diff options
| author | Lennart Poettering <lennart@poettering.net> | 2024-07-03 16:21:34 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2024-07-03 16:21:34 +0200 |
| commit | 89ed34459eb67066f13e4133532b5adb2828c93b (patch) | |
| tree | 5b5b5c57d056d502ff5084dd41df040570b82b09 | |
| parent | boot: don't set OsIndications field if already set correctly (diff) | |
| download | systemd-89ed34459eb67066f13e4133532b5adb2828c93b.tar.xz systemd-89ed34459eb67066f13e4133532b5adb2828c93b.zip | |
ukify: bring order of EFI sections in man + --help into same order as spec
Previously, the order was quite chaotic, even sometimes interleaved with
entirely unrelated switches. Let's clean this up and use the same order
as in the spec.
This doesn't change anything real, but I think it's a worthy clean-up in
particular as this order is documented as the PCR measurement order of
these sections, hence there's actually a bit of relevance to always
communicate the same order everywhere.
| -rw-r--r-- | man/ukify.xml | 102 | ||||
| -rwxr-xr-x | src/ukify/ukify.py | 91 |
2 files changed, 98 insertions, 95 deletions
diff --git a/man/ukify.xml b/man/ukify.xml index bf6f328536..68c72b0ba1 100644 --- a/man/ukify.xml +++ b/man/ukify.xml @@ -293,6 +293,29 @@ </varlistentry> <varlistentry> + <term><varname>OSRelease=<replaceable>TEXT</replaceable>|<replaceable>@PATH</replaceable></varname></term> + <term><option>--os-release=<replaceable>TEXT</replaceable>|<replaceable>@PATH</replaceable></option></term> + + <listitem><para>The os-release description (the <literal>.osrel</literal> section). The argument + may be a literal string, or <literal>@</literal> followed by a path name. If not specified, the + <citerefentry><refentrytitle>os-release</refentrytitle><manvolnum>5</manvolnum></citerefentry> file + will be picked up from the host system.</para> + + <xi:include href="version-info.xml" xpointer="v253"/></listitem> + </varlistentry> + + <varlistentry> + <term><varname>Cmdline=<replaceable>TEXT</replaceable>|<replaceable>@PATH</replaceable></varname></term> + <term><option>--cmdline=<replaceable>TEXT</replaceable>|<replaceable>@PATH</replaceable></option></term> + + <listitem><para>The kernel command line (the <literal>.cmdline</literal> section). The argument may + be a literal string, or <literal>@</literal> followed by a path name. If not specified, no command + line will be embedded.</para> + + <xi:include href="version-info.xml" xpointer="v253"/></listitem> + </varlistentry> + + <varlistentry> <term><varname>Initrd=<replaceable>INITRD</replaceable>...</varname></term> <term><option>--initrd=<replaceable>LINUX</replaceable></option></term> @@ -314,48 +337,55 @@ </varlistentry> <varlistentry> - <term><varname>Cmdline=<replaceable>TEXT</replaceable>|<replaceable>@PATH</replaceable></varname></term> - <term><option>--cmdline=<replaceable>TEXT</replaceable>|<replaceable>@PATH</replaceable></option></term> + <term><varname>Splash=<replaceable>PATH</replaceable></varname></term> + <term><option>--splash=<replaceable>PATH</replaceable></option></term> - <listitem><para>The kernel command line (the <literal>.cmdline</literal> section). The argument may - be a literal string, or <literal>@</literal> followed by a path name. If not specified, no command - line will be embedded.</para> + <listitem><para>A picture to display during boot (the <literal>.splash</literal> section). The + argument is a path to a BMP file. If not specified, the section will not be present. + </para> <xi:include href="version-info.xml" xpointer="v253"/></listitem> </varlistentry> <varlistentry> - <term><varname>OSRelease=<replaceable>TEXT</replaceable>|<replaceable>@PATH</replaceable></varname></term> - <term><option>--os-release=<replaceable>TEXT</replaceable>|<replaceable>@PATH</replaceable></option></term> + <term><varname>DeviceTree=<replaceable>PATH</replaceable></varname></term> + <term><option>--devicetree=<replaceable>PATH</replaceable></option></term> - <listitem><para>The os-release description (the <literal>.osrel</literal> section). The argument - may be a literal string, or <literal>@</literal> followed by a path name. If not specified, the - <citerefentry><refentrytitle>os-release</refentrytitle><manvolnum>5</manvolnum></citerefentry> file - will be picked up from the host system.</para> + <listitem><para>The devicetree description (the <literal>.dtb</literal> section). The argument is a + path to a compiled binary DeviceTree file. If not specified, the section will not be present. + </para> <xi:include href="version-info.xml" xpointer="v253"/></listitem> </varlistentry> <varlistentry> - <term><varname>DeviceTree=<replaceable>PATH</replaceable></varname></term> - <term><option>--devicetree=<replaceable>PATH</replaceable></option></term> + <term><varname>Uname=<replaceable>VERSION</replaceable></varname></term> + <term><option>--uname=<replaceable>VERSION</replaceable></option></term> - <listitem><para>The devicetree description (the <literal>.dtb</literal> section). The argument is a - path to a compiled binary DeviceTree file. If not specified, the section will not be present. - </para> + <listitem><para>Specify the kernel version (as in <command>uname -r</command>, the + <literal>.uname</literal> section). If not specified, an attempt will be made to extract the + version string from the kernel image. It is recommended to pass this explicitly if known, because + the extraction is based on heuristics and not very reliable. If not specified and extraction fails, + the section will not be present.</para> <xi:include href="version-info.xml" xpointer="v253"/></listitem> </varlistentry> <varlistentry> - <term><varname>Splash=<replaceable>PATH</replaceable></varname></term> - <term><option>--splash=<replaceable>PATH</replaceable></option></term> + <term><varname>SBAT=<replaceable>TEXT</replaceable>|<replaceable>@PATH</replaceable></varname></term> + <term><option>--sbat=<replaceable>TEXT</replaceable>|<replaceable>@PATH</replaceable></option></term> - <listitem><para>A picture to display during boot (the <literal>.splash</literal> section). The - argument is a path to a BMP file. If not specified, the section will not be present. + <listitem><para>SBAT metadata associated with the UKI or addon. SBAT policies are useful to revoke + whole groups of UKIs or addons with a single, static policy update that does not take space in + DBX/MOKX. If not specified manually, a default metadata entry consisting of + <literal>uki,1,UKI,uki,1,https://uapi-group.org/specifications/specs/unified_kernel_image/</literal> + for UKIs and + <literal>uki-addon,1,UKI Addon,addon,1,https://www.freedesktop.org/software/systemd/man/latest/systemd-stub.html</literal> + for addons will be used, to ensure it is always possible to revoke them. For more information on + SBAT see <ulink url="https://github.com/rhboot/shim/blob/main/SBAT.md">Shim documentation</ulink>. </para> - <xi:include href="version-info.xml" xpointer="v253"/></listitem> + <xi:include href="version-info.xml" xpointer="v254"/></listitem> </varlistentry> <varlistentry> @@ -371,19 +401,6 @@ </varlistentry> <varlistentry> - <term><varname>Uname=<replaceable>VERSION</replaceable></varname></term> - <term><option>--uname=<replaceable>VERSION</replaceable></option></term> - - <listitem><para>Specify the kernel version (as in <command>uname -r</command>, the - <literal>.uname</literal> section). If not specified, an attempt will be made to extract the - version string from the kernel image. It is recommended to pass this explicitly if known, because - the extraction is based on heuristics and not very reliable. If not specified and extraction fails, - the section will not be present.</para> - - <xi:include href="version-info.xml" xpointer="v253"/></listitem> - </varlistentry> - - <varlistentry> <term><varname>PCRBanks=<replaceable>PATH</replaceable></varname></term> <term><option>--pcr-banks=<replaceable>PATH</replaceable></option></term> @@ -488,23 +505,6 @@ <xi:include href="version-info.xml" xpointer="v253"/></listitem> </varlistentry> - - <varlistentry> - <term><varname>SBAT=<replaceable>TEXT</replaceable>|<replaceable>@PATH</replaceable></varname></term> - <term><option>--sbat=<replaceable>TEXT</replaceable>|<replaceable>@PATH</replaceable></option></term> - - <listitem><para>SBAT metadata associated with the UKI or addon. SBAT policies are useful to revoke - whole groups of UKIs or addons with a single, static policy update that does not take space in - DBX/MOKX. If not specified manually, a default metadata entry consisting of - <literal>uki,1,UKI,uki,1,https://uapi-group.org/specifications/specs/unified_kernel_image/</literal> - for UKIs and - <literal>uki-addon,1,UKI Addon,addon,1,https://www.freedesktop.org/software/systemd/man/latest/systemd-stub.html</literal> - for addons will be used, to ensure it is always possible to revoke them. For more information on - SBAT see <ulink url="https://github.com/rhboot/shim/blob/main/SBAT.md">Shim documentation</ulink>. - </para> - - <xi:include href="version-info.xml" xpointer="v254"/></listitem> - </varlistentry> </variablelist> </refsect2> diff --git a/src/ukify/ukify.py b/src/ukify/ukify.py index 76437f25e5..5a36ce06ee 100755 --- a/src/ukify/ukify.py +++ b/src/ukify/ukify.py @@ -1265,6 +1265,13 @@ CONFIG_ITEMS = [ ), ConfigItem( + ('--config', '-c'), + metavar = 'PATH', + type = pathlib.Path, + help = 'configuration file', + ), + + ConfigItem( '--linux', type = pathlib.Path, help = 'vmlinuz file [.linux section]', @@ -1272,6 +1279,20 @@ CONFIG_ITEMS = [ ), ConfigItem( + '--os-release', + metavar = 'TEXT|@PATH', + help = 'path to os-release file [.osrel section]', + config_key = 'UKI/OSRelease', + ), + + ConfigItem( + '--cmdline', + metavar = 'TEXT|@PATH', + help = 'kernel command line [.cmdline section]', + config_key = 'UKI/Cmdline', + ), + + ConfigItem( '--initrd', metavar = 'INITRD', type = pathlib.Path, @@ -1290,24 +1311,11 @@ CONFIG_ITEMS = [ ), ConfigItem( - ('--config', '-c'), - metavar = 'PATH', + '--splash', + metavar = 'BMP', type = pathlib.Path, - help = 'configuration file', - ), - - ConfigItem( - '--cmdline', - metavar = 'TEXT|@PATH', - help = 'kernel command line [.cmdline section]', - config_key = 'UKI/Cmdline', - ), - - ConfigItem( - '--os-release', - metavar = 'TEXT|@PATH', - help = 'path to os-release file [.osrel section]', - config_key = 'UKI/OSRelease', + help = 'splash image bitmap file [.splash section]', + config_key = 'UKI/Splash', ), ConfigItem( @@ -1317,13 +1325,23 @@ CONFIG_ITEMS = [ help = 'Device Tree file [.dtb section]', config_key = 'UKI/DeviceTree', ), + ConfigItem( - '--splash', - metavar = 'BMP', - type = pathlib.Path, - help = 'splash image bitmap file [.splash section]', - config_key = 'UKI/Splash', + '--uname', + metavar='VERSION', + help='"uname -r" information [.uname section]', + config_key = 'UKI/Uname', ), + + ConfigItem( + '--sbat', + metavar = 'TEXT|@PATH', + help = 'SBAT policy [.sbat section]', + default = [], + action = 'append', + config_key = 'UKI/SBAT', + ), + ConfigItem( '--pcrpkey', metavar = 'KEY', @@ -1331,11 +1349,14 @@ CONFIG_ITEMS = [ help = 'embedded public key to seal secrets to [.pcrpkey section]', config_key = 'UKI/PCRPKey', ), + ConfigItem( - '--uname', - metavar='VERSION', - help='"uname -r" information [.uname section]', - config_key = 'UKI/Uname', + '--section', + dest = 'sections', + metavar = 'NAME:TEXT|@PATH', + action = 'append', + default = [], + help = 'section as name and contents [NAME section] or section to print', ), ConfigItem( @@ -1354,24 +1375,6 @@ CONFIG_ITEMS = [ ), ConfigItem( - '--sbat', - metavar = 'TEXT|@PATH', - help = 'SBAT policy [.sbat section]', - default = [], - action = 'append', - config_key = 'UKI/SBAT', - ), - - ConfigItem( - '--section', - dest = 'sections', - metavar = 'NAME:TEXT|@PATH', - action = 'append', - default = [], - help = 'section as name and contents [NAME section] or section to print', - ), - - ConfigItem( '--pcr-banks', metavar = 'BANKā¦', type = parse_banks, |