Added post transaction dom0 symlink creation; draft grub.cfg

README.md

@@ -0,0 +1,2 @@
+
+sudo qubes-dom0-update python3-dnf-plugin-post-transaction-actions

build.sh

@@ -1,4 +1,6 @@
-#!/bin/bash
+#!/usr/bin/env bash
+
+
 # use TERM to exit on error
 trap "exit 1" TERM
 export TOP_PID=$$
@@ -516,18 +518,10 @@ build_coreboot() {
 
     # calculate hash of BIOS region before injecting bootorder/serial
     ${IFDTOOL_CB} -x ${COREBOOT_IMAGE}
-    bios_sha=$(sha256sum flashregion_1_bios.bin | awk '{print $1}')
-    rm -f flashregion*.bin
 
     # set serial
     set_serial_number ${COREBOOT_IMAGE}
 
-    #set boot delay
-    # add an 8s boot delay for the Librem Mini so splash screen
-    # actually shown on displays with sluggish init
-    if [[ ${LIBREM_MODEL^^} == "MINI"* ]]; then
-        ${CBFSTOOL_CB} ${COREBOOT_IMAGE} add-int -i 8000 -n etc/boot-menu-wait >/dev/null
-    fi
     # print CBFS contents
     ${CBFSTOOL_CB} ${COREBOOT_IMAGE} print
 
@@ -535,56 +529,41 @@ build_coreboot() {
     echo ""
     echo "Finished building coreboot for Librem ${LIBREM_MODEL^}"
     echo ""
-    COREBOOT_BIOS_SHA="COREBOOT_BIOS_SHA_${LIBREM_MODEL^^}"
-    COREBOOT_BIOS_SHA=${!COREBOOT_BIOS_SHA}
-    if [ "${bios_sha}" != "${COREBOOT_BIOS_SHA}" ]; then
-        echo "WARNING: Built coreboot image hash does not match expected reproducible build hash"
-        echo "Built: ${bios_sha}"
-        echo "Expected: ${COREBOOT_BIOS_SHA}"
-    else
-        echo "Built coreboot image hash matches expected reproducible build hash"
-    fi
+
 
     # prompt to flash 
     echo ""
-    if [ ${CURRENT_FW_TYPE} != "HEADS" ]; then
-        flash=0
-        while [ "$flash" != "y" ] && [ "$flash" != "n" ]; do
-            read -r -p "Do you want to flash the coreboot update now (y/N) ?  " flash
-            if [ "$flash" = "" ] || [ "$flash" == "N" ]; then
-                flash="n"
-            fi
-            if [ "$flash" == "Y" ]; then
-                flash="y"
-            fi
-        done
-        if [ "$flash" == "y" ]; then
-            # check for / get flashrom
-            get_flashrom
+    flash=0
+    while [ "$flash" != "y" ] && [ "$flash" != "n" ]; do
+        read -r -p "Do you want to flash the coreboot update now (y/N) ?  " flash
+        if [ "$flash" = "" ] || [ "$flash" == "N" ]; then
+            flash="n"
+        fi
+        if [ "$flash" == "Y" ]; then
+            flash="y"
+        fi
+    done
+    if [ "$flash" == "y" ]; then
+        # check for / get flashrom
+        get_flashrom
+        echo ""
+        echo "coreboot flashing in progress. Do NOT interrupt this process."
+        echo ""
+        flash_firmware_internal ${COREBOOT_IMAGE}
+        if [ $? -eq 0 ]; then 
             echo ""
-            echo "coreboot flashing in progress. Do NOT interrupt this process."
+            echo "You must reboot for the coreboot update to take effect."
             echo ""
-            flash_firmware_internal ${COREBOOT_IMAGE}
-            if [ $? -eq 0 ]; then 
-                echo ""
-                echo "You must reboot for the coreboot update to take effect."
-                echo ""
-                read -r -p "Reboot now? (y/N) ?  " rb
-                if [ "$rb" = "Y" ] || [ "$rb" == "y" ]; then
-                    cleanup
-                    reboot
-                fi
+            read -r -p "Reboot now? (y/N) ?  " rb
+            if [ "$rb" = "Y" ] || [ "$rb" == "y" ]; then
+                cleanup
+                reboot
             fi
-        else
-            echo ""
         fi
     else
-        echo "You may now copy the coreboot update file ($COREBOOT_IMAGE) to USB for updating via Heads."
         echo ""
-        read -ep "Press [Enter] to exit."
-        cleanup
-        exit 0
     fi
+
 }
 
 check_dependencies() {

resources/00-kernel-xen-symlink.conf

@@ -0,0 +1,3 @@
+kernel:upgraded:/usr/bin/ln -sfn /boot/initramfs-${ver}-${rel}.fc32.qubes.${arch}
+kernel:upgraded:/usr/bin/ln -sfn /boot/vmlinuz-${ver}-${rel}.fc32.qubes.${arch}
+xen-hypervisor:upgraded:/usr/bin/ln -sfn /boot/xen-${ver}.gz /boot/xen-latest.gz 

resources/grub.cfg

@@ -0,0 +1,144 @@
+set prefix=(memdisk)/boot/grub
+
+insmod nativedisk
+insmod usb
+insmod usbms
+insmod part_msdos
+insmod ext2
+insmod lvm
+insmod gcry_rijndael
+insmod gcry_sha256
+insmod luks
+insmod cryptodisk
+insmod gfxmenu
+insmod gfxterm_menu
+insmod gfxterm_background
+insmod chain
+insmod jpeg
+
+terminal_input --append at_keyboard
+terminal_output --append cbmemc
+
+gfxpayload=keep
+terminal_output --append gfxterm
+
+set menu_color_normal=white/black
+set menu_color_highlight=white/cyan
+
+# Default to first option, automatically boot after 1 second
+set default="0>0"
+set timeout=1
+
+# This is useful when using 'cat' on long files on GRUB terminal
+set pager=1
+
+# Set a background image from CBFS
+background_image (cbfsdisk)/background.jpg
+
+# Set DejaVu Sans Mono as the default font
+loadfont (cbfsdisk)/dejavusansmono.pf2
+
+# Default keymap
+keymap usqwerty
+
+# Users
+set superusers="admin"
+password_pbkdf2 admin #password_placeholder#
+export superusers
+
+function try_user_config {
+    set root="${1}"
+    for dir in boot grub grub2 boot/grub boot/grub2; do
+        for name in '' autoboot_ libreboot_ coreboot_; do
+            if [ -f /"${dir}"/"${name}"grub.cfg ]; then
+                unset superusers
+                configfile /"${dir}"/"${name}"grub.cfg
+            fi
+        done
+    done
+}
+
+function search_grub {
+    for i in 0 1; do
+        # raw devices
+        try_user_config "(${1}${i})"
+        for part in 1 2 3 4 5; do
+            # MBR/GPT partitions
+            try_user_config "(${1}${i},${part})"
+        done
+    done
+}
+
+function try_isolinux_config {
+    set root="${1}"
+    for dir in '' /boot; do
+        if [ -f "${dir}"/isolinux/isolinux.cfg ]; then
+            syslinux_configfile -i "${dir}"/isolinux/isolinux.cfg
+        elif [ -f "${dir}"/syslinux/syslinux.cfg ]; then
+            syslinux_configfile -s "${dir}"/syslinux/syslinux.cfg
+        fi
+    done
+}
+
+function search_isolinux {
+    for i in 0 1; do
+        # raw devices
+        try_isolinux_config "(${1}${i})"
+        for part in 1 2 3 4 5; do
+            # MBR/GPT partitions
+            try_isolinux_config "(${1}${i},${part})"
+        done
+    done
+}
+
+menuentry 'Qubes, with Xen hypervisor' --class qubes --class gnu-linux --class gnu --class os --class xen $menuentry_id_option 'xen-gnulinux-simple-/dev/mapper/qubes_dom0-root' {
+    insmod part_msdos
+    insmod ext2
+    cryptomount -a
+    set root='lvm/qubes_dom0-boot'
+    set root='hd0,msdos1'
+    if [ x$feature_platform_search_hint = xy ]; then
+      search --no-floppy --fs-uuid --set=root --hint-bios=hd0,msdos1 --hint-efi=hd0,msdos1 --hint-baremetal=ahci0,msdos1 --hint='hd0,msdos1'  2c68125e-e8df-4d9f-b67f-74c44a6e9873
+    else
+      search --no-floppy --fs-uuid --set=root 2c68125e-e8df-4d9f-b67f-74c44a6e9873
+    fi
+    echo    'Loading Xen..'
+        if [ "$grub_platform" = "pc" -o "$grub_platform" = "" ]; then
+            xen_rm_opts=
+        else
+            xen_rm_opts="no-real-mode edd=off"
+        fi
+    multiboot2  /xen-latest placeholder  console=none dom0_mem=min:1024M dom0_mem=max:4096M ucode=scan smt=off gnttab_max_frames=2048 gnttab_max_maptrack_frames=4096 ${xen_rm_opts}
+    echo    'Loading Linux...'
+    module2 /vmlinuz-latest placeholder root=/dev/mapper/qubes_dom0-root ro rd.luks.uuid=luks-f8d0a06a-fb7a-411a-a662-4f7a6bf4931c rd.lvm.lv=qubes_dom0/root rd.lvm.lv=qubes_dom0/swap plymouth.ignore-serial-consoles i915.alpha_support=1 rd.driver.pre=btrfs rhgb quiet rd.qubes.hide_all_usb 
+    echo    'Loading initial ramdisk...'
+    module2 --nounzip   /initramfs-latest
+}
+
+submenu 'Search for systems on external media' {
+    menuentry 'Search ISOLINUX menu (USB)' {
+        search_isolinux usb
+    }
+    menuentry 'Search ISOLINUX menu (AHCI)' {
+        search_isolinux ahci
+    }
+    menuentry 'Search for GRUB2 configuration on external media' {
+        search_grub usb
+    }
+    menuentry 'Load test configuration (grubtest.cfg) inside of CBFS' {
+        set root='(cbfsdisk)'
+        configfile /grubtest.cfg
+    }
+    menuentry 'Chainload bootloader on external media' {
+        set root='(usb0)'
+        chainloader +1
+    }
+}
+
+menuentry 'Reboot  [r]' --hotkey='r' {
+    reboot
+}
+
+menuentry 'Poweroff  [p]' --hotkey='p' {
+    halt
+}