From 26c3da0bd25c5019c1025f548ff0cb6f8788291a Mon Sep 17 00:00:00 2001
From: brent s <bts@square-r00t.net>
Date: Wed, 20 Jan 2021 04:33:51 -0500
Subject: [PATCH] and we need to enforce the root FS UUID. i think.

this should work. probably.
---
 _base.py                   | 28 +++++++++++++++++++++++++++-
 tpl/arch_grub.conf.j2      |  6 ++++--
 tpl/sysresccd_grub.conf.j2 | 18 ++++++++++++------
 3 files changed, 43 insertions(+), 9 deletions(-)

diff --git a/_base.py b/_base.py
index c09c84e..f9ce07b 100644
--- a/_base.py
+++ b/_base.py
@@ -1,4 +1,5 @@
 import hashlib
+import json
 import os
 import pathlib
 import shutil
@@ -43,6 +44,7 @@ class BaseUpdater(object):
         self.do_update = False
         self.force_update = False
         self.iso_url = None
+        self.boot_uuid = None
         self.hash_type = hash_type
         self.dest_iso = os.path.join(self.dest_dir, self.dest_file)
         self.dest_ver = os.path.join(self.dest_dir, self.ver_file)
@@ -108,7 +110,30 @@ class BaseUpdater(object):
             return(False)
         return(True)
 
+    def getUUID(self):
+        disk_cmd = subprocess.run(['findmnt',
+                                   '-T', '/boot',
+                                   '--json'],
+                                  stdout = subprocess.PIPE,
+                                  stderr = subprocess.PIPE)
+        if (disk_cmd.returncode != 0) or disk_cmd.stderr.decode('utf-8').strip() != '':
+            raise RuntimeError('Could not get disk UUID: {0}'.format(disk_cmd.stderr.decode('utf-8')))
+        disk_dict = json.loads(disk_cmd.stdout.decode('utf-8'))
+        disk_dev = disk_dict['filesystems']['source']
+        info_cmd = subprocess.run(['blkid',
+                                   '-o', 'export',
+                                   disk_dev],
+                                  stdout = subprocess.PIPE,
+                                  stderr = subprocess.PIPE)
+        if (info_cmd.returncode != 0) or info_cmd.stderr.decode('utf-8').strip() != '':
+            raise RuntimeError('Could not get disk UUID: {0}'.format(info_cmd.stderr.decode('utf-8')))
+        info_dict = {i.split('=', 1)[0].lower():i.split('=', 1)[1]
+                     for i in info_cmd.stdout.decode('utf-8').splitlines()}
+        self.boot_uuid = info_dict.get('uuid')
+        return(None)
+
     def grub(self):
+        self.getUUID()
         import jinja2
         loader = jinja2.FileSystemLoader(searchpath = self._tpl_dir)
         tplenv = jinja2.Environment(loader = loader)
@@ -117,7 +142,8 @@ class BaseUpdater(object):
             fh.write(tpl.render(iso_path = os.path.abspath(
                                     os.path.expanduser(
                                         os.path.join(self.grub_iso_dir,
-                                                     self.dest_file)))))
+                                                     self.dest_file))),
+                                disk_uuid = self.boot_uuid))
         os.chmod(self.grub_cfg, 0o0755)
         cmd = subprocess.run(['grub-mkconfig',
                               '-o', '{0}/grub/grub.cfg'.format(self.boot_dir)],
diff --git a/tpl/arch_grub.conf.j2 b/tpl/arch_grub.conf.j2
index 634171e..63a4309 100644
--- a/tpl/arch_grub.conf.j2
+++ b/tpl/arch_grub.conf.j2
@@ -6,19 +6,21 @@ exec tail -n +3 $0
 submenu 'Arch Install ISO' {
 
 	menuentry 'Default Options' {
+		search --no-floppy --fs-uuid --set=root {{ disk_uuid }}
 		set isofile='{{ iso_path }}'
 		probe -u $root --set=imgdevuuid
 		set imgdevpath="/dev/disk/by-uuid/$imgdevuuid"
-		loopback loop $isofile
+		loopback loop (${root})/${isofile}
 		linux (loop)/arch/boot/x86_64/vmlinuz-linux archisobasedir=arch img_dev=$imgdevpath img_loop=$isofile earlymodules=loop
 		initrd (loop)/arch/boot/intel-ucode.img (loop)/arch/boot/amd-ucode.img (loop)/arch/boot/x86_64/initramfs-linux.img
 	}
 
 	menuentry 'Accessibility mode' {
+		search --no-floppy --fs-uuid --set=root {{ disk_uuid }}
 		set isofile='{{ iso_path }}'
 		probe -u $root --set=imgdevuuid
 		set imgdevpath="/dev/disk/by-uuid/$imgdevuuid"
-		loopback loop $isofile
+		loopback loop (${root})/${isofile}
 		linux (loop)/arch/boot/x86_64/vmlinuz-linux archisobasedir=arch img_dev=$imgdevpath img_loop=$isofile earlymodules=loop accessibility=on
 		initrd (loop)/arch/boot/intel-ucode.img (loop)/arch/boot/amd-ucode.img (loop)/arch/boot/x86_64/initramfs-linux.img
 	}
diff --git a/tpl/sysresccd_grub.conf.j2 b/tpl/sysresccd_grub.conf.j2
index 3e8692f..71f1f48 100644
--- a/tpl/sysresccd_grub.conf.j2
+++ b/tpl/sysresccd_grub.conf.j2
@@ -6,55 +6,61 @@ exec tail -n +3 $0
 submenu 'System Rescue CD' {
 
 	menuentry 'Default options' {
+		search --no-floppy --fs-uuid --set=root {{ disk_uuid }}
 		set isofile='{{ iso_path }}'
 		probe -u $root --set=imgdevuuid
 		set imgdevpath="/dev/disk/by-uuid/$imgdevuuid"
-		loopback loop $isofile
+		loopback loop (${root})/${isofile}
 		linux (loop)/sysresccd/boot/x86_64/vmlinuz archisobasedir=sysresccd img_dev=$imgdevpath img_loop=$isofile earlymodules=loop
 		initrd (loop)/sysresccd/boot/intel_ucode.img (loop)/sysresccd/boot/amd_ucode.img (loop)/sysresccd/boot/x86_64/sysresccd.img
 	}
 
 	menuentry 'Run from RAM' {
+		search --no-floppy --fs-uuid --set=root {{ disk_uuid }}
 		set isofile='{{ iso_path }}'
 		probe -u $root --set=imgdevuuid
 		set imgdevpath="/dev/disk/by-uuid/$imgdevuuid"
-		loopback loop $isofile
+		loopback loop (${root})/${isofile}
 		linux (loop)/sysresccd/boot/x86_64/vmlinuz archisobasedir=sysresccd img_dev=$imgdevpath img_loop=$isofile earlymodules=loop copytoram
 		initrd (loop)/sysresccd/boot/intel_ucode.img (loop)/sysresccd/boot/amd_ucode.img (loop)/sysresccd/boot/x86_64/sysresccd.img
 	}
 
 	menuentry 'Confirm/verify checksum' {
+		search --no-floppy --fs-uuid --set=root {{ disk_uuid }}
 		set isofile='{{ iso_path }}'
 		probe -u $root --set=imgdevuuid
 		set imgdevpath="/dev/disk/by-uuid/$imgdevuuid"
-		loopback loop $isofile
+		loopback loop (${root})/${isofile}
 		linux (loop)/sysresccd/boot/x86_64/vmlinuz archisobasedir=sysresccd img_dev=$imgdevpath img_loop=$isofile earlymodules=loop checksum
 		initrd (loop)/sysresccd/boot/intel_ucode.img (loop)/sysresccd/boot/amd_ucode.img (loop)/sysresccd/boot/x86_64/sysresccd.img
 	}
 
 	menuentry 'Use basic display drivers' {
+		search --no-floppy --fs-uuid --set=root {{ disk_uuid }}
 		set isofile='{{ iso_path }}'
 		probe -u $root --set=imgdevuuid
 		set imgdevpath="/dev/disk/by-uuid/$imgdevuuid"
-		loopback loop $isofile
+		loopback loop (${root})/${isofile}
 		linux (loop)/sysresccd/boot/x86_64/vmlinuz archisobasedir=sysresccd img_dev=$imgdevpath img_loop=$isofile earlymodules=loop nomodeset
 		initrd (loop)/sysresccd/boot/intel_ucode.img (loop)/sysresccd/boot/amd_ucode.img (loop)/sysresccd/boot/x86_64/sysresccd.img
 	}
 
 	menuentry 'Find and boot a locally installed Linux' {
+		search --no-floppy --fs-uuid --set=root {{ disk_uuid }}
 		set isofile='{{ iso_path }}'
 		probe -u $root --set=imgdevuuid
 		set imgdevpath="/dev/disk/by-uuid/$imgdevuuid"
-		loopback loop $isofile
+		loopback loop (${root})/${isofile}
 		linux (loop)/sysresccd/boot/x86_64/vmlinuz archisobasedir=sysresccd img_dev=$imgdevpath img_loop=$isofile earlymodules=loop findroot
 		initrd (loop)/sysresccd/boot/intel_ucode.img (loop)/sysresccd/boot/amd_ucode.img (loop)/sysresccd/boot/x86_64/sysresccd.img
 	}
 
 	menuentry 'Stop during boot before the root filesystem is mounted' {
+		search --no-floppy --fs-uuid --set=root {{ disk_uuid }}
 		set isofile='{{ iso_path }}'
 		probe -u $root --set=imgdevuuid
 		set imgdevpath="/dev/disk/by-uuid/$imgdevuuid"
-		loopback loop $isofile
+		loopback loop (${root})/${isofile}
 		linux (loop)/sysresccd/boot/x86_64/vmlinuz archisobasedir=sysresccd img_dev=$imgdevpath img_loop=$isofile earlymodules=loop break
 		initrd (loop)/sysresccd/boot/intel_ucode.img (loop)/sysresccd/boot/amd_ucode.img (loop)/sysresccd/boot/x86_64/sysresccd.img
 	}