8d90cc08f1
See: https://github.com/coreos/bootupd/issues/694 See: https://github.com/fedora-selinux/selinux-policy/issues/2334 See: https://github.com/fedora-selinux/selinux-policy/issues/2341 See: https://github.com/fedora-selinux/selinux-policy/issues/2362
35 lines
1.1 KiB
YAML
35 lines
1.1 KiB
YAML
# KEEP THIS IN SYNC WITH https://github.com/coreos/fedora-coreos-config/blob/testing-devel/manifests/bootupd.yaml
|
|
# Integration with https://github.com/coreos/bootupd
|
|
# xref https://github.com/coreos/fedora-coreos-tracker/issues/510
|
|
packages:
|
|
- bootupd
|
|
|
|
postprocess:
|
|
- |
|
|
#!/bin/bash
|
|
set -xeuo pipefail
|
|
|
|
# Transforms /usr/lib/ostree-boot into a bootupd-compatible update payload
|
|
/usr/bin/bootupctl backend generate-update-metadata
|
|
|
|
# Trigger a bootloader update on boot
|
|
cat > /usr/lib/systemd/system/bootloader-update.service << 'EOF'
|
|
[Unit]
|
|
Description=Update bootloader on boot
|
|
Documentation=https://github.com/coreos/bootupd
|
|
ConditionFirmware=uefi
|
|
|
|
[Service]
|
|
Type=oneshot
|
|
ExecStart=/usr/bin/bootupctl update
|
|
RemainAfterExit=yes
|
|
MountFlags=slave
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
EOF
|
|
chmod 644 /usr/lib/systemd/system/bootloader-update.service
|
|
echo "enable bootloader-update.service" > /usr/lib/systemd/system-preset/81-atomic-desktop.preset
|
|
|
|
# Turn permissive mode on for bootupd until all SELinux issues are fixed
|
|
semanage permissive --noreload --add bootupd_t
|