efibootguard/efibootguard{efiarch}.efi".format(
+ rootfs_path=rootfs_path,
+ efiarch=distro_to_efi_arch[distro_arch])
part_rootfs_dir = "%s/disk/%s.%s" % (cr_workdir,
part.label,
part.lineno)
Makes sense in first sight - but why did it work so far? Or did I miss
to test one of the two cases (signed/unsigned)? Did you test both?

Jan

--
Siemens AG, Technology
Competence Center Embedded Linux


Quirin Gylstorff
 

On 5/24/22 17:07, Jan Kiszka wrote:
On 24.05.22 16:57, Quirin Gylstorff wrote:
From: Quirin Gylstorff <quirin.gylstorff@...>

This fixes the build error:
```
ERROR: _exec_cmd: cp /usr/share/efibootguard/efibootguardx64.efi /tmp/tmp.1Y4utA1zC2/sentron-product-sentron-sentron.wic/tmp.wic.ampnawp6/bootx64.efi returned '1' instead of 0
output: cp: cannot stat '/usr/share/efibootguard/efibootguardx64.efi': No such file or directory
```

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
---
scripts/lib/wic/plugins/source/efibootguard-efi.py | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/scripts/lib/wic/plugins/source/efibootguard-efi.py b/scripts/lib/wic/plugins/source/efibootguard-efi.py
index e1411cb..a01e484 100644
--- a/scripts/lib/wic/plugins/source/efibootguard-efi.py
+++ b/scripts/lib/wic/plugins/source/efibootguard-efi.py
@@ -59,8 +59,10 @@ class EfibootguardEFIPlugin(SourcePlugin):
}
distro_arch = get_bitbake_var("DISTRO_ARCH")
- bootloader = "/usr/share/efibootguard/efibootguard{}.efi".format(
- distro_to_efi_arch[distro_arch])
+ rootfs_path = rootfs_dir.get('ROOTFS_DIR')
+ bootloader = "{rootfs_path}/usr/share/efibootguard/efibootguard{efiarch}.efi".format(
+ rootfs_path=rootfs_path,
+ efiarch=distro_to_efi_arch[distro_arch])
part_rootfs_dir = "%s/disk/%s.%s" % (cr_workdir,
part.label,
part.lineno)
Makes sense in first sight - but why did it work so far? Or did I miss
to test one of the two cases (signed/unsigned)? Did you test both?
Jan
I am still try to find the reason why it work in isar-cip-core. The error occured in a downstream project.

Quirin


Quirin Gylstorff
 

On 5/24/22 17:23, Quirin Gylstorff via lists.cip-project.org wrote:
On 5/24/22 17:07, Jan Kiszka wrote:
On 24.05.22 16:57, Quirin Gylstorff wrote:
From: Quirin Gylstorff <quirin.gylstorff@...>

This fixes the build error:
```
ERROR: _exec_cmd: cp /usr/share/efibootguard/efibootguardx64.efi /tmp/tmp.1Y4utA1zC2/sentron-product-sentron-sentron.wic/tmp.wic.ampnawp6/bootx64.efi returned '1' instead of 0
output: cp: cannot stat '/usr/share/efibootguard/efibootguardx64.efi': No such file or directory
```

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
---
  scripts/lib/wic/plugins/source/efibootguard-efi.py | 6 ++++--
  1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/scripts/lib/wic/plugins/source/efibootguard-efi.py b/scripts/lib/wic/plugins/source/efibootguard-efi.py
index e1411cb..a01e484 100644
--- a/scripts/lib/wic/plugins/source/efibootguard-efi.py
+++ b/scripts/lib/wic/plugins/source/efibootguard-efi.py
@@ -59,8 +59,10 @@ class EfibootguardEFIPlugin(SourcePlugin):
          }
          distro_arch = get_bitbake_var("DISTRO_ARCH")
-        bootloader = "/usr/share/efibootguard/efibootguard{}.efi".format(
-            distro_to_efi_arch[distro_arch])
+        rootfs_path = rootfs_dir.get('ROOTFS_DIR')
+        bootloader = "{rootfs_path}/usr/share/efibootguard/efibootguard{efiarch}.efi".format(
+            rootfs_path=rootfs_path,
+            efiarch=distro_to_efi_arch[distro_arch])
          part_rootfs_dir = "%s/disk/%s.%s" % (cr_workdir,
                                               part.label,
                                               part.lineno)
Makes sense in first sight - but why did it work so far? Or did I miss
to test one of the two cases (signed/unsigned)? Did you test both?

Jan
I am still try to find the reason why it work in isar-cip-core. The error occured in a downstream project.
In isar-cip-core the error never occured as we install `efibootguard`
as a dependency for wic[1].

efibootguard-boot uses the same logic[2] to access the kernel stub.


We should decide which is the correct way. I would prefer that we take both stubs from the buildchroot.

[1]: https://gitlab.com/cip-project/cip-core/isar-cip-core/-/blob/master/kas/opt/efibootguard.yml#L24

[2]: https://gitlab.com/cip-project/cip-core/isar-cip-core/-/blob/master/scripts/lib/wic/plugins/source/efibootguard-boot.py#L190

Quirin


Jan Kiszka
 

On 24.05.22 17:38, Gylstorff Quirin wrote:


On 5/24/22 17:23, Quirin Gylstorff via lists.cip-project.org wrote:


On 5/24/22 17:07, Jan Kiszka wrote:
On 24.05.22 16:57, Quirin Gylstorff wrote:
From: Quirin Gylstorff <quirin.gylstorff@...>

This fixes the build error:
```
ERROR: _exec_cmd: cp /usr/share/efibootguard/efibootguardx64.efi
/tmp/tmp.1Y4utA1zC2/sentron-product-sentron-sentron.wic/tmp.wic.ampnawp6/bootx64.efi
returned '1' instead of 0
output: cp: cannot stat
'/usr/share/efibootguard/efibootguardx64.efi': No such file or
directory
```

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
---
  scripts/lib/wic/plugins/source/efibootguard-efi.py | 6 ++++--
  1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/scripts/lib/wic/plugins/source/efibootguard-efi.py
b/scripts/lib/wic/plugins/source/efibootguard-efi.py
index e1411cb..a01e484 100644
--- a/scripts/lib/wic/plugins/source/efibootguard-efi.py
+++ b/scripts/lib/wic/plugins/source/efibootguard-efi.py
@@ -59,8 +59,10 @@ class EfibootguardEFIPlugin(SourcePlugin):
          }
          distro_arch = get_bitbake_var("DISTRO_ARCH")
-        bootloader =
"/usr/share/efibootguard/efibootguard{}.efi".format(
-            distro_to_efi_arch[distro_arch])
+        rootfs_path = rootfs_dir.get('ROOTFS_DIR')
+        bootloader =
"{rootfs_path}/usr/share/efibootguard/efibootguard{efiarch}.efi".format(

+            rootfs_path=rootfs_path,
+            efiarch=distro_to_efi_arch[distro_arch])
          part_rootfs_dir = "%s/disk/%s.%s" % (cr_workdir,
                                               part.label,
                                               part.lineno)
Makes sense in first sight - but why did it work so far? Or did I miss
to test one of the two cases (signed/unsigned)? Did you test both?

Jan
I am still try to find the reason why it work in isar-cip-core. The
error occured in a downstream project.
In isar-cip-core the error never occured as we install `efibootguard`
as a dependency for wic[1].

efibootguard-boot uses the same logic[2] to access the kernel stub.


We should decide which is the correct way. I would prefer that we take
both stubs from the buildchroot.
Yes, the preferred source for bootloader artifacts should be the
buildchroot and NOT that target image. We are currently installing more
on the target as practically needed. If that should ever change, things
shouldn't break here at plugin level.

Jan

[1]:
https://gitlab.com/cip-project/cip-core/isar-cip-core/-/blob/master/kas/opt/efibootguard.yml#L24

[2]:
https://gitlab.com/cip-project/cip-core/isar-cip-core/-/blob/master/scripts/lib/wic/plugins/source/efibootguard-boot.py#L190

Quirin
--
Siemens AG, Technology
Competence Center Embedded Linux


Quirin Gylstorff
 

On 5/24/22 17:50, Jan Kiszka wrote:
On 24.05.22 17:38, Gylstorff Quirin wrote:


On 5/24/22 17:23, Quirin Gylstorff via lists.cip-project.org wrote:


On 5/24/22 17:07, Jan Kiszka wrote:
On 24.05.22 16:57, Quirin Gylstorff wrote:
From: Quirin Gylstorff <quirin.gylstorff@...>

This fixes the build error:
```
ERROR: _exec_cmd: cp /usr/share/efibootguard/efibootguardx64.efi
/tmp/tmp.1Y4utA1zC2/sentron-product-sentron-sentron.wic/tmp.wic.ampnawp6/bootx64.efi
returned '1' instead of 0
output: cp: cannot stat
'/usr/share/efibootguard/efibootguardx64.efi': No such file or
directory
```

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
---
  scripts/lib/wic/plugins/source/efibootguard-efi.py | 6 ++++--
  1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/scripts/lib/wic/plugins/source/efibootguard-efi.py
b/scripts/lib/wic/plugins/source/efibootguard-efi.py
index e1411cb..a01e484 100644
--- a/scripts/lib/wic/plugins/source/efibootguard-efi.py
+++ b/scripts/lib/wic/plugins/source/efibootguard-efi.py
@@ -59,8 +59,10 @@ class EfibootguardEFIPlugin(SourcePlugin):
          }
          distro_arch = get_bitbake_var("DISTRO_ARCH")
-        bootloader =
"/usr/share/efibootguard/efibootguard{}.efi".format(
-            distro_to_efi_arch[distro_arch])
+        rootfs_path = rootfs_dir.get('ROOTFS_DIR')
+        bootloader =
"{rootfs_path}/usr/share/efibootguard/efibootguard{efiarch}.efi".format(

+            rootfs_path=rootfs_path,
+            efiarch=distro_to_efi_arch[distro_arch])
          part_rootfs_dir = "%s/disk/%s.%s" % (cr_workdir,
                                               part.label,
                                               part.lineno)
Makes sense in first sight - but why did it work so far? Or did I miss
to test one of the two cases (signed/unsigned)? Did you test both?

Jan
I am still try to find the reason why it work in isar-cip-core. The
error occured in a downstream project.
In isar-cip-core the error never occured as we install `efibootguard`
as a dependency for wic[1].

efibootguard-boot uses the same logic[2] to access the kernel stub.


We should decide which is the correct way. I would prefer that we take
both stubs from the buildchroot.
Yes, the preferred source for bootloader artifacts should be the
buildchroot and NOT that target image. We are currently installing more
on the target as practically needed. If that should ever change, things
shouldn't break here at plugin level.
Jan

[1]:
https://gitlab.com/cip-project/cip-core/isar-cip-core/-/blob/master/kas/opt/efibootguard.yml#L24

[2]:
https://gitlab.com/cip-project/cip-core/isar-cip-core/-/blob/master/scripts/lib/wic/plugins/source/efibootguard-boot.py#L190

Quirin

Should we move or reuse the files from salsa[3]? There the binaries are part of the dev package[4].

[3]: https://salsa.debian.org/debian/efibootguard/
[4]: https://salsa.debian.org/debian/efibootguard/-/blob/master/debian/libebgenv-dev.install

Quirin


Jan Kiszka
 

On 24.05.22 18:03, Gylstorff Quirin wrote:


On 5/24/22 17:50, Jan Kiszka wrote:
On 24.05.22 17:38, Gylstorff Quirin wrote:


On 5/24/22 17:23, Quirin Gylstorff via lists.cip-project.org wrote:


On 5/24/22 17:07, Jan Kiszka wrote:
On 24.05.22 16:57, Quirin Gylstorff wrote:
From: Quirin Gylstorff <quirin.gylstorff@...>

This fixes the build error:
```
ERROR: _exec_cmd: cp /usr/share/efibootguard/efibootguardx64.efi
/tmp/tmp.1Y4utA1zC2/sentron-product-sentron-sentron.wic/tmp.wic.ampnawp6/bootx64.efi

returned '1' instead of 0
output: cp: cannot stat
'/usr/share/efibootguard/efibootguardx64.efi': No such file or
directory
```

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
---
   scripts/lib/wic/plugins/source/efibootguard-efi.py | 6 ++++--
   1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/scripts/lib/wic/plugins/source/efibootguard-efi.py
b/scripts/lib/wic/plugins/source/efibootguard-efi.py
index e1411cb..a01e484 100644
--- a/scripts/lib/wic/plugins/source/efibootguard-efi.py
+++ b/scripts/lib/wic/plugins/source/efibootguard-efi.py
@@ -59,8 +59,10 @@ class EfibootguardEFIPlugin(SourcePlugin):
           }
           distro_arch = get_bitbake_var("DISTRO_ARCH")
-        bootloader =
"/usr/share/efibootguard/efibootguard{}.efi".format(
-            distro_to_efi_arch[distro_arch])
+        rootfs_path = rootfs_dir.get('ROOTFS_DIR')
+        bootloader =
"{rootfs_path}/usr/share/efibootguard/efibootguard{efiarch}.efi".format(


+            rootfs_path=rootfs_path,
+            efiarch=distro_to_efi_arch[distro_arch])
           part_rootfs_dir = "%s/disk/%s.%s" % (cr_workdir,
                                                part.label,
                                                part.lineno)
Makes sense in first sight - but why did it work so far? Or did I miss
to test one of the two cases (signed/unsigned)? Did you test both?

Jan
I am still try to find the reason why it work in isar-cip-core. The
error occured in a downstream project.
In isar-cip-core the error never occured as we install `efibootguard`
as a dependency for wic[1].

efibootguard-boot uses the same logic[2] to access the kernel stub.


We should decide which is the correct way. I would prefer that we take
both stubs from the buildchroot.
Yes, the preferred source for bootloader artifacts should be the
buildchroot and NOT that target image. We are currently installing more
on the target as practically needed. If that should ever change, things
shouldn't break here at plugin level.

Jan

[1]:
https://gitlab.com/cip-project/cip-core/isar-cip-core/-/blob/master/kas/opt/efibootguard.yml#L24


[2]:
https://gitlab.com/cip-project/cip-core/isar-cip-core/-/blob/master/scripts/lib/wic/plugins/source/efibootguard-boot.py#L190


Quirin

Should we move or reuse the files from salsa[3]? There the binaries are
part of the dev package[4].
I don't think sticking the bootloader into the dev package is correct or
in line with other bootloaders (grub-dev? system-dev?). The main ebg
package should contain the bootloader, and if we want to split the tools
from it, that should go into a separate package.

Jan

--
Siemens AG, Technology
Competence Center Embedded Linux