initramfs-tools: Install script to be invoked by linux-signed postinst

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
author: Ben Hutchings <ben@decadent.org.uk> 2016-04-17 17:10:47 +0100
committer: Ben Hutchings <ben@decadent.org.uk> 2016-04-17 17:31:12 +0100
commit: b19d13e7049cc971aeaec30cb06740056407ddf6 (patch)
tree: c268a09a370294608f4740ae0da1ff46331c5961
parent: 74597dd92db05a790ec3daac753a3c93801cd115 (diff)
2 files changed, 26 insertions, 0 deletions
diff --git a/debian/TODO b/debian/TODO
index 43b37ce..30c6041 100644
--- a/debian/TODO
+++ b/debian/TODO
@@ -11,3 +11,7 @@ TODO
    copy_exec, maybe use dracut copy logic.
 
  o root loop support.
+
+ o Currently updating linux-image-foo and linux-image-foo-signed builds a
+   broken initramfs (without module signatures) and then a working one
+   (with signatures).  This is both dangerous and a waste of time.
diff --git a/kernel/signed_postinst.d/initramfs-tools b/kernel/signed_postinst.d/initramfs-tools
new file mode 100755
index 0000000..856774a
--- /dev/null
+++ b/kernel/signed_postinst.d/initramfs-tools
@@ -0,0 +1,22 @@
+#!/bin/sh -e
+
+version="$1"
+
+command -v update-initramfs >/dev/null 2>&1 || exit 0
+
+# passing the kernel version is required
+if [ -z "${version}" ]; then
+	echo >&2 "W: initramfs-tools: ${DPKG_MAINTSCRIPT_PACKAGE:-signed kernel package} did not pass a version number"
+	exit 2
+fi
+
+# avoid running multiple times
+if [ -n "$DEB_MAINT_PARAMS" ]; then
+	eval set -- "$DEB_MAINT_PARAMS"
+	if [ -z "$1" ] || [ "$1" != "configure" ]; then
+		exit 0
+	fi
+fi
+
+# we're good - create initramfs.  update runs do_bootloader
+INITRAMFS_TOOLS_KERNEL_HOOK=1 update-initramfs -c -t -k "${version}" >&2
author	Ben Hutchings <ben@decadent.org.uk>	2016-04-17 17:10:47 +0100
committer	Ben Hutchings <ben@decadent.org.uk>	2016-04-17 17:31:12 +0100
commit	b19d13e7049cc971aeaec30cb06740056407ddf6 (patch)
tree	c268a09a370294608f4740ae0da1ff46331c5961
parent	74597dd92db05a790ec3daac753a3c93801cd115 (diff)