Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add make-boot-image service #11

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

roliver-rpi
Copy link
Contributor

No description provided.

@roliver-rpi
Copy link
Contributor Author

Hi @XECDesign , would it be possible to get some feedback on this packaging approach? This service aims to create replacement images for linux-image--2712 packages that include the kernel directly into a signed ramdisk. I suspect I'll probably need a replacement linux-image-rpi-2712 meta-package too?

@XECDesign
Copy link

Sorry, afraid I can't be of much help here.

Copy link
Collaborator

@tdewey-rpi tdewey-rpi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues with the approach, but your point on systemd service restarting is taken.

We do, however, need it to support 2711 first - as CM4 is a commercially available platform, and there are no 2712 platforms where we actively support secure boot at this time.

make-boot-image/README.md Outdated Show resolved Hide resolved
Signed-off-by: Richard Oliver <[email protected]>
@roliver-rpi
Copy link
Contributor Author

Updated documentation, validator.py, inserted preinst script to remove /boot/firmware/config.txt

This will have to be parked for-now as the cryptroot initramfs is unable to insmod the compressed .ko.xz modules. We can revisit this once the cryptroot image has been updated.


A display name and email address in RFC 5322 mailbox format of the individual /
team responsible for creating your boot-image packages. e.g.
`Packaging Team <[email protected]>'
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Inconsistent formatting - maybe get this through a asciidoc preview tool?

@@ -1,5 +1,6 @@
## Format of return will be [Happy: bool, error: str]
from os import path
from email.utils import parseaddr, formataddr
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this a core dep, or does it require an additional package?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's part of the Python standard library. It's provided by libpython3-stdlib in Debian, but this is a hard-dep of the python3 package. Even if we were to use python3-minimal, we would still get email.utils as part of libpython3.11-minimal

> [!CAUTION]
> Support only exists for v8 kernels at this time.

## Configuration
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this need to be expanded to include the vendor fields?

rpi-package-download@"$(systemd-escape "${1}")".service
}

KERNEL_2711="linux-image-${LINUX_IMAGE}"
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Apologies for the run-around, but I would prefer this was named 'kernel_v8' or similar. Not a blocker.

@tdewey-rpi
Copy link
Collaborator

@roliver-rpi Is this ready to review in earnest?

@roliver-rpi
Copy link
Contributor Author

@roliver-rpi Is this ready to review in earnest?

No, the current cryptroot initramfs is unable to insmod the compressed .ko.xz modules that we take from the linux-image package. This should be parked until we update the cryptroot initramfs.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants