shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2025-01-11 09:18:07 +03:00
Code

ukify: bring order of EFI sections in man + --help into same order as spec

Browse Source 
Previously, the order was quite chaotic, even sometimes interleaved with
entirely unrelated switches. Let's clean this up and use the same order
as in the spec.

This doesn't change anything real, but I think it's a worthy clean-up in
particular as this order is documented as the PCR measurement order of
these sections, hence there's actually a bit of relevance to always
communicate the same order everywhere.
This commit is contained in:
Lennart Poettering 2024-07-03 16:21:34 +02:00
parent 38faff48e5
commit 89ed34459e
2 changed files with 99 additions and 96 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

104
man/ukify.xml
View File

@ -292,6 +292,29 @@
<xi:include href="version-info.xml" xpointer="v254"/></listitem>
</varlistentry>
<varlistentry>
<term><varname>OSRelease=<replaceable>TEXT</replaceable>|<replaceable>@PATH</replaceable></varname></term>
<term><option>--os-release=<replaceable>TEXT</replaceable>|<replaceable>@PATH</replaceable></option></term>
<listitem><para>The os-release description (the <literal>.osrel</literal> section). The argument
may be a literal string, or <literal>@</literal> followed by a path name. If not specified, the
<citerefentry><refentrytitle>os-release</refentrytitle><manvolnum>5</manvolnum></citerefentry> file
will be picked up from the host system.</para>
<xi:include href="version-info.xml" xpointer="v253"/></listitem>
</varlistentry>
<varlistentry>
<term><varname>Cmdline=<replaceable>TEXT</replaceable>|<replaceable>@PATH</replaceable></varname></term>
<term><option>--cmdline=<replaceable>TEXT</replaceable>|<replaceable>@PATH</replaceable></option></term>
<listitem><para>The kernel command line (the <literal>.cmdline</literal> section). The argument may
be a literal string, or <literal>@</literal> followed by a path name. If not specified, no command
line will be embedded.</para>
<xi:include href="version-info.xml" xpointer="v253"/></listitem>
</varlistentry>
<varlistentry>
<term><varname>Initrd=<replaceable>INITRD</replaceable>...</varname></term>
<term><option>--initrd=<replaceable>LINUX</replaceable></option></term>
@ -314,24 +337,12 @@
</varlistentry>
<varlistentry>
<term><varname>Cmdline=<replaceable>TEXT</replaceable>|<replaceable>@PATH</replaceable></varname></term>
<term><option>--cmdline=<replaceable>TEXT</replaceable>|<replaceable>@PATH</replaceable></option></term>
<term><varname>Splash=<replaceable>PATH</replaceable></varname></term>
<term><option>--splash=<replaceable>PATH</replaceable></option></term>
<listitem><para>The kernel command line (the <literal>.cmdline</literal> section). The argument may
be a literal string, or <literal>@</literal> followed by a path name. If not specified, no command
line will be embedded.</para>
<xi:include href="version-info.xml" xpointer="v253"/></listitem>
</varlistentry>
<varlistentry>
<term><varname>OSRelease=<replaceable>TEXT</replaceable>|<replaceable>@PATH</replaceable></varname></term>
<term><option>--os-release=<replaceable>TEXT</replaceable>|<replaceable>@PATH</replaceable></option></term>
<listitem><para>The os-release description (the <literal>.osrel</literal> section). The argument
may be a literal string, or <literal>@</literal> followed by a path name. If not specified, the
<citerefentry><refentrytitle>os-release</refentrytitle><manvolnum>5</manvolnum></citerefentry> file
will be picked up from the host system.</para>
<listitem><para>A picture to display during boot (the <literal>.splash</literal> section). The
argument is a path to a BMP file. If not specified, the section will not be present.
</para>
<xi:include href="version-info.xml" xpointer="v253"/></listitem>
</varlistentry>
@ -348,16 +359,35 @@
</varlistentry>
<varlistentry>
<term><varname>Splash=<replaceable>PATH</replaceable></varname></term>
<term><option>--splash=<replaceable>PATH</replaceable></option></term>
<term><varname>Uname=<replaceable>VERSION</replaceable></varname></term>
<term><option>--uname=<replaceable>VERSION</replaceable></option></term>
<listitem><para>A picture to display during boot (the <literal>.splash</literal> section). The
argument is a path to a BMP file. If not specified, the section will not be present.
</para>
<listitem><para>Specify the kernel version (as in <command>uname -r</command>, the
<literal>.uname</literal> section). If not specified, an attempt will be made to extract the
version string from the kernel image. It is recommended to pass this explicitly if known, because
the extraction is based on heuristics and not very reliable. If not specified and extraction fails,
the section will not be present.</para>
<xi:include href="version-info.xml" xpointer="v253"/></listitem>
</varlistentry>
<varlistentry>
<term><varname>SBAT=<replaceable>TEXT</replaceable>|<replaceable>@PATH</replaceable></varname></term>
<term><option>--sbat=<replaceable>TEXT</replaceable>|<replaceable>@PATH</replaceable></option></term>
<listitem><para>SBAT metadata associated with the UKI or addon. SBAT policies are useful to revoke
whole groups of UKIs or addons with a single, static policy update that does not take space in
DBX/MOKX. If not specified manually, a default metadata entry consisting of
<literal>uki,1,UKI,uki,1,https://uapi-group.org/specifications/specs/unified_kernel_image/</literal>
for UKIs and
<literal>uki-addon,1,UKI Addon,addon,1,https://www.freedesktop.org/software/systemd/man/latest/systemd-stub.html</literal>
for addons will be used, to ensure it is always possible to revoke them. For more information on
SBAT see <ulink url="https://github.com/rhboot/shim/blob/main/SBAT.md">Shim documentation</ulink>.
</para>
<xi:include href="version-info.xml" xpointer="v254"/></listitem>
</varlistentry>
<varlistentry>
<term><varname>PCRPKey=<replaceable>PATH</replaceable></varname></term>
<term><option>--pcrpkey=<replaceable>PATH</replaceable></option></term>
@ -370,19 +400,6 @@
<xi:include href="version-info.xml" xpointer="v253"/></listitem>
</varlistentry>
<varlistentry>
<term><varname>Uname=<replaceable>VERSION</replaceable></varname></term>
<term><option>--uname=<replaceable>VERSION</replaceable></option></term>
<listitem><para>Specify the kernel version (as in <command>uname -r</command>, the
<literal>.uname</literal> section). If not specified, an attempt will be made to extract the
version string from the kernel image. It is recommended to pass this explicitly if known, because
the extraction is based on heuristics and not very reliable. If not specified and extraction fails,
the section will not be present.</para>
<xi:include href="version-info.xml" xpointer="v253"/></listitem>
</varlistentry>
<varlistentry>
<term><varname>PCRBanks=<replaceable>PATH</replaceable></varname></term>
<term><option>--pcr-banks=<replaceable>PATH</replaceable></option></term>
@ -488,23 +505,6 @@
<xi:include href="version-info.xml" xpointer="v253"/></listitem>
</varlistentry>
<varlistentry>
<term><varname>SBAT=<replaceable>TEXT</replaceable>|<replaceable>@PATH</replaceable></varname></term>
<term><option>--sbat=<replaceable>TEXT</replaceable>|<replaceable>@PATH</replaceable></option></term>
<listitem><para>SBAT metadata associated with the UKI or addon. SBAT policies are useful to revoke
whole groups of UKIs or addons with a single, static policy update that does not take space in
DBX/MOKX. If not specified manually, a default metadata entry consisting of
<literal>uki,1,UKI,uki,1,https://uapi-group.org/specifications/specs/unified_kernel_image/</literal>
for UKIs and
<literal>uki-addon,1,UKI Addon,addon,1,https://www.freedesktop.org/software/systemd/man/latest/systemd-stub.html</literal>
for addons will be used, to ensure it is always possible to revoke them. For more information on
SBAT see <ulink url="https://github.com/rhboot/shim/blob/main/SBAT.md">Shim documentation</ulink>.
</para>
<xi:include href="version-info.xml" xpointer="v254"/></listitem>
</varlistentry>
</variablelist>
</refsect2>

91
src/ukify/ukify.py
View File

@ -1264,6 +1264,13 @@ CONFIG_ITEMS = [
action = 'store_true',
),
ConfigItem(
('--config', '-c'),
metavar = 'PATH',
type = pathlib.Path,
help = 'configuration file',
),
ConfigItem(
'--linux',
type = pathlib.Path,
@ -1271,6 +1278,20 @@ CONFIG_ITEMS = [
config_key = 'UKI/Linux',
),
ConfigItem(
'--os-release',
metavar = 'TEXT|@PATH',
help = 'path to os-release file [.osrel section]',
config_key = 'UKI/OSRelease',
),
ConfigItem(
'--cmdline',
metavar = 'TEXT|@PATH',
help = 'kernel command line [.cmdline section]',
config_key = 'UKI/Cmdline',
),
ConfigItem(
'--initrd',
metavar = 'INITRD',
@ -1290,24 +1311,11 @@ CONFIG_ITEMS = [
),
ConfigItem(
('--config', '-c'),
metavar = 'PATH',
'--splash',
metavar = 'BMP',
type = pathlib.Path,
help = 'configuration file',
),
ConfigItem(
'--cmdline',
metavar = 'TEXT|@PATH',
help = 'kernel command line [.cmdline section]',
config_key = 'UKI/Cmdline',
),
ConfigItem(
'--os-release',
metavar = 'TEXT|@PATH',
help = 'path to os-release file [.osrel section]',
config_key = 'UKI/OSRelease',
help = 'splash image bitmap file [.splash section]',
config_key = 'UKI/Splash',
),
ConfigItem(
@ -1317,13 +1325,23 @@ CONFIG_ITEMS = [
help = 'Device Tree file [.dtb section]',
config_key = 'UKI/DeviceTree',
),
ConfigItem(
'--splash',
metavar = 'BMP',
type = pathlib.Path,
help = 'splash image bitmap file [.splash section]',
config_key = 'UKI/Splash',
'--uname',
metavar='VERSION',
help='"uname -r" information [.uname section]',
config_key = 'UKI/Uname',
),
ConfigItem(
'--sbat',
metavar = 'TEXT|@PATH',
help = 'SBAT policy [.sbat section]',
default = [],
action = 'append',
config_key = 'UKI/SBAT',
),
ConfigItem(
'--pcrpkey',
metavar = 'KEY',
@ -1331,11 +1349,14 @@ CONFIG_ITEMS = [
help = 'embedded public key to seal secrets to [.pcrpkey section]',
config_key = 'UKI/PCRPKey',
),
ConfigItem(
'--uname',
metavar='VERSION',
help='"uname -r" information [.uname section]',
config_key = 'UKI/Uname',
'--section',
dest = 'sections',
metavar = 'NAME:TEXT|@PATH',
action = 'append',
default = [],
help = 'section as name and contents [NAME section] or section to print',
),
ConfigItem(
@ -1353,24 +1374,6 @@ CONFIG_ITEMS = [
config_key = 'UKI/Stub',
),
ConfigItem(
'--sbat',
metavar = 'TEXT|@PATH',
help = 'SBAT policy [.sbat section]',
default = [],
action = 'append',
config_key = 'UKI/SBAT',
),
ConfigItem(
'--section',
dest = 'sections',
metavar = 'NAME:TEXT|@PATH',
action = 'append',
default = [],
help = 'section as name and contents [NAME section] or section to print',
),
ConfigItem(
'--pcr-banks',
metavar = 'BANK…',