diff options
author | Ben Hutchings <ben@decadent.org.uk> | 2016-04-17 17:10:47 +0100 |
---|---|---|
committer | Ben Hutchings <ben@decadent.org.uk> | 2016-04-17 17:31:12 +0100 |
commit | b19d13e7049cc971aeaec30cb06740056407ddf6 (patch) | |
tree | c268a09a370294608f4740ae0da1ff46331c5961 | |
parent | 74597dd92db05a790ec3daac753a3c93801cd115 (diff) |
initramfs-tools: Install script to be invoked by linux-signed postinst
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
-rw-r--r-- | debian/TODO | 4 | ||||
-rwxr-xr-x | kernel/signed_postinst.d/initramfs-tools | 22 |
2 files changed, 26 insertions, 0 deletions
diff --git a/debian/TODO b/debian/TODO index 43b37ce..30c6041 100644 --- a/debian/TODO +++ b/debian/TODO @@ -11,3 +11,7 @@ TODO copy_exec, maybe use dracut copy logic. o root loop support. + + o Currently updating linux-image-foo and linux-image-foo-signed builds a + broken initramfs (without module signatures) and then a working one + (with signatures). This is both dangerous and a waste of time. diff --git a/kernel/signed_postinst.d/initramfs-tools b/kernel/signed_postinst.d/initramfs-tools new file mode 100755 index 0000000..856774a --- /dev/null +++ b/kernel/signed_postinst.d/initramfs-tools @@ -0,0 +1,22 @@ +#!/bin/sh -e + +version="$1" + +command -v update-initramfs >/dev/null 2>&1 || exit 0 + +# passing the kernel version is required +if [ -z "${version}" ]; then + echo >&2 "W: initramfs-tools: ${DPKG_MAINTSCRIPT_PACKAGE:-signed kernel package} did not pass a version number" + exit 2 +fi + +# avoid running multiple times +if [ -n "$DEB_MAINT_PARAMS" ]; then + eval set -- "$DEB_MAINT_PARAMS" + if [ -z "$1" ] || [ "$1" != "configure" ]; then + exit 0 + fi +fi + +# we're good - create initramfs. update runs do_bootloader +INITRAMFS_TOOLS_KERNEL_HOOK=1 update-initramfs -c -t -k "${version}" >&2 |