feat: enable synthesis support
Bootspec has a mechanism called synthesis where you can synthesize bootspecs if they are not present based on the generation link only. This is useful for "vanilla bootspec" which does not contain any extensions, as this is what we do right now. If we need extensions, we can also implement our synthesis mechanism on the top of it. Enabling synthesis gives us the superpower to support non-bootspec users. :-)
This commit is contained in:
parent
484b2c2fe4
commit
4ef6957f88
|
@ -239,6 +239,18 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# We test if we can install Lanzaboote without Bootspec support.
|
||||||
|
synthesis = mkSecureBootTest {
|
||||||
|
name = "lanzaboote-synthesis";
|
||||||
|
machine = { lib, ... }: {
|
||||||
|
boot.bootspec.enable = lib.mkForce false;
|
||||||
|
};
|
||||||
|
testScript = ''
|
||||||
|
machine.start()
|
||||||
|
assert "Secure Boot: enabled (user)" in machine.succeed("bootctl status")
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
systemd-boot-loader-config = mkSecureBootTest {
|
systemd-boot-loader-config = mkSecureBootTest {
|
||||||
name = "lanzaboote-systemd-boot-loader-config";
|
name = "lanzaboote-systemd-boot-loader-config";
|
||||||
machine = {
|
machine = {
|
||||||
|
|
|
@ -42,10 +42,15 @@ pub struct Generation {
|
||||||
impl Generation {
|
impl Generation {
|
||||||
pub fn from_link(link: &GenerationLink) -> Result<Self> {
|
pub fn from_link(link: &GenerationLink) -> Result<Self> {
|
||||||
let bootspec_path = link.path.join("boot.json");
|
let bootspec_path = link.path.join("boot.json");
|
||||||
let boot_json: BootJson = serde_json::from_slice(
|
let boot_json: BootJson = fs::read(bootspec_path)
|
||||||
&fs::read(bootspec_path).context("Failed to read bootspec file")?,
|
.context("Failed to read bootspec file")
|
||||||
)
|
.and_then(|raw| serde_json::from_slice(&raw).context("Failed to read bootspec JSON"))
|
||||||
.context("Failed to parse bootspec json")?;
|
// TODO: this should be much easier, add a From<GenerationVX> for BootspecGeneration
|
||||||
|
// this should enable us to do `into()` on the Result
|
||||||
|
// anyhow compatibility of bootspec would be nice too.
|
||||||
|
.or_else(|_err| BootJson::synthesize_latest(&link.path)
|
||||||
|
.map_err(|err| anyhow!(err))
|
||||||
|
.context("Failed to read a bootspec (missing bootspec?) and failed to synthesize a valid replacement bootspec."))?;
|
||||||
|
|
||||||
// TODO: replace me when https://github.com/DeterminateSystems/bootspec/pull/109 lands.
|
// TODO: replace me when https://github.com/DeterminateSystems/bootspec/pull/109 lands.
|
||||||
let bootspec: BootSpec = match boot_json.generation {
|
let bootspec: BootSpec = match boot_json.generation {
|
||||||
|
|
Loading…
Reference in New Issue