shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2025-03-19 22:50:17 +03:00
Code

ukify: print debug/progress messages to stderr and pass through --json to systemd-measure (#36081)

Browse Source
This commit is contained in:
Luca Boccassi 2025-01-20 21:34:59 +00:00 committed by GitHub
commit f6a04dc149
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 28 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.github/workflows/linter.yml vendored
View File

@ -57,4 +57,8 @@ jobs:
- name: Run ruff format
run: |
ruff --version
ruff format --check src/boot/generate-hwids-section.py src/test/generate-sym-test.py src/ukify/ukify.py test/integration-test-wrapper.py
if ! ruff format --check src/boot/generate-hwids-section.py src/test/generate-sym-test.py src/ukify/ukify.py test/integration-test-wrapper.py
then
echo "Please run 'ruff format' on the above files or apply the diffs below manually"
ruff format --check --quiet --diff src/boot/generate-hwids-section.py src/test/generate-sym-test.py src/ukify/ukify.py test/integration-test-wrapper.py
fi

41
src/ukify/ukify.py
View File

@ -324,7 +324,7 @@ class Uname:
filename,
]
print('+', shell_join(cmd))
print('+', shell_join(cmd), file=sys.stderr)
try:
notes = subprocess.check_output(cmd, stderr=subprocess.PIPE, text=True)
except subprocess.CalledProcessError as e:
@ -355,7 +355,7 @@ class Uname:
for func in (cls.scrape_x86, cls.scrape_elf, cls.scrape_generic):
try:
version = func(filename, opts=opts)
print(f'Found uname version: {version}')
print(f'Found uname version: {version}', file=sys.stderr)
return version
except ValueError as e:
print(str(e))
@ -496,7 +496,7 @@ class PeSign(SignTool):
'-o', output_f,
] # fmt: skip
print('+', shell_join(cmd))
print('+', shell_join(cmd), file=sys.stderr)
subprocess.check_call(cmd)
@staticmethod
@ -506,7 +506,7 @@ class PeSign(SignTool):
tool = find_tool('pesign', opts=opts)
cmd = [tool, '-i', opts.linux, '-S']
print('+', shell_join(cmd))
print('+', shell_join(cmd), file=sys.stderr)
info = subprocess.check_output(cmd, text=True)
return 'No signatures found.' in info
@ -528,7 +528,7 @@ class SbSign(SignTool):
'--output', output_f,
] # fmt: skip
print('+', shell_join(cmd))
print('+', shell_join(cmd), file=sys.stderr)
subprocess.check_call(cmd)
@staticmethod
@ -538,7 +538,7 @@ class SbSign(SignTool):
tool = find_tool('sbverify', opts=opts)
cmd = [tool, '--list', opts.linux]
print('+', shell_join(cmd))
print('+', shell_join(cmd), file=sys.stderr)
info = subprocess.check_output(cmd, text=True)
return 'No signature table present' in info
@ -580,7 +580,7 @@ class SystemdSbSign(SignTool):
'--output', output_f,
] # fmt: skip
print('+', shell_join(cmd))
print('+', shell_join(cmd), file=sys.stderr)
subprocess.check_call(cmd)
@staticmethod
@ -627,7 +627,7 @@ def check_splash(filename: Optional[Path]) -> None:
return
img = Image.open(filename, formats=['BMP'])
print(f'Splash image {filename} is {img.width}×{img.height} pixels')
print(f'Splash image {filename} is {img.width}×{img.height} pixels', file=sys.stderr)
def check_inputs(opts: UkifyConfig) -> None:
@ -763,6 +763,8 @@ def call_systemd_measure(uki: UKI, opts: UkifyConfig, profile_start: int = 0) ->
cmd = [
measure_tool,
'calculate',
'--json',
opts.json,
*(f'--{s.name.removeprefix(".")}={s.content}' for s in to_measure.values()),
*(f'--bank={bank}' for bank in banks),
# For measurement, the keys are not relevant, so we can lump all the phase paths
@ -770,7 +772,7 @@ def call_systemd_measure(uki: UKI, opts: UkifyConfig, profile_start: int = 0) ->
*(f'--phase={phase_path}' for phase_path in itertools.chain.from_iterable(pp_groups)),
]
print('+', shell_join(cmd))
print('+', shell_join(cmd), file=sys.stderr)
subprocess.check_call(cmd)
# PCR signing
@ -808,7 +810,7 @@ def call_systemd_measure(uki: UKI, opts: UkifyConfig, profile_start: int = 0) ->
extra += [f'--phase={phase_path}' for phase_path in group or ()]
print('+', shell_join(cmd + extra)) # type: ignore
print('+', shell_join(cmd + extra), file=sys.stderr) # type: ignore
pcrsig = subprocess.check_output(cmd + extra, text=True) # type: ignore
pcrsig = json.loads(pcrsig)
pcrsigs += [pcrsig]
@ -1145,7 +1147,7 @@ def make_uki(opts: UkifyConfig) -> None:
signtool.sign(os.fspath(opts.linux), os.fspath(linux), opts=opts)
if opts.uname is None and opts.linux is not None:
print('Kernel version not specified, starting autodetection 😖.')
print('Kernel version not specified, starting autodetection 😖.', file=sys.stderr)
opts.uname = Uname.scrape(opts.linux, opts=opts)
uki = UKI(opts.stub)
@ -1163,7 +1165,7 @@ def make_uki(opts: UkifyConfig) -> None:
if opts.certificate_provider:
cmd += ['--certificate-source', f'provider:{opts.certificate_provider}']
print('+', shell_join(cmd))
print('+', shell_join(cmd), file=sys.stderr)
pcrpkey = subprocess.check_output(cmd)
else:
pcrpkey = Path(opts.pcr_public_keys[0])
@ -1175,7 +1177,7 @@ def make_uki(opts: UkifyConfig) -> None:
if opts.signing_provider:
cmd += ['--private-key-source', f'provider:{opts.signing_provider}']
print('+', shell_join(cmd))
print('+', shell_join(cmd), file=sys.stderr)
pcrpkey = subprocess.check_output(cmd)
hwids = None
@ -1282,7 +1284,10 @@ def make_uki(opts: UkifyConfig) -> None:
if n not in to_import:
continue
print(f"Copying section '{n}' from '{profile}': {pesection.Misc_VirtualSize} bytes")
print(
f"Copying section '{n}' from '{profile}': {pesection.Misc_VirtualSize} bytes",
file=sys.stderr,
)
uki.add_section(
Section.create(n, pesection.get_data(length=pesection.Misc_VirtualSize), measure=True)
)
@ -1311,7 +1316,7 @@ def make_uki(opts: UkifyConfig) -> None:
os.umask(umask := os.umask(0))
os.chmod(opts.output, 0o777 & ~umask)
print(f'Wrote {"signed" if sign_args_present else "unsigned"} {opts.output}')
print(f'Wrote {"signed" if sign_args_present else "unsigned"} {opts.output}', file=sys.stderr)
@contextlib.contextmanager
@ -1963,14 +1968,14 @@ def apply_config(namespace: argparse.Namespace, filename: Union[str, Path, None]
if namespace.config:
# Config set by the user, use that.
filename = namespace.config
print(f'Using config file: {filename}')
print(f'Using config file: {filename}', file=sys.stderr)
else:
# Try to look for a config file then use the first one found.
for config_dir in DEFAULT_CONFIG_DIRS:
filename = Path(config_dir) / DEFAULT_CONFIG_FILE
if filename.is_file():
# Found a config file, use it.
print(f'Using found config file: {filename}')
print(f'Using found config file: {filename}', file=sys.stderr)
break
else:
# No config file specified or found, nothing to do.
@ -2094,7 +2099,7 @@ def finalize_options(opts: argparse.Namespace) -> None:
elif opts.linux or opts.initrd:
raise ValueError('--linux=/--initrd= options cannot be used with positional arguments')
else:
print("Assuming obsolete command line syntax with no verb. Please use 'build'.")
print("Assuming obsolete command line syntax with no verb. Please use 'build'.", file=sys.stderr)
if opts.positional:
opts.linux = Path(opts.positional[0])
# If we have initrds from parsing config files, append our positional args at the end