systemd · DaanDeMeyer · Oct 7, 2024 · Oct 6, 2024
diff --git a/mkosi/__init__.py b/mkosi/__init__.py
@@ -70,7 +70,6 @@
  format_bytes,
  parse_boolean,
  parse_config,
- parse_ini,
  summary,
  systemd_tool_version,
  want_selinux_relabel,
@@ -1487,7 +1486,7 @@ def run_ukify(
  stub: Path,
  output: Path,
  *,
- cmdline: str = "",
+ cmdline: Sequence[str] = (),
  arguments: Sequence[PathString] = (),
  options: Sequence[PathString] = (),
  sign: bool = True,
@@ -1499,11 +1498,9 @@ def run_ukify(
  if not (arch := context.config.architecture.to_efi()):
  die(f"Architecture {context.config.architecture} does not support UEFI")
 
- cmdline = cmdline.strip()
-
  # Older versions of systemd-stub expect the cmdline section to be null terminated. We can't
  # embed NUL terminators in argv so let's communicate the cmdline via a file instead.
- (context.workspace / "cmdline").write_text(f"{cmdline}\x00")
+ (context.workspace / "cmdline").write_text(f"{' '.join(cmdline)}\x00")
 
  cmd = [
  python_binary(context.config, binary=ukify),
@@ -1645,7 +1642,7 @@ def build_uki(
  options += ["--ro-bind", initrd, workdir(initrd)]
 
  with complete_step(f"Generating unified kernel image for kernel version {kver}"):
- run_ukify(context, stub, output, cmdline=" ".join(cmdline), arguments=arguments, options=options)
+ run_ukify(context, stub, output, cmdline=cmdline, arguments=arguments, options=options)
 
 
 def systemd_stub_binary(context: Context) -> Path:
@@ -1977,15 +1974,14 @@ def install_pe_addons(context: Context) -> None:
  addon_dir.mkdir(parents=True, exist_ok=True)
 
  for addon in context.config.pe_addons:
- output = addon_dir / addon.with_suffix(".addon.efi").name
+ output = addon_dir / f"{addon.output}.addon.efi"
 
  with complete_step(f"Generating PE addon /{output.relative_to(context.root)}"):
  run_ukify(
  context,
  stub,
  output,
- arguments=["--config", workdir(addon)],
- options=["--ro-bind", addon, workdir(addon)],
+ cmdline=addon.cmdline,
  )
 
 
@@ -2008,25 +2004,23 @@ def build_uki_profiles(context: Context, cmdline: Sequence[str]) -> list[Path]:
  profiles = []
 
  for profile in context.config.unified_kernel_image_profiles:
- output = context.workspace / "uki-profiles" / profile.with_suffix(".efi").name
-
- # We want to append the cmdline from the ukify config file to the base kernel command line so parse
- # it from the ukify config file and append it to our own kernel command line.
+ id = profile.profile["ID"]
+ output = context.workspace / f"uki-profiles/{id}.efi"
 
- profile_cmdline = ""
+ profile_section = context.workspace / f"uki-profiles/{id}.profile"
 
- for section, k, v in parse_ini(profile):
- if section == "UKI" and k == "Cmdline":
- profile_cmdline = v.replace("\n", " ")
+ with profile_section.open("w") as f:
+ for k, v in profile.profile.items():
+ f.write(f"{k}={v}\n")
 
- with complete_step(f"Generating UKI profile '{profile.stem}'"):
+ with complete_step(f"Generating UKI profile '{id}'"):
  run_ukify(
  context,
  stub,
  output,
- cmdline=f"{' '.join(cmdline)} {profile_cmdline}",
- arguments=["--config", workdir(profile)],
- options=["--ro-bind", profile, workdir(profile)],
+ cmdline=[*cmdline, *profile.cmdline],
+ arguments=["--profile", f"@{profile_section}"],
+ options=["--ro-bind", profile_section, profile_section],
  sign=False,
  )
 
@@ -2410,6 +2404,20 @@ def check_inputs(config: Config) -> None:
  if config.secure_boot_key_source != config.sign_expected_pcr_key_source:
  die("Secure boot key source and expected PCR signatures key source have to be the same")
 
+ for addon in config.pe_addons:
+ if not addon.output:
+ die(
+ "PE addon configured without output filename",
+ hint="Use Output= to configure the output filename",
+ )
+
+ for profile in config.unified_kernel_image_profiles:
+ if "ID" not in profile.profile:
+ die(
+ "UKI Profile is missing ID key in its .profile section",
+ hint="Use Profile= to configure the profile ID",
+ )
+
 
 def check_tool(config: Config, *tools: PathString, reason: str, hint: Optional[str] = None) -> Path:
  tool = config.find_binary(*tools)

diff --git a/mkosi/config.py b/mkosi/config.py
@@ -887,8 +887,8 @@ def config_match_enum(match: str, value: StrEnum) -> bool:
 
 
 def config_make_list_parser(
- delimiter: str,
  *,
+ delimiter: Optional[str] = None,
  parse: Callable[[str], Any] = str,
  unescape: bool = False,
  reset: bool = True,
@@ -904,13 +904,15 @@ def config_parse_list(value: Optional[str], old: Optional[list[Any]]) -> Optiona
  if unescape:
  lex = shlex.shlex(value, posix=True)
  lex.whitespace_split = True
- lex.whitespace = f"\n{delimiter}"
+ lex.whitespace = f"\n{delimiter or ''}"
  lex.commenters = ""
  values = list(lex)
  if reset and not values:
  return None
  else:
- values = value.replace(delimiter, "\n").split("\n")
+ if delimiter:
+ value = value.replace(delimiter, "\n")
+ values = value.split("\n")
  if reset and len(values) == 1 and values[0] == "":
  return None
 
@@ -947,8 +949,8 @@ def config_match_version(match: str, value: str) -> bool:
 
 
 def config_make_dict_parser(
- delimiter: str,
  *,
+ delimiter: Optional[str] = None,
  parse: Callable[[str], tuple[str, Any]],
  unescape: bool = False,
  allow_paths: bool = False,
@@ -985,13 +987,15 @@ def config_parse_dict(value: Optional[str], old: Optional[dict[str, Any]]) -> Op
  if unescape:
  lex = shlex.shlex(value, posix=True)
  lex.whitespace_split = True
- lex.whitespace = f"\n{delimiter}"
+ lex.whitespace = f"\n{delimiter or ''}"
  lex.commenters = ""
  values = list(lex)
  if reset and not values:
  return None
  else:
- values = value.replace(delimiter, "\n").split("\n")
+ if delimiter:
+ value = value.replace(delimiter, "\n")
+ values = value.split("\n")
  if reset and len(values) == 1 and values[0] == "":
  return None
 
@@ -1007,7 +1011,7 @@ def parse_environment(value: str) -> tuple[str, str]:
  return (key, value)
 
 
-def parse_credential(value: str) -> tuple[str, str]:
+def parse_key_value(value: str) -> tuple[str, str]:
  key, _, value = value.partition("=")
  key, value = key.strip(), value.strip()
  return (key, value)
@@ -1512,6 +1516,45 @@ def key_transformer(k: str) -> str:
 )
 
 
+@dataclasses.dataclass(frozen=True)
+class PEAddon:
+ output: str
+ cmdline: list[str]
+
+
+@dataclasses.dataclass(frozen=True)
+class UKIProfile:
+ profile: dict[str, str]
+ cmdline: list[str]
+
+
+def make_simple_config_parser(settings: Sequence[ConfigSetting], type: type[Any]) -> Callable[[str], Any]:
+ lookup = {s.name: s for s in settings}
+
+ def parse_simple_config(value: str) -> Any:
+ path = parse_path(value)
+ config = argparse.Namespace()
+
+ for section, name, value in parse_ini(path, only_sections=[s.section for s in settings]):
+ if not name and not value:
+ continue
+
+ if not (s := lookup.get(name)):
+ die(f"Unknown setting {name}")
+
+ if section != s.section:
+ logging.warning(f"Setting {name} should be configured in [{s.section}], not [{section}].")
+
+ if name != s.name:
+ logging.warning(f"Setting {name} is deprecated, please use {s.name} instead.")
+
+ setattr(config, s.dest, s.parse(value, getattr(config, s.dest, None)))
+
+ return type(**{k: v for k, v in vars(config).items() if k in inspect.signature(type).parameters})
+
+ return parse_simple_config
+
+
 @dataclasses.dataclass(frozen=True)
 class Config:
  """Type-hinted storage for command line arguments.
@@ -1584,7 +1627,7 @@ class Config:
  shim_bootloader: ShimBootloader
  unified_kernel_images: ConfigFeature
  unified_kernel_image_format: str
- unified_kernel_image_profiles: list[Path]
+ unified_kernel_image_profiles: list[UKIProfile]
  initrds: list[Path]
  initrd_packages: list[str]
  initrd_volatile_packages: list[str]
@@ -1593,7 +1636,7 @@ class Config:
  kernel_modules_include: list[str]
  kernel_modules_exclude: list[str]
  kernel_modules_include_host: bool
- pe_addons: list[Path]
+ pe_addons: list[PEAddon]
 
  kernel_modules_initrd: bool
  kernel_modules_initrd_include: list[str]
@@ -1981,6 +2024,35 @@ def parse_ini(path: Path, only_sections: Collection[str] = ()) -> Iterator[tuple
  yield section, "", ""
 
 
+PE_ADDON_SETTINGS = (
+ ConfigSetting(
+ dest="output",
+ section="PEAddon",
+ parse=config_make_filename_parser("Output= requires a filename with no path components."),
+ default="",
+ ),
+ ConfigSetting(
+ dest="cmdline",
+ section="PEAddon",
+ parse=config_make_list_parser(delimiter=" "),
+ ),
+)
+
+
+UKI_PROFILE_SETTINGS = (
+ ConfigSetting(
+ dest="profile",
+ section="UKIProfile",
+ parse=config_make_dict_parser(parse=parse_key_value),
+ ),
+ ConfigSetting(
+ dest="cmdline",
+ section="UKIProfile",
+ parse=config_make_list_parser(delimiter=" "),
+ ),
+)
+
+
 SETTINGS = (
  # Include section
  ConfigSetting(
@@ -2501,7 +2573,10 @@ def parse_ini(path: Path, only_sections: Collection[str] = ()) -> Iterator[tuple
  long="--uki-profile",
  metavar="PATH",
  section="Content",
- parse=config_make_list_parser(delimiter=",", parse=make_path_parser()),
+ parse=config_make_list_parser(
+ delimiter=",",
+ parse=make_simple_config_parser(UKI_PROFILE_SETTINGS, UKIProfile),
+ ),
  recursive_paths=("mkosi.uki-profiles/",),
  help="Configuration files to generate UKI profiles",
  ),
@@ -2571,7 +2646,10 @@ def parse_ini(path: Path, only_sections: Collection[str] = ()) -> Iterator[tuple
  long="--pe-addon",
  metavar="PATH",
  section="Content",
- parse=config_make_list_parser(delimiter=",", parse=make_path_parser()),
+ parse=config_make_list_parser(
+ delimiter=",",
+ parse=make_simple_config_parser(PE_ADDON_SETTINGS, PEAddon),
+ ),
  recursive_paths=("mkosi.pe-addons/",),
  help="Configuration files to generate PE addons",
  ),
@@ -3153,9 +3231,7 @@ def parse_ini(path: Path, only_sections: Collection[str] = ()) -> Iterator[tuple
  long="--credential",
  metavar="NAME=VALUE",
  section="Host",
- parse=config_make_dict_parser(
- delimiter=" ", parse=parse_credential, allow_paths=True, unescape=True
- ),
+ parse=config_make_dict_parser(delimiter=" ", parse=parse_key_value, allow_paths=True, unescape=True),
  help="Pass a systemd credential to systemd-nspawn or qemu",
  paths=("mkosi.credentials",),
  ),
@@ -4657,6 +4733,15 @@ def key_source_transformer(keysource: dict[str, Any], fieldtype: type[KeySource]
  assert "Type" in keysource
  return KeySource(type=KeySourceType(keysource["Type"]), source=keysource.get("Source", ""))
 
+ def pe_addon_transformer(addons: list[dict[str, Any]], fieldtype: type[PEAddon]) -> list[PEAddon]:
+ return [PEAddon(output=addon["Output"], cmdline=addon["Cmdline"]) for addon in addons]
+
+ def uki_profile_transformer(
+ profiles: list[dict[str, Any]],
+ fieldtype: type[UKIProfile],
+ ) -> list[UKIProfile]:
+ return [UKIProfile(profile=profile["Profile"], cmdline=profile["Cmdline"]) for profile in profiles]
+
  # The type of this should be
  # dict[
  # type,
@@ -4696,6 +4781,8 @@ def key_source_transformer(keysource: dict[str, Any], fieldtype: type[KeySource]
  Network: enum_transformer,
  KeySource: key_source_transformer,
  Vmm: enum_transformer,
+ list[PEAddon]: pe_addon_transformer,
+ list[UKIProfile]: uki_profile_transformer,
  }
 
  def json_transformer(key: str, val: Any) -> Any: