and we need to enforce the root FS UUID. i think.

this should work. probably.
2021-01-20 04:33:51 -05:00 · 2021-01-20 04:33:51 -05:00 · 26c3da0bd2
parent be03c6bce8
commit 26c3da0bd2
3 changed files with 43 additions and 9 deletions
--- a/_base.py
+++ b/_base.py
@ -1,4 +1,5 @@
 import hashlib
+import json
 import os
 import pathlib
 import shutil
@ -43,6 +44,7 @@ class BaseUpdater(object):
        self.do_update = False
        self.force_update = False
        self.iso_url = None
+        self.boot_uuid = None
        self.hash_type = hash_type
        self.dest_iso = os.path.join(self.dest_dir, self.dest_file)
        self.dest_ver = os.path.join(self.dest_dir, self.ver_file)
@ -108,7 +110,30 @@ class BaseUpdater(object):
            return(False)
        return(True)

+    def getUUID(self):
+        disk_cmd = subprocess.run(['findmnt',
+                                   '-T', '/boot',
+                                   '--json'],
+                                  stdout = subprocess.PIPE,
+                                  stderr = subprocess.PIPE)
+        if (disk_cmd.returncode != 0) or disk_cmd.stderr.decode('utf-8').strip() != '':
+            raise RuntimeError('Could not get disk UUID: {0}'.format(disk_cmd.stderr.decode('utf-8')))
+        disk_dict = json.loads(disk_cmd.stdout.decode('utf-8'))
+        disk_dev = disk_dict['filesystems']['source']
+        info_cmd = subprocess.run(['blkid',
+                                   '-o', 'export',
+                                   disk_dev],
+                                  stdout = subprocess.PIPE,
+                                  stderr = subprocess.PIPE)
+        if (info_cmd.returncode != 0) or info_cmd.stderr.decode('utf-8').strip() != '':
+            raise RuntimeError('Could not get disk UUID: {0}'.format(info_cmd.stderr.decode('utf-8')))
+        info_dict = {i.split('=', 1)[0].lower():i.split('=', 1)[1]
+                     for i in info_cmd.stdout.decode('utf-8').splitlines()}
+        self.boot_uuid = info_dict.get('uuid')
+        return(None)
+
    def grub(self):
+        self.getUUID()
        import jinja2
        loader = jinja2.FileSystemLoader(searchpath = self._tpl_dir)
        tplenv = jinja2.Environment(loader = loader)
@ -117,7 +142,8 @@ class BaseUpdater(object):
            fh.write(tpl.render(iso_path = os.path.abspath(
                                    os.path.expanduser(
                                        os.path.join(self.grub_iso_dir,
-                                                     self.dest_file)))))
+                                                     self.dest_file))),
+                                disk_uuid = self.boot_uuid))
        os.chmod(self.grub_cfg, 0o0755)
        cmd = subprocess.run(['grub-mkconfig',
                              '-o', '{0}/grub/grub.cfg'.format(self.boot_dir)],
--- a/tpl/arch_grub.conf.j2
+++ b/tpl/arch_grub.conf.j2
@ -6,19 +6,21 @@ exec tail -n +3 $0
 submenu 'Arch Install ISO' {

 	menuentry 'Default Options' {
+		search --no-floppy --fs-uuid --set=root {{ disk_uuid }}
 		set isofile='{{ iso_path }}'
 		probe -u $root --set=imgdevuuid
 		set imgdevpath="/dev/disk/by-uuid/$imgdevuuid"
-		loopback loop $isofile
+		loopback loop (${root})/${isofile}
 		linux (loop)/arch/boot/x86_64/vmlinuz-linux archisobasedir=arch img_dev=$imgdevpath img_loop=$isofile earlymodules=loop
 		initrd (loop)/arch/boot/intel-ucode.img (loop)/arch/boot/amd-ucode.img (loop)/arch/boot/x86_64/initramfs-linux.img
 	}

 	menuentry 'Accessibility mode' {
+		search --no-floppy --fs-uuid --set=root {{ disk_uuid }}
 		set isofile='{{ iso_path }}'
 		probe -u $root --set=imgdevuuid
 		set imgdevpath="/dev/disk/by-uuid/$imgdevuuid"
-		loopback loop $isofile
+		loopback loop (${root})/${isofile}
 		linux (loop)/arch/boot/x86_64/vmlinuz-linux archisobasedir=arch img_dev=$imgdevpath img_loop=$isofile earlymodules=loop accessibility=on
 		initrd (loop)/arch/boot/intel-ucode.img (loop)/arch/boot/amd-ucode.img (loop)/arch/boot/x86_64/initramfs-linux.img
 	}
--- a/tpl/sysresccd_grub.conf.j2
+++ b/tpl/sysresccd_grub.conf.j2
@ -6,55 +6,61 @@ exec tail -n +3 $0
 submenu 'System Rescue CD' {

 	menuentry 'Default options' {
+		search --no-floppy --fs-uuid --set=root {{ disk_uuid }}
 		set isofile='{{ iso_path }}'
 		probe -u $root --set=imgdevuuid
 		set imgdevpath="/dev/disk/by-uuid/$imgdevuuid"
-		loopback loop $isofile
+		loopback loop (${root})/${isofile}
 		linux (loop)/sysresccd/boot/x86_64/vmlinuz archisobasedir=sysresccd img_dev=$imgdevpath img_loop=$isofile earlymodules=loop
 		initrd (loop)/sysresccd/boot/intel_ucode.img (loop)/sysresccd/boot/amd_ucode.img (loop)/sysresccd/boot/x86_64/sysresccd.img
 	}

 	menuentry 'Run from RAM' {
+		search --no-floppy --fs-uuid --set=root {{ disk_uuid }}
 		set isofile='{{ iso_path }}'
 		probe -u $root --set=imgdevuuid
 		set imgdevpath="/dev/disk/by-uuid/$imgdevuuid"
-		loopback loop $isofile
+		loopback loop (${root})/${isofile}
 		linux (loop)/sysresccd/boot/x86_64/vmlinuz archisobasedir=sysresccd img_dev=$imgdevpath img_loop=$isofile earlymodules=loop copytoram
 		initrd (loop)/sysresccd/boot/intel_ucode.img (loop)/sysresccd/boot/amd_ucode.img (loop)/sysresccd/boot/x86_64/sysresccd.img
 	}

 	menuentry 'Confirm/verify checksum' {
+		search --no-floppy --fs-uuid --set=root {{ disk_uuid }}
 		set isofile='{{ iso_path }}'
 		probe -u $root --set=imgdevuuid
 		set imgdevpath="/dev/disk/by-uuid/$imgdevuuid"
-		loopback loop $isofile
+		loopback loop (${root})/${isofile}
 		linux (loop)/sysresccd/boot/x86_64/vmlinuz archisobasedir=sysresccd img_dev=$imgdevpath img_loop=$isofile earlymodules=loop checksum
 		initrd (loop)/sysresccd/boot/intel_ucode.img (loop)/sysresccd/boot/amd_ucode.img (loop)/sysresccd/boot/x86_64/sysresccd.img
 	}

 	menuentry 'Use basic display drivers' {
+		search --no-floppy --fs-uuid --set=root {{ disk_uuid }}
 		set isofile='{{ iso_path }}'
 		probe -u $root --set=imgdevuuid
 		set imgdevpath="/dev/disk/by-uuid/$imgdevuuid"
-		loopback loop $isofile
+		loopback loop (${root})/${isofile}
 		linux (loop)/sysresccd/boot/x86_64/vmlinuz archisobasedir=sysresccd img_dev=$imgdevpath img_loop=$isofile earlymodules=loop nomodeset
 		initrd (loop)/sysresccd/boot/intel_ucode.img (loop)/sysresccd/boot/amd_ucode.img (loop)/sysresccd/boot/x86_64/sysresccd.img
 	}

 	menuentry 'Find and boot a locally installed Linux' {
+		search --no-floppy --fs-uuid --set=root {{ disk_uuid }}
 		set isofile='{{ iso_path }}'
 		probe -u $root --set=imgdevuuid
 		set imgdevpath="/dev/disk/by-uuid/$imgdevuuid"
-		loopback loop $isofile
+		loopback loop (${root})/${isofile}
 		linux (loop)/sysresccd/boot/x86_64/vmlinuz archisobasedir=sysresccd img_dev=$imgdevpath img_loop=$isofile earlymodules=loop findroot
 		initrd (loop)/sysresccd/boot/intel_ucode.img (loop)/sysresccd/boot/amd_ucode.img (loop)/sysresccd/boot/x86_64/sysresccd.img
 	}

 	menuentry 'Stop during boot before the root filesystem is mounted' {
+		search --no-floppy --fs-uuid --set=root {{ disk_uuid }}
 		set isofile='{{ iso_path }}'
 		probe -u $root --set=imgdevuuid
 		set imgdevpath="/dev/disk/by-uuid/$imgdevuuid"
-		loopback loop $isofile
+		loopback loop (${root})/${isofile}
 		linux (loop)/sysresccd/boot/x86_64/vmlinuz archisobasedir=sysresccd img_dev=$imgdevpath img_loop=$isofile earlymodules=loop break
 		initrd (loop)/sysresccd/boot/intel_ucode.img (loop)/sysresccd/boot/amd_ucode.img (loop)/sysresccd/boot/x86_64/sysresccd.img
 	}