From b1e25dc8c80d28a136f3e34d5652f82b49b1456f Mon Sep 17 00:00:00 2001 From: Itxaka Date: Fri, 22 Nov 2024 14:36:59 +0100 Subject: [PATCH] :penguin: Enable boot assesment for UKI This adds the missing package on ubuntu and enables boot assesment services for UKI Signed-off-by: Itxaka --- images/Dockerfile.kairos-rhel | 1 + images/Dockerfile.kairos-ubuntu | 24 +++++++++++++----------- images/Dockerfile.rhel | 1 + images/Dockerfile.ubuntu | 5 +++++ 4 files changed, 20 insertions(+), 11 deletions(-) diff --git a/images/Dockerfile.kairos-rhel b/images/Dockerfile.kairos-rhel index 17e416acf..8a99bbdf0 100644 --- a/images/Dockerfile.kairos-rhel +++ b/images/Dockerfile.kairos-rhel @@ -79,6 +79,7 @@ RUN dnf install -y \ && dnf clean all FROM common AS systemd-boot +RUN systemctl enable systemd-bless-boot FROM ${BOOTLOADER} AS all RUN dnf install -y \ diff --git a/images/Dockerfile.kairos-ubuntu b/images/Dockerfile.kairos-ubuntu index e946df4ac..221894278 100644 --- a/images/Dockerfile.kairos-ubuntu +++ b/images/Dockerfile.kairos-ubuntu @@ -105,21 +105,26 @@ RUN rm -rf /tmp/nohang.deb # This target is aimed at UKI images and avoids to install GRUB and any other unnecesary packages # to the image because there are limitations on the total size +# systemd-boot is neccesary as it brings the /usr/lib/systemd/systemd-bless-boot for boot assesment FROM common AS systemd-boot SHELL ["/bin/bash", "-o", "pipefail", "-c"] RUN apt-get update && apt-get install -y --no-install-recommends \ iucode-tool \ kmod \ linux-base \ + systemd-boot \ && apt-get remove -y unattended-upgrades && apt-get clean && rm -rf /var/lib/apt/lists/* # for UKI, install the linux-modules pkg if no modules are found RUN [ -z "$(ls -A /lib/modules/)" ] && apt-get update && apt-get install -y --no-install-recommends \ "$(apt-cache search linux-modules | grep -oP 'linux-modules-\d+.\d+.\d+-\d+-generic' | sort -V | tail -1)" \ - && apt-get remove -y unattended-upgrades && apt-get clean && rm -rf /var/lib/apt/lists/* + && apt-get remove -y unattended-upgrades && apt-get clean && rm -rf /var/lib/apt/lists/* || true # for UKI, install the linux-image pkg if no kernel is found RUN [ -z "$(ls -A /boot/vmlinuz*)" ] && apt-get update && apt-get install -y --no-install-recommends \ "$(apt-cache search linux-image | grep -oP 'linux-image-\d+.\d+.\d+-\d+-generic' | sort -V | tail -1)" \ - && apt-get remove -y unattended-upgrades && apt-get clean && rm -rf /var/lib/apt/lists/* + && apt-get remove -y unattended-upgrades && apt-get clean && rm -rf /var/lib/apt/lists/* || true +# Enable systemd-bless-boot for boot assesment +RUN systemctl enable systemd-bless-boot + # This target is aimed at non-UKI images where size is not a concern FROM common AS grub @@ -141,17 +146,14 @@ RUN apt-get update \ FROM systemd-boot AS systemd-boot-amd64 RUN apt-get update \ - && apt-get install -y --no-install-recommends \ - shared-mime-info \ - && apt-get remove -y unattended-upgrades && apt-get clean && rm -rf /var/lib/apt/lists/* + && apt-get install -y --no-install-recommends shared-mime-info \ + && apt-get remove -y unattended-upgrades && apt-get clean && rm -rf /var/lib/apt/lists/* RUN [ -z "$(ls -A /lib/firmware/amd/)" ] && apt-get update && apt-get install -y --no-install-recommends \ - && apt-get install -y --no-install-recommends \ - amd64-microcode \ - && apt-get remove -y unattended-upgrades && apt-get clean && rm -rf /var/lib/apt/lists/* + && apt-get install -y --no-install-recommends amd64-microcode \ + && apt-get remove -y unattended-upgrades && apt-get clean && rm -rf /var/lib/apt/lists/* || true RUN [ -z "$(ls -A /lib/firmware/intel-ucode/)" ] && apt-get update && apt-get install -y --no-install-recommends \ - && apt-get install -y --no-install-recommends \ - intel-microcode \ - && apt-get remove -y unattended-upgrades && apt-get clean && rm -rf /var/lib/apt/lists/* + && apt-get install -y --no-install-recommends intel-microcode \ + && apt-get remove -y unattended-upgrades && apt-get clean && rm -rf /var/lib/apt/lists/* || true FROM systemd-boot AS systemd-boot-arm64 diff --git a/images/Dockerfile.rhel b/images/Dockerfile.rhel index 7a6d8b65a..dc1e09be8 100644 --- a/images/Dockerfile.rhel +++ b/images/Dockerfile.rhel @@ -80,6 +80,7 @@ RUN dnf install -y \ && dnf clean all FROM common AS systemd-boot +RUN systemctl enable systemd-bless-boot FROM ${BOOTLOADER} AS all RUN dnf install -y \ diff --git a/images/Dockerfile.ubuntu b/images/Dockerfile.ubuntu index d95e22412..97d290f41 100644 --- a/images/Dockerfile.ubuntu +++ b/images/Dockerfile.ubuntu @@ -106,12 +106,14 @@ RUN rm -rf /tmp/nohang.deb # This target is aimed at UKI images and avoids to install GRUB and any other unnecesary packages # to the image because there are limitations on the total size +# systemd-boot is neccesary as it brings the /usr/lib/systemd/systemd-bless-boot for boot assesment FROM common AS systemd-boot SHELL ["/bin/bash", "-o", "pipefail", "-c"] RUN apt-get update && apt-get install -y --no-install-recommends \ iucode-tool \ kmod \ linux-base \ + systemd-boot \ && apt-get remove -y unattended-upgrades && apt-get clean && rm -rf /var/lib/apt/lists/* # for UKI, install the linux-modules pkg if no modules are found RUN [ -z "$(ls -A /lib/modules/)" ] && apt-get update && apt-get install -y --no-install-recommends \ @@ -121,6 +123,9 @@ RUN [ -z "$(ls -A /lib/modules/)" ] && apt-get update && apt-get install -y --no RUN [ -z "$(ls -A /boot/vmlinuz*)" ] && apt-get update && apt-get install -y --no-install-recommends \ "$(apt-cache search linux-image | grep -oP 'linux-image-\d+.\d+.\d+-\d+-generic' | sort -V | tail -1)" \ && apt-get remove -y unattended-upgrades && apt-get clean && rm -rf /var/lib/apt/lists/* || true +# Enable systemd-bless-boot for boot assesment +RUN systemctl enable systemd-bless-boot + # This target is aimed at non-UKI images where size is not a concern FROM common AS grub