1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2025-01-08 21:17:47 +03:00

meson: Default to sbat-distro=auto

Any recent shim will refuse starting an image that does not have an sbat section
and will do so with a generic "Security Violation" message. And it is very easy
to forget passing -Dsbat-distro=auto to meson when creating a fresh build dir.

Adding sbat info when shim is not used or secure boot is disabled does not hurt
anyone, so default to auto. This still ensures to not add auto-detected info in
case we are cross building.
This commit is contained in:
Jan Janssen 2021-11-26 14:00:02 +01:00
parent 64a05587ce
commit 252b6b1bfd
2 changed files with 5 additions and 3 deletions

View File

@ -417,7 +417,7 @@ option('efi-libdir', type : 'string',
description : 'path to the EFI lib directory')
option('efi-includedir', type : 'string', value : '/usr/include/efi',
description : 'path to the EFI header directory')
option('sbat-distro', type : 'string',
option('sbat-distro', type : 'string', value : 'auto',
description : 'SBAT distribution ID, e.g. fedora, or auto for autodetection')
option('sbat-distro-generation', type : 'integer', value : 1,
description : 'SBAT distribution generation')

View File

@ -162,7 +162,9 @@ foreach ctype : ['color-normal', 'color-entry', 'color-highlight', 'color-edit']
'EFI_' + c[1].strip().underscorify().to_upper()))
endforeach
if get_option('sbat-distro') != ''
if meson.is_cross_build() and get_option('sbat-distro') == 'auto'
warning('Auto detection of SBAT information not supported when cross-building, disabling SBAT.')
elif get_option('sbat-distro') != ''
efi_conf.set_quoted('SBAT_PROJECT', meson.project_name())
efi_conf.set_quoted('PROJECT_VERSION', meson.project_version())
efi_conf.set('PROJECT_URL', conf.get('PROJECT_URL'))
@ -174,7 +176,7 @@ if get_option('sbat-distro') != ''
['sbat-distro-summary', 'NAME'],
['sbat-distro-url', 'BUG_REPORT_URL']]
value = get_option(sbatvar[0])
if (value == '' and not meson.is_cross_build()) or value == 'auto'
if (value == '' or value == 'auto') and not meson.is_cross_build()
cmd = 'if [ -e /etc/os-release ]; then . /etc/os-release; else . /usr/lib/os-release; fi; echo $@0@'.format(sbatvar[1])
value = run_command(sh, '-c', cmd).stdout().strip()
message('@0@ (from @1@): @2@'.format(sbatvar[0], sbatvar[1], value))