lanzaboote/rust/tool/shared/src/esp.rs

use std::{
    array::IntoIter,
    path::{Path, PathBuf},
};

use anyhow::{Context, Result, bail};

use crate::generation::Generation;

/// Supported system
#[allow(dead_code)]
#[non_exhaustive]
#[derive(Copy, Clone, PartialEq, Debug)]
pub enum Architecture {
    X86,
    AArch64,
}

impl Architecture {
    pub fn systemd_stub_filename(&self) -> &Path {
        Path::new(match self {
            Self::X86 => "linuxx64.efi.stub",
            Self::AArch64 => "linuxaa64.efi.stub"
        })
    }

    pub fn systemd_filename(&self) -> &Path {
        Path::new(match self {
            Self::X86 => "systemd-bootx64.efi",
            Self::AArch64 => "systemd-bootaa64.efi"
        })
    }

    pub fn efi_fallback_filename(&self) -> &Path {
        Path::new(match self {
            Self::X86 => "BOOTX64.EFI",
            Self::AArch64 => "BOOTAA64.EFI",
        })
    }
}

impl Architecture {
    /// Converts from a NixOS system double to a supported system
    pub fn from_nixos_system(system_double: &str) -> Result<Self> {
        Ok(match system_double {
            "x86_64-linux" => Self::X86,
            "aarch64-linux" => Self::AArch64,
            _ => bail!("Unsupported NixOS system double: {}, please open an issue or a PR if you think this should be supported.", system_double)
        })
    }
}

/// Generic ESP paths which can be specific to a bootloader
pub trait EspPaths<const N: usize> {
    /// Build an ESP path structure out of the ESP root directory
    fn new(esp: impl AsRef<Path>, arch: Architecture) -> Self;

    /// Return the used file paths to store as garbage collection roots.
    fn iter(&self) -> std::array::IntoIter<&PathBuf, N>;

    /// Returns the path containing NixOS EFI binaries
    fn nixos_path(&self) -> &Path;

    /// Returns the path containing Linux EFI binaries
    fn linux_path(&self) -> &Path;
}

/// Paths to the boot files of a specific generation.
pub struct EspGenerationPaths {
    pub kernel: PathBuf,
    pub initrd: PathBuf,
    pub lanzaboote_image: PathBuf,
}

impl EspGenerationPaths {
    pub fn new<const N: usize, P: EspPaths<N>>(
        esp_paths: &P,
        generation: &Generation,
        system: Architecture,
    ) -> Result<Self> {
        let bootspec = &generation.spec.bootspec.bootspec;
        let bootspec_system: Architecture = Architecture::from_nixos_system(&bootspec.system)?;

        assert_eq!(
            system, bootspec_system,
            "Bootspec's system differs from provided target system, unsupported usecase!"
        );

        Ok(Self {
            kernel: esp_paths
                .nixos_path()
                .join(nixos_path(&bootspec.kernel, "bzImage")?),
            initrd: esp_paths.nixos_path().join(nixos_path(
                bootspec
                    .initrd
                    .as_ref()
                    .context("Lanzaboote does not support missing initrd yet")?,
                "initrd",
            )?),
            lanzaboote_image: esp_paths.linux_path().join(generation_path(generation)),
        })
    }

    /// Return the used file paths to store as garbage collection roots.
    pub fn to_iter(&self) -> IntoIter<&PathBuf, 3> {
        [&self.kernel, &self.initrd, &self.lanzaboote_image].into_iter()
    }
}

fn nixos_path(path: impl AsRef<Path>, name: &str) -> Result<PathBuf> {
    let resolved = path
        .as_ref()
        .read_link()
        .unwrap_or_else(|_| path.as_ref().into());

    let parent_final_component = resolved
        .parent()
        .and_then(|x| x.file_name())
        .and_then(|x| x.to_str())
        .with_context(|| format!("Failed to extract final component from: {:?}", resolved))?;

    let nixos_filename = format!("{}-{}.efi", parent_final_component, name);

    Ok(PathBuf::from(nixos_filename))
}

fn generation_path(generation: &Generation) -> PathBuf {
    if let Some(specialisation_name) = generation.is_specialised() {
        PathBuf::from(format!(
            "nixos-generation-{}-specialisation-{}.efi",
            generation, specialisation_name
        ))
    } else {
        PathBuf::from(format!("nixos-generation-{}.efi", generation))
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn nixos_path_creates_correct_filename_from_nix_store_path() -> Result<()> {
        let path =
            Path::new("/nix/store/xqplddjjjy1lhzyzbcv4dza11ccpcfds-initrd-linux-6.1.1/initrd");

        let generated_filename = nixos_path(path, "initrd")?;

        let expected_filename =
            PathBuf::from("xqplddjjjy1lhzyzbcv4dza11ccpcfds-initrd-linux-6.1.1-initrd.efi");

        assert_eq!(generated_filename, expected_filename);
        Ok(())
    }
}
tool: split systemd into a new crate and make tool into a lib-only crate This is necessary to make integration testing specific to the backend. 2023-07-22 14:49:46 -04:00			`use std::{`
			`array::IntoIter,`
			`path::{Path, PathBuf},`
			`};`
lanzatool.install: init 2022-11-23 09:26:26 -05:00
tool: implement general architecture support - for aarch64, x86 for now 2023-04-24 19:53:46 -04:00			`use anyhow::{Context, Result, bail};`
lanzatool: implement configuration limit 2022-12-11 20:09:19 -05:00
tool: split systemd into a new crate and make tool into a lib-only crate This is necessary to make integration testing specific to the backend. 2023-07-22 14:49:46 -04:00			`use crate::generation::Generation;`
lanzatool: implement configuration limit 2022-12-11 20:09:19 -05:00
tool: implement general architecture support - for aarch64, x86 for now 2023-04-24 19:53:46 -04:00			`/// Supported system`
			`#[allow(dead_code)]`
			`#[non_exhaustive]`
			`#[derive(Copy, Clone, PartialEq, Debug)]`
			`pub enum Architecture {`
			`X86,`
			`AArch64,`
			`}`

tool(esp): add systemd stub filenames mapping for systems 2023-04-25 11:26:12 -04:00			`impl Architecture {`
			`pub fn systemd_stub_filename(&self) -> &Path {`
			`Path::new(match self {`
			`Self::X86 => "linuxx64.efi.stub",`
			`Self::AArch64 => "linuxaa64.efi.stub"`
			`})`
			`}`

tool: implement general architecture support - for aarch64, x86 for now 2023-04-24 19:53:46 -04:00			`pub fn systemd_filename(&self) -> &Path {`
			`Path::new(match self {`
			`Self::X86 => "systemd-bootx64.efi",`
			`Self::AArch64 => "systemd-bootaa64.efi"`
			`})`
			`}`

			`pub fn efi_fallback_filename(&self) -> &Path {`
			`Path::new(match self {`
			`Self::X86 => "BOOTX64.EFI",`
			`Self::AArch64 => "BOOTAA64.EFI",`
			`})`
			`}`
			`}`

			`impl Architecture {`
			`/// Converts from a NixOS system double to a supported system`
			`pub fn from_nixos_system(system_double: &str) -> Result<Self> {`
			`Ok(match system_double {`
			`"x86_64-linux" => Self::X86,`
			`"aarch64-linux" => Self::AArch64,`
			`_ => bail!("Unsupported NixOS system double: {}, please open an issue or a PR if you think this should be supported.", system_double)`
			`})`
			`}`
			`}`

lzbt: abstraction for multiple backends This generates `lzbt-systemd` binary instead of `lzbt` which is using a special systemd-specific entrypoint. This is part of the effort to enable multiple backends. 2023-07-08 14:54:42 -04:00			`/// Generic ESP paths which can be specific to a bootloader`
			`pub trait EspPaths<const N: usize> {`
			`/// Build an ESP path structure out of the ESP root directory`
tool(systemd-boot): install it once instead of checking for each generation systemd-boot is now installed once for many generations rather than multiple times. This means it is not really possible to manage different system in the same "machine", which is a very obscure usecase, theoretically possible, but not yet encountered. 2023-06-16 10:42:19 -04:00			`fn new(esp: impl AsRef<Path>, arch: Architecture) -> Self;`
tool: introduce some more whitespace 2023-09-14 06:38:40 -04:00
lanzatool: implement configuration limit 2022-12-11 20:09:19 -05:00			`/// Return the used file paths to store as garbage collection roots.`
lzbt: abstraction for multiple backends This generates `lzbt-systemd` binary instead of `lzbt` which is using a special systemd-specific entrypoint. This is part of the effort to enable multiple backends. 2023-07-08 14:54:42 -04:00			`fn iter(&self) -> std::array::IntoIter<&PathBuf, N>;`
tool: introduce some more whitespace 2023-09-14 06:38:40 -04:00
lzbt: abstraction for multiple backends This generates `lzbt-systemd` binary instead of `lzbt` which is using a special systemd-specific entrypoint. This is part of the effort to enable multiple backends. 2023-07-08 14:54:42 -04:00			`/// Returns the path containing NixOS EFI binaries`
			`fn nixos_path(&self) -> &Path;`
tool: introduce some more whitespace 2023-09-14 06:38:40 -04:00
lzbt: abstraction for multiple backends This generates `lzbt-systemd` binary instead of `lzbt` which is using a special systemd-specific entrypoint. This is part of the effort to enable multiple backends. 2023-07-08 14:54:42 -04:00			`/// Returns the path containing Linux EFI binaries`
			`fn linux_path(&self) -> &Path;`
lanzatool.install: init 2022-11-23 09:26:26 -05:00			`}`
lanzatool: add support for generations and correct naming of kernels a… (#12) * lanzatool: add support for generations and correct naming of kerels and initrds * test: use convert_to_esp(extract_bspec_attr(⋅)) for unsigned tests * lanzatool: ryan is a B class engineer Co-authored-by: nikstur@outlook.com 2022-11-25 21:14:21 -05:00
tool: split esp paths To access paths on the ESP before or after installing generations, split EspPaths into general EspPaths that only depend on the path to the ESP and EspGenerationPaths which additionally depend on generation specific information (e.g. version number and initrd filename). 2023-01-18 17:52:13 -05:00			`/// Paths to the boot files of a specific generation.`
			`pub struct EspGenerationPaths {`
			`pub kernel: PathBuf,`
			`pub initrd: PathBuf,`
			`pub lanzaboote_image: PathBuf,`
			`}`

			`impl EspGenerationPaths {`
tool: split systemd into a new crate and make tool into a lib-only crate This is necessary to make integration testing specific to the backend. 2023-07-22 14:49:46 -04:00			`pub fn new<const N: usize, P: EspPaths<N>>(`
			`esp_paths: &P,`
			`generation: &Generation,`
tool: introduce --target-system to choose target architecture We will hard fail in case of encountering different architectures in bootspec. This should still be compatible with cross-compiling systems in the future. 2023-06-16 10:23:39 -04:00			`system: Architecture,`
tool: split systemd into a new crate and make tool into a lib-only crate This is necessary to make integration testing specific to the backend. 2023-07-22 14:49:46 -04:00			`) -> Result<Self> {`
tool: adopt bootspec 0.1.0 2023-04-14 09:48:29 -04:00			`let bootspec = &generation.spec.bootspec.bootspec;`
tool: implement general architecture support - for aarch64, x86 for now 2023-04-24 19:53:46 -04:00			`let bootspec_system: Architecture = Architecture::from_nixos_system(&bootspec.system)?;`

			`assert_eq!(`
			`system, bootspec_system,`
			`"Bootspec's system differs from provided target system, unsupported usecase!"`
			`);`
tool: split esp paths To access paths on the ESP before or after installing generations, split EspPaths into general EspPaths that only depend on the path to the ESP and EspGenerationPaths which additionally depend on generation specific information (e.g. version number and initrd filename). 2023-01-18 17:52:13 -05:00
			`Ok(Self {`
			`kernel: esp_paths`
lzbt: abstraction for multiple backends This generates `lzbt-systemd` binary instead of `lzbt` which is using a special systemd-specific entrypoint. This is part of the effort to enable multiple backends. 2023-07-08 14:54:42 -04:00			`.nixos_path()`
tool: split esp paths To access paths on the ESP before or after installing generations, split EspPaths into general EspPaths that only depend on the path to the ESP and EspGenerationPaths which additionally depend on generation specific information (e.g. version number and initrd filename). 2023-01-18 17:52:13 -05:00			`.join(nixos_path(&bootspec.kernel, "bzImage")?),`
lzbt: abstraction for multiple backends This generates `lzbt-systemd` binary instead of `lzbt` which is using a special systemd-specific entrypoint. This is part of the effort to enable multiple backends. 2023-07-08 14:54:42 -04:00			`initrd: esp_paths.nixos_path().join(nixos_path(`
tool: split esp paths To access paths on the ESP before or after installing generations, split EspPaths into general EspPaths that only depend on the path to the ESP and EspGenerationPaths which additionally depend on generation specific information (e.g. version number and initrd filename). 2023-01-18 17:52:13 -05:00			`bootspec`
			`.initrd`
			`.as_ref()`
			`.context("Lanzaboote does not support missing initrd yet")?,`
			`"initrd",`
			`)?),`
lzbt: abstraction for multiple backends This generates `lzbt-systemd` binary instead of `lzbt` which is using a special systemd-specific entrypoint. This is part of the effort to enable multiple backends. 2023-07-08 14:54:42 -04:00			`lanzaboote_image: esp_paths.linux_path().join(generation_path(generation)),`
tool: split esp paths To access paths on the ESP before or after installing generations, split EspPaths into general EspPaths that only depend on the path to the ESP and EspGenerationPaths which additionally depend on generation specific information (e.g. version number and initrd filename). 2023-01-18 17:52:13 -05:00			`})`
			`}`

			`/// Return the used file paths to store as garbage collection roots.`
			`pub fn to_iter(&self) -> IntoIter<&PathBuf, 3> {`
			`[&self.kernel, &self.initrd, &self.lanzaboote_image].into_iter()`
			`}`
			`}`

lanzatool: add support for generations and correct naming of kernels a… (#12) * lanzatool: add support for generations and correct naming of kerels and initrds * test: use convert_to_esp(extract_bspec_attr(⋅)) for unsigned tests * lanzatool: ryan is a B class engineer Co-authored-by: nikstur@outlook.com 2022-11-25 21:14:21 -05:00			`fn nixos_path(path: impl AsRef<Path>, name: &str) -> Result<PathBuf> {`
lanzatool: appease clippy 2022-11-26 17:19:08 -05:00			`let resolved = path`
			`.as_ref()`
			`.read_link()`
			`.unwrap_or_else(\|_\| path.as_ref().into());`
lanzatool: add support for generations and correct naming of kernels a… (#12) * lanzatool: add support for generations and correct naming of kerels and initrds * test: use convert_to_esp(extract_bspec_attr(⋅)) for unsigned tests * lanzatool: ryan is a B class engineer Co-authored-by: nikstur@outlook.com 2022-11-25 21:14:21 -05:00
lanzatool: simplify nixos_path and add unit test 2022-12-29 19:40:22 -05:00			`let parent_final_component = resolved`
			`.parent()`
			`.and_then(\|x\| x.file_name())`
			`.and_then(\|x\| x.to_str())`
			`.with_context(\|\| format!("Failed to extract final component from: {:?}", resolved))?;`
lanzatool: add support for generations and correct naming of kernels a… (#12) * lanzatool: add support for generations and correct naming of kerels and initrds * test: use convert_to_esp(extract_bspec_attr(⋅)) for unsigned tests * lanzatool: ryan is a B class engineer Co-authored-by: nikstur@outlook.com 2022-11-25 21:14:21 -05:00
lanzatool: simplify nixos_path and add unit test 2022-12-29 19:40:22 -05:00			`let nixos_filename = format!("{}-{}.efi", parent_final_component, name);`
lanzatool: add support for generations and correct naming of kernels a… (#12) * lanzatool: add support for generations and correct naming of kerels and initrds * test: use convert_to_esp(extract_bspec_attr(⋅)) for unsigned tests * lanzatool: ryan is a B class engineer Co-authored-by: nikstur@outlook.com 2022-11-25 21:14:21 -05:00
			`Ok(PathBuf::from(nixos_filename))`
			`}`

nixos/lanzaboote: use upstream bootspec for extension generation 2022-12-17 18:31:09 -05:00			`fn generation_path(generation: &Generation) -> PathBuf {`
lanzatool: spell specialised consistently 2023-01-06 17:20:31 -05:00			`if let Some(specialisation_name) = generation.is_specialised() {`
lanzatool: enable specialisation 2022-11-27 05:19:02 -05:00			`PathBuf::from(format!(`
			`"nixos-generation-{}-specialisation-{}.efi",`
			`generation, specialisation_name`
			`))`
			`} else {`
			`PathBuf::from(format!("nixos-generation-{}.efi", generation))`
			`}`
lanzatool: add support for generations and correct naming of kernels a… (#12) * lanzatool: add support for generations and correct naming of kerels and initrds * test: use convert_to_esp(extract_bspec_attr(⋅)) for unsigned tests * lanzatool: ryan is a B class engineer Co-authored-by: nikstur@outlook.com 2022-11-25 21:14:21 -05:00			`}`
lanzatool: simplify nixos_path and add unit test 2022-12-29 19:40:22 -05:00
			`#[cfg(test)]`
			`mod tests {`
			`use super::*;`

			`#[test]`
			`fn nixos_path_creates_correct_filename_from_nix_store_path() -> Result<()> {`
			`let path =`
			`Path::new("/nix/store/xqplddjjjy1lhzyzbcv4dza11ccpcfds-initrd-linux-6.1.1/initrd");`

			`let generated_filename = nixos_path(path, "initrd")?;`

			`let expected_filename =`
			`PathBuf::from("xqplddjjjy1lhzyzbcv4dza11ccpcfds-initrd-linux-6.1.1-initrd.efi");`

			`assert_eq!(generated_filename, expected_filename);`
			`Ok(())`
			`}`
			`}`