|
 |
6ccdcf |
From fec61ce5778910bac7779191ee8deeb0a24593c8 Mon Sep 17 00:00:00 2001
|
|
|
6ccdcf |
From: Jonathan Lebon <jonathan@jlebon.com>
|
|
|
6ccdcf |
Date: Tue, 29 Oct 2019 16:40:39 -0400
|
|
|
6ccdcf |
Subject: [PATCH 2/2] libpriv/kernel: Hack around vmlinuz path in HMAC file
|
|
|
6ccdcf |
|
|
|
6ccdcf |
As mentioned in the comment block:
|
|
|
6ccdcf |
|
|
|
6ccdcf |
```
|
|
|
6ccdcf |
If there's an HMAC file, fix the path to the kernel in it to be
|
|
|
6ccdcf |
relative. Right now, the kernel spec encodes `/boot/vmlinux-$kver`,
|
|
|
6ccdcf |
which of course not going to work for us. We should work towards making
|
|
|
6ccdcf |
this change directly into the kernel spec.
|
|
|
6ccdcf |
```
|
|
|
6ccdcf |
|
|
|
6ccdcf |
For background, see this comment and following:
|
|
|
6ccdcf |
https://github.com/ostreedev/ostree/pull/1962#issuecomment-547488164
|
|
|
6ccdcf |
---
|
|
|
6ccdcf |
src/libpriv/rpmostree-kernel.c | 32 ++++++++++++++++++++++++++++++++
|
|
|
6ccdcf |
1 file changed, 32 insertions(+)
|
|
|
6ccdcf |
|
|
|
6ccdcf |
diff --git a/src/libpriv/rpmostree-kernel.c b/src/libpriv/rpmostree-kernel.c
|
|
|
6ccdcf |
index 2266f9c7..2bea504c 100644
|
|
|
6ccdcf |
--- a/src/libpriv/rpmostree-kernel.c
|
|
|
6ccdcf |
+++ b/src/libpriv/rpmostree-kernel.c
|
|
|
6ccdcf |
@@ -393,6 +393,38 @@ rpmostree_finalize_kernel (int rootfs_dfd,
|
|
|
6ccdcf |
return glnx_throw_errno_prefix (error, "linkat(%s)", kernel_modules_path);
|
|
|
6ccdcf |
}
|
|
|
6ccdcf |
|
|
|
6ccdcf |
+ /* If there's an HMAC file, fix the path to the kernel in it to be relative. Right now,
|
|
|
6ccdcf |
+ * the kernel spec encodes `/boot/vmlinux-$kver`, which of course not going to work for
|
|
|
6ccdcf |
+ * us. We should work towards making this change directly into the kernel spec. */
|
|
|
6ccdcf |
+ g_autofree char *hmac_path = g_build_filename (modules_bootdir, ".vmlinuz.hmac", NULL);
|
|
|
6ccdcf |
+ if (!glnx_fstatat_allow_noent (rootfs_dfd, hmac_path, NULL, 0, error))
|
|
|
6ccdcf |
+ return FALSE;
|
|
|
6ccdcf |
+ if (errno == 0)
|
|
|
6ccdcf |
+ {
|
|
|
6ccdcf |
+ g_autofree char *contents = glnx_file_get_contents_utf8_at (rootfs_dfd, hmac_path,
|
|
|
6ccdcf |
+ NULL, cancellable, error);
|
|
|
6ccdcf |
+ if (contents == NULL)
|
|
|
6ccdcf |
+ return FALSE;
|
|
|
6ccdcf |
+
|
|
|
6ccdcf |
+ /* rather than trying to parse and understand the *sum format, just hackily replace */
|
|
|
6ccdcf |
+ g_autofree char *old_path = g_strconcat (" /boot/vmlinuz-", kver, NULL);
|
|
|
6ccdcf |
+ g_autofree char *new_path = g_strconcat (" vmlinuz-", kver, NULL);
|
|
|
6ccdcf |
+ g_autofree char *new_contents =
|
|
|
6ccdcf |
+ rpmostree_str_replace (contents, old_path, new_path, error);
|
|
|
6ccdcf |
+ if (!new_contents)
|
|
|
6ccdcf |
+ return FALSE;
|
|
|
6ccdcf |
+
|
|
|
6ccdcf |
+ /* sanity check there are no '/' in there; that way too we just error out if the path
|
|
|
6ccdcf |
+ * or format changes (but really, this should be a temporary hack...) */
|
|
|
6ccdcf |
+ if (strchr (new_contents, '/') != 0)
|
|
|
6ccdcf |
+ return glnx_throw (error, "Unexpected / in .vmlinuz.hmac: %s", new_contents);
|
|
|
6ccdcf |
+
|
|
|
6ccdcf |
+ if (!glnx_file_replace_contents_at (rootfs_dfd, hmac_path,
|
|
|
6ccdcf |
+ (guint8*)new_contents, -1, 0,
|
|
|
6ccdcf |
+ cancellable, error))
|
|
|
6ccdcf |
+ return FALSE;
|
|
|
6ccdcf |
+ }
|
|
|
6ccdcf |
+
|
|
|
6ccdcf |
/* Replace the initramfs */
|
|
|
6ccdcf |
g_autofree char *initramfs_modules_path = g_build_filename (modules_bootdir, "initramfs.img", NULL);
|
|
|
6ccdcf |
if (unlinkat (rootfs_dfd, initramfs_modules_path, 0) < 0)
|
|
|
6ccdcf |
--
|
|
|
6ccdcf |
2.21.0
|
|
|
6ccdcf |
|