From d25a9c244d342620c6748c638e0b4b1a8c945416 Mon Sep 17 00:00:00 2001 From: moparisthebest Date: Wed, 20 Nov 2019 16:35:27 -0500 Subject: [PATCH] Add ipxe-netboot --- src/ipxe-netboot/PKGBUILD | 66 +++++++++++++++++++ src/ipxe-netboot/arch.ipxe | 3 + .../codesigning_pierre_archlinux.pem | 30 +++++++++ .../codesigning_thomas_archlinux.pem | 30 +++++++++ src/ipxe-netboot/dst_x1.pem | 20 ++++++ src/ipxe-netboot/test-netboot | 36 ++++++++++ 6 files changed, 185 insertions(+) create mode 100644 src/ipxe-netboot/PKGBUILD create mode 100644 src/ipxe-netboot/arch.ipxe create mode 100644 src/ipxe-netboot/codesigning_pierre_archlinux.pem create mode 100644 src/ipxe-netboot/codesigning_thomas_archlinux.pem create mode 100644 src/ipxe-netboot/dst_x1.pem create mode 100755 src/ipxe-netboot/test-netboot diff --git a/src/ipxe-netboot/PKGBUILD b/src/ipxe-netboot/PKGBUILD new file mode 100644 index 0000000..bc44e4f --- /dev/null +++ b/src/ipxe-netboot/PKGBUILD @@ -0,0 +1,66 @@ +# Maintainer: Lily Wilson +# Contributor: Thomas Bächler +pkgname=ipxe-netboot +pkgver=r5925.3fe683eb +pkgrel=1 +pkgdesc="iPXE build for Arch Linux netboot" +arch=('i686' 'x86_64') +url="http://ipxe.org" +license=('GPL') +makedepends=('git' + 'gcc' + 'binutils' + 'make' + 'perl' + 'xz' + 'zlib') +options=(!strip) +source=('ipxe::git+https://git.ipxe.org/ipxe.git#branch=master' + arch.ipxe + codesigning_thomas_archlinux.pem + codesigning_pierre_archlinux.pem + dst_x1.pem + test-netboot) +sha256sums=('SKIP' + 'f789c81cade88537b4dc0acd1ce1beb26d1c1e63b837423a14a7c096b31b0230' + '3ba0cf390975bb07bf1d3c7ff802d6977bdf901c94883ea2de44c16d444252e5' + '64d021f345a0b4633de17ba43d816295076adc8a378eaa54e6796e8c0e95d6d0' + '139a5e4a4e0fa505378c72c5f700934ce8333f4e6b1b508886c4b0eb14f4be99' + '63cdadea20fd5ba0f1a632d1ebd34e7b3d91f08b88a3b43508cc825bb42e55a4') + +pkgver() { + cd "$srcdir/ipxe" + printf "r%s.%s" "$(git rev-list --count HEAD)" "$(git rev-parse --short HEAD)" +} + +prepare() { + cd "$srcdir/ipxe/src" + mkdir -p config/local + : > config/local/general.h + echo '#define NET_PROTO_IPV6' >> config/local/general.h + echo '#define DOWNLOAD_PROTO_HTTPS' >> config/local/general.h + echo '#define IMAGE_TRUST_CMD' >> config/local/general.h +} + +build() { + cd "$srcdir/ipxe/src" + + NO_WERROR=1 + export NO_WERROR + + make \ + CERT="$srcdir/codesigning_pierre_archlinux.pem","$srcdir/codesigning_thomas_archlinux.pem","$srcdir/dst_x1.pem" \ + TRUST="$srcdir/codesigning_pierre_archlinux.pem","$srcdir/codesigning_thomas_archlinux.pem","$srcdir/dst_x1.pem" \ + bin/ipxe.lkrn \ + bin/ipxe.pxe \ + bin-x86_64-efi/ipxe.efi +} + +package() { + cd "$srcdir/ipxe/src" + install -d -m755 "$pkgdir"/usr/share/ipxe-netboot + install -m644 bin/ipxe.lkrn "$pkgdir"/usr/share/ipxe-netboot/ + install -m644 bin/ipxe.pxe "$pkgdir"/usr/share/ipxe-netboot/ + install -m644 bin-x86_64-efi/ipxe.efi "$pkgdir"/usr/share/ipxe-netboot/ + install -D -m755 "$srcdir"/test-netboot "$pkgdir"/usr/bin/test-netboot +} diff --git a/src/ipxe-netboot/arch.ipxe b/src/ipxe-netboot/arch.ipxe new file mode 100644 index 0000000..af01aae --- /dev/null +++ b/src/ipxe-netboot/arch.ipxe @@ -0,0 +1,3 @@ +#!ipxe +ifconf +chain https://www.archlinux.org/releng/netboot/archlinux.ipxe || shell diff --git a/src/ipxe-netboot/codesigning_pierre_archlinux.pem b/src/ipxe-netboot/codesigning_pierre_archlinux.pem new file mode 100644 index 0000000..c8288ef --- /dev/null +++ b/src/ipxe-netboot/codesigning_pierre_archlinux.pem @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFOzCCAyOgAwIBAgIJAM/ujMJZQq3IMA0GCSqGSIb3DQEBCwUAMEoxCzAJBgNV +BAYTAkRFMRcwFQYDVQQDDA5QaWVycmUgU2NobWl0ejEiMCAGCSqGSIb3DQEJARYT +cGllcnJlQGFyY2hsaW51eC5kZTAeFw0xNjA2MDExNjQxNTZaFw0yNjA1MzAxNjQx +NTZaMEoxCzAJBgNVBAYTAkRFMRcwFQYDVQQDDA5QaWVycmUgU2NobWl0ejEiMCAG +CSqGSIb3DQEJARYTcGllcnJlQGFyY2hsaW51eC5kZTCCAiIwDQYJKoZIhvcNAQEB +BQADggIPADCCAgoCggIBAMybf9uwe6O+FPUYR4ycBDcBJp0QOsUDSSw9c5EJsTJJ +/0HDk+cFW9OdhxnRsxOPCYyrqE/FEusMyAyyyrZ1DVqprTegcqwqgZSmLNwBp+gP +Dt10JuNQM7IFIs0p3CE6JyuLWJWjn+ZJuVa1Qwfg80wOv/CLkQEWP5ols3o4VroF +CzJAKd4nVRf8JSyk+4Hka1udtqw4zEyDtaomZ661ZxBH3+PAoE2N+VcMPC3yTOBS +4RuabUU4PotfFXMrWGfBLuxGK3IVH99rof2SFG719o0ZDOtVLuaCEAo4VywiYqO0 +qAKKBlH0XEvdOAG4KuHFFKQN1UTFRQ9yZXcfdNBnMYRW3QpbPfMcrFUDYvhHW4N/ +dH5JhKL0LDvvrn0Nr1C5OJbZSl2triPmJUJpMBRhcRut6ZH6FkNWLmavNV8Q9cpM +1qXG0s/yH2RaBQ2+Le7YdKVrcy05SiYJoaZQovxrxQGzJDg9OuWiM49gjBHW32lm +uK1C4o7B/sf65qZOCkZO2zagLCf8xxKEh/ftbdpnhBpLFbUqXT07Ve5rX26IUUT6 +C+N/dRIxXcmV0+iWOa/Isbo81oOebriHZl5659Fceae2wA8JoBaT7/m3rRSXOPyC +4hABWbX0eRg3fhiObubTfH74Q1oeLCEClBx8N4sutvoMA0S4Q2VuUvFaB6VyN5w5 +AgMBAAGjJDAiMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzANBgkq +hkiG9w0BAQsFAAOCAgEAirqIJj9KkT+uTgz4EphPZN2FbaxDcw0bxBrEX4t9E68K +seAHkKJd9GPNGkky8JLI1XwfZ4ZTlzapRfAzPrFDk7Gb43qZeuITvCNfPrPMJ7xw +JmvIw1ryMs9zV2WCNwVFT6EYeGQXW+F9/osP7oAIhFiGeOmDuy7qFkf7BGDCPAaS +PlMs+YjGPJTHCbtJKV3VFDhAquQYXS6pQat+v1Nbq+53ijow9H7x+GMBz8dtPI4u +AKjufH4V3XaxJwDUie73i8iavo9QBDA1HzYMhJ/bDymqyI3uxYkh4rsy9In/8V/z +aZ5pUXT8HW569uQLpjbb5EKaARwXC7d9GO2rTeSDngzlU8KjeLBeR0zHx+P1TsTP +R4SAvOSxzZGfYr04Qqwr7ivU92liJntoTcgyvvjELoXODvd4EaS2Sixb4s+eqrYI +8GPTR1HmvknKbhaNI9caERNsnnKLWtkKkhmPmNkLaX+WQIFgcD/BkeeIbLkYA2Xp +HCPrYuihUSN+7E80BUkbrSp+wohiieMr24LDE6H6BA/qp9Y8HwK7YsnePyaYxKL7 +CchxRmv5VmVo2bYKZvClVfB82n4yG43zR/YMVDTc5n0TqVq2/0AuOtnoiRfNUfzg +GIaNoMJ8I0NHpB0aL9cIB9UALPY4dsVo/5TqUPgSEXki9fn2A54A8N2A5nqp0uY= +-----END CERTIFICATE----- diff --git a/src/ipxe-netboot/codesigning_thomas_archlinux.pem b/src/ipxe-netboot/codesigning_thomas_archlinux.pem new file mode 100644 index 0000000..1d86a18 --- /dev/null +++ b/src/ipxe-netboot/codesigning_thomas_archlinux.pem @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFDzCCAvegAwIBAgIJAN4v13b770twMA0GCSqGSIb3DQEBCwUAMDQxITAfBgNV +BAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UEAwwGdGhvbWFzMB4X +DTE2MDIwMTIwMzczMloXDTI2MDEyOTIwMzczMlowNDEhMB8GA1UECgwYSW50ZXJu +ZXQgV2lkZ2l0cyBQdHkgTHRkMQ8wDQYDVQQDDAZ0aG9tYXMwggIiMA0GCSqGSIb3 +DQEBAQUAA4ICDwAwggIKAoICAQDE3PB51dG9qXSG7b/9gdoVyxIa/47hsaus8Ufv +8cZp452uKJVCZE9tne6oChC4Dflt1QnMITO7iQzb+rW2yLCOiqZJqRHuEuwqY3Tn +B7eQE0iE2C/FWujHrz0W2PV/xKq/HXcQVkVhdAi8eqEx9oDuV/OQgATOWWZcIqQe +xt1qdbaunU2H4imfJ/HZGBj9UTwUBM3cVf3YfLGka0AbRdWDiUpAZco9P7XOf1oR +sWwSB9JW097IO0FfLt5BgfuT2p9w8delWyLrwwzty9/z5LMMBi4u5MH2EOyTBwpQ +ez4miAYiG5KZcJ2RZWvWONy6fB5az8nancyQ1Vy3fsh0l24fyBg5iPNIiySABuZ2 +q2Bp500AZNsaHMC3rFlodpgAn65KtiwvC7Bp5cr+dFhytRC9sH6zNGqCCW7L3vQu +YzyoL6kdB8PquHHisApAV5j/Fa9texadwW0AhbPr678Dj14Wg750R6npfrhRSGv2 +w8xWn0ADX1xbD6rbtVYvZTVjVyuV/WkfcHysDr0SCksmahHLQWowA7mdH73STDjx +mAF2wHLMEx2H5k8rrjWbneTavP66EagUyFcteI1Qu+4Qev9L17Fst7gRfS/Tv4Zj +g8XtN4fFPkL82XYEyuGrhUx3lNwIAlUZfmldYvJfg9jdrqHJfvQfUJ6m5tBQLFZy +zxnfOwIDAQABoyQwIjALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwMw +DQYJKoZIhvcNAQELBQADggIBAFBdJgJNnUL2bBphqmKTlkhUTAA92SIJCpjMR7KJ +mpqNPmodLeDt/rIbVYOtFxXHHDpIwSDeoPegL80HrNacg8YmmPRws7FAFPev4oic +G8h1HfyfDaXBiLsXqDQ8mZkXgQhGtojXWsCe2t30IZ3nYhFZw7AzidiikXUVKFTR +tx8KPK0hqbRP41kqJsySG2xjx8ed0HB2xEWMJ3jQwDuLmC1rXrPu4HdHRfc3yjr+ +OJ/Oyxidmml6oUliQd8Zmdu/PD6yLvrDwBCpS24YZ2jSNWAA1jihBh8q0qcJcfQx +drz8fyOX5YuTb/IWPGZU655G252IX3Kb9d7PAH/7ybPAWnMnXag0F4Bt6jJfsloP +stib5kM87gyHNANu+iQPtNTaIhHvrfu1OxE0DTrSYXJw5cwM719FVkMCW6FX3Uhp +x18WsPaWLRKjA3gTDs5pa/0lFASmSpdurYfnat8xRvnyWEf+WVfdpZNVvAWpfCSR +Bjc3bZfY2KPNdcTkrxlPvHe4wQ2sBwUjBOak4Ugj+Qrni2XFp/LLd23xZmsQMLxc +xRD7FxZqNoiYP18PZxvfhxOH8O14tAYX6ysA/V2xhFSjulCISKtFe3POMC7/Us2u +9sSSjlyFapIqczGVJRDTznDiTW5Qc3luIw2pQXOfk7bks+t7PG48XCNzlfcqmIq4 +qq39 +-----END CERTIFICATE----- diff --git a/src/ipxe-netboot/dst_x1.pem b/src/ipxe-netboot/dst_x1.pem new file mode 100644 index 0000000..b2e43c9 --- /dev/null +++ b/src/ipxe-netboot/dst_x1.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/ +MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT +DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow +PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD +Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O +rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq +OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b +xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw +7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD +aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV +HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG +SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69 +ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr +AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz +R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5 +JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo +Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ +-----END CERTIFICATE----- diff --git a/src/ipxe-netboot/test-netboot b/src/ipxe-netboot/test-netboot new file mode 100755 index 0000000..40dc1ba --- /dev/null +++ b/src/ipxe-netboot/test-netboot @@ -0,0 +1,36 @@ +#!/bin/bash +set -euo pipefail + +OVMFDIR=/usr/share/ovmf +OVMF_CODE=${OVMFDIR}/x64/OVMF_CODE.fd +OVMF_VARS=${OVMFDIR}/x64/OVMF_VARS.fd +IPXE_IMAGE=/usr/share/ipxe-netboot/ipxe.efi + +if [[ ! -f ${OVMF_CODE} ]]; then + echo "ERROR: ${OVMF_CODE} is missing, install the ovmf package." >&2 + exit 1 +fi +if [[ ! -f ${OVMF_VARS} ]]; then + echo "ERROR: ${OVMF_VARS} is missing, install the ovmf package." >&2 + exit 1 +fi +if [[ ! -f ${IPXE_IMAGE} ]]; then + echo "ERROR: ${IPXE_IMAGE} is missing." >&2 + exit 1 +fi + +WORKDIR=$(mktemp -d --tmpdir netboot.XXXXXX) +cd "${WORKDIR}" + +cp "${OVMF_VARS}" efivars +mkdir -p ./fat/EFI/Boot/ +cp "${IPXE_IMAGE}" ./fat/EFI/Boot/bootx64.efi + +exec qemu-system-x86_64 \ + -enable-kvm \ + -device virtio-net-pci,netdev=n -netdev user,ipv4,id=n \ + -m 2G \ + -drive if=pflash,format=raw,readonly,file="${OVMF_CODE}" \ + -drive if=pflash,format=raw,file=efivars \ + -usb -usbdevice disk:format=raw:fat:./fat \ + "$@"