From fc53809803cd2bc2434e312b19a18fa36776da12 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Wed, 12 Jun 2024 05:50:40 +0200
Subject: Adding upstream version 256.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 mkosi.images/system/mkosi.conf.d/20-particle/mkosi.conf   | 15 +++++++++++++++
 .../20-particle/mkosi.extra/usr/lib/repart.d/15-swap.conf |  6 ++++++
 .../20-particle/mkosi.extra/usr/lib/repart.d/20-root.conf |  6 ++++++
 .../mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf          |  3 +++
 .../system/mkosi.conf.d/20-particle/mkosi.finalize        |  6 ++++++
 .../system/mkosi.conf.d/20-particle/mkosi.postinst.chroot | 12 ++++++++++++
 .../mkosi.conf.d/20-particle/mkosi.repart/00-esp.conf     |  9 +++++++++
 .../mkosi.conf.d/20-particle/mkosi.repart/10-usr.conf     |  9 +++++++++
 .../20-particle/mkosi.repart/11-usr-verity.conf           |  7 +++++++
 .../20-particle/mkosi.repart/12-usr-verity-sig.conf       |  6 ++++++
 10 files changed, 79 insertions(+)
 create mode 100644 mkosi.images/system/mkosi.conf.d/20-particle/mkosi.conf
 create mode 100644 mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/15-swap.conf
 create mode 100644 mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/20-root.conf
 create mode 100644 mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf
 create mode 100755 mkosi.images/system/mkosi.conf.d/20-particle/mkosi.finalize
 create mode 100755 mkosi.images/system/mkosi.conf.d/20-particle/mkosi.postinst.chroot
 create mode 100644 mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/00-esp.conf
 create mode 100644 mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/10-usr.conf
 create mode 100644 mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/11-usr-verity.conf
 create mode 100644 mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/12-usr-verity-sig.conf

(limited to 'mkosi.images/system/mkosi.conf.d/20-particle')

diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.conf b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.conf
new file mode 100644
index 0000000..8c1920b
--- /dev/null
+++ b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.conf
@@ -0,0 +1,15 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Match]
+Profile=particle
+
+[Output]
+RepartDirectories=
+RepartDirectories=mkosi.repart
+
+[Validation]
+@SecureBoot=yes
+@SignExpectedPcr=yes
+
+[Host]
+@RuntimeSize=8G
diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/15-swap.conf b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/15-swap.conf
new file mode 100644
index 0000000..3755278
--- /dev/null
+++ b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/15-swap.conf
@@ -0,0 +1,6 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Partition]
+Type=swap
+SizeMinBytes=100M
+SizeMaxBytes=100M
diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/20-root.conf b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/20-root.conf
new file mode 100644
index 0000000..2f92af2
--- /dev/null
+++ b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/repart.d/20-root.conf
@@ -0,0 +1,6 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Partition]
+Type=root
+Format=btrfs
+SizeMinBytes=1G
diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf
new file mode 100644
index 0000000..dac79ba
--- /dev/null
+++ b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.extra/usr/lib/tmpfiles.d/99-mkosi.conf
@@ -0,0 +1,3 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+C+! /etc - - - - /usr/share/factory/mkosi
diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.finalize b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.finalize
new file mode 100755
index 0000000..69f9554
--- /dev/null
+++ b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.finalize
@@ -0,0 +1,6 @@
+#!/bin/bash
+# SPDX-License-Identifier: LGPL-2.1-or-later
+set -e
+
+mkdir -p "$BUILDROOT"/usr/share/factory/mkosi
+cp --archive --recursive --no-target-directory --reflink=auto "$BUILDROOT"/etc "$BUILDROOT"/usr/share/factory/mkosi
diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.postinst.chroot b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.postinst.chroot
new file mode 100755
index 0000000..95e0552
--- /dev/null
+++ b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.postinst.chroot
@@ -0,0 +1,12 @@
+#!/bin/bash
+# SPDX-License-Identifier: LGPL-2.1-or-later
+set -e
+
+# sbsign is not available on CentOS Stream
+if command -v sbsign &>/dev/null; then
+    # Ensure that side-loaded PE addons are loaded if signed, and ignored if not
+    addons_dir=/efi/loader/addons
+    mkdir -p "$addons_dir"
+    ukify build --secureboot-private-key mkosi.key --secureboot-certificate mkosi.crt --cmdline this_should_be_here -o "$addons_dir/good.addon.efi"
+    ukify build --cmdline this_should_not_be_here -o "$addons_dir/bad.addon.efi"
+fi
diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/00-esp.conf b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/00-esp.conf
new file mode 100644
index 0000000..391543d
--- /dev/null
+++ b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/00-esp.conf
@@ -0,0 +1,9 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Partition]
+Type=esp
+Format=vfat
+CopyFiles=/boot:/
+CopyFiles=/efi:/
+SizeMinBytes=1G
+SizeMaxBytes=1G
diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/10-usr.conf b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/10-usr.conf
new file mode 100644
index 0000000..343761d
--- /dev/null
+++ b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/10-usr.conf
@@ -0,0 +1,9 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Partition]
+Type=usr
+Format=erofs
+CopyFiles=/usr:/
+Verity=data
+VerityMatchKey=usr
+Minimize=yes
diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/11-usr-verity.conf b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/11-usr-verity.conf
new file mode 100644
index 0000000..b4d45dd
--- /dev/null
+++ b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/11-usr-verity.conf
@@ -0,0 +1,7 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Partition]
+Type=usr-verity
+Verity=hash
+VerityMatchKey=usr
+Minimize=yes
diff --git a/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/12-usr-verity-sig.conf b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/12-usr-verity-sig.conf
new file mode 100644
index 0000000..1841d0a
--- /dev/null
+++ b/mkosi.images/system/mkosi.conf.d/20-particle/mkosi.repart/12-usr-verity-sig.conf
@@ -0,0 +1,6 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Partition]
+Type=usr-verity-sig
+Verity=signature
+VerityMatchKey=usr
-- 
cgit v1.2.3