Merge pull request #2778 from OSInside/efifatfileimage-filter

Add support for filtering out files from the ESP image for GRUB

Author: Conan-Kudo

build-tests/x86/fedora/test-image-live-disk/appliance.kiwi

@@ -61,6 +61,8 @@
         <source path="obsrepositories:/"/>
     </repository>
     <packages type="image">
+        <!-- Filter out unwanted EFI files from the embedded ESP -->
+        <file name="iso-esp-excludes.yaml" target="image/exclude_files_efifatimage.yaml"/>
         <package name="grub2"/>
         <package name="grubby"/>
         <package name="kernel"/>

build-tests/x86/fedora/test-image-live-disk/iso-esp-excludes.yaml

@@ -0,0 +1,3 @@
+exclude:
+- BOOT/fb*.efi
+- fedora

kiwi/bootloader/config/grub2.py

@@ -35,6 +35,7 @@
 from kiwi.system.identifier import SystemIdentifier
 from kiwi.utils.sync import DataSync
 from kiwi.utils.sysconfig import SysConfig
+from kiwi.utils.temporary import Temporary
 
 from kiwi.exceptions import (
     KiwiTemplateError,
@@ -1032,6 +1033,12 @@ def _create_embedded_fat_efi_image(self, path):
             self.xml_state.build_type
                 .get_efifatimagesize() or defaults.EFI_FAT_IMAGE_SIZE
         )
+        efi_folder = Temporary(prefix='efi_folder').new_dir()
+        efi_data = DataSync(self.boot_dir + '/EFI/', efi_folder.name)
+        efi_data.sync_data(
+            options=Defaults.get_sync_options(),
+            exclude=Defaults.get_exclude_list_from_custom_exclude_files_for_efifatimage(self.root_dir)
+        )
         Command.run(
             ['qemu-img', 'create', path, f'{fat_image_mbsize}M']
         )
@@ -1041,7 +1048,7 @@ def _create_embedded_fat_efi_image(self, path):
         Command.run(
             [
                 'mcopy', '-Do', '-s', '-i', path,
-                self.boot_dir + '/EFI', '::'
+                efi_folder.name, '::EFI'
             ]
         )
 

kiwi/defaults.py

@@ -443,19 +443,30 @@ def get_runtime_checker_metadata() -> Dict:
             return yaml.safe_load(meta)
 
     @staticmethod
-    def get_exclude_list_from_custom_exclude_files(root_dir: str) -> List:
+    def _parse_exclude_file(root_dir: str, exclude_filename: str) -> List:
         """
-        Provides the list of folders that are excluded by the
-        optional metadata file image/exclude_files.yaml
+        Retrieves an exclusion list from the provided metadata file
 
-        :return: list of file and directory names
+        The file should contain a YAML dictionary with a top-level key
+        named 'exclude' and the list of exclusions as its value.
+
+        The list of exclusions may include:
+            * file paths
+            * folder paths
+            * glob patterns
+
+        Paths and patterns should be relative to the filesystem or
+        directory that they're being excluded from.
+
+        :return: list of paths and glob patterns
 
         :param string root_dir: image root directory
+        :param string exclude_filename: file exclusion YAML metadata file
 
         :rtype: list
         """
         exclude_file = os.sep.join(
-            [root_dir, 'image', 'exclude_files.yaml']
+            [root_dir, 'image', exclude_filename]
         )
         exclude_list = []
         if os.path.isfile(exclude_file):
@@ -473,6 +484,36 @@ def get_exclude_list_from_custom_exclude_files(root_dir: str) -> List:
                     )
         return exclude_list
 
+    @staticmethod
+    def get_exclude_list_from_custom_exclude_files(root_dir: str) -> List:
+        """
+        Gets the list of excluded items for the root filesystem from
+        the optional metadata file image/exclude_files.yaml
+
+        :return: list of paths and glob patterns
+
+        :param string root_dir: image root directory
+
+        :rtype: list
+        """
+        return Defaults._parse_exclude_file(root_dir, 'exclude_files.yaml')
+
+    @staticmethod
+    def get_exclude_list_from_custom_exclude_files_for_efifatimage(root_dir: str) -> List:
+        """
+        Gets the list of excluded items for the ESP's EFI folder from
+        the optional metadata file image/exclude_files_efifatimage.yaml
+
+        Excluded items must be relative to the ESP's /EFI directory.
+
+        :return: list of paths and glob patterns
+
+        :param string root_dir: EFI root directory
+
+        :rtype: list
+        """
+        return Defaults._parse_exclude_file(root_dir, 'exclude_files_efifatimage.yaml')
+
     @staticmethod
     def get_exclude_list_for_non_physical_devices():
         """

test/data/root-dir/image/exclude_files_efifatimage.yaml

@@ -0,0 +1,3 @@
+exclude:
+- BOOT/fbia32.efi
+- BOOT/fbx64.efi

test/unit/bootloader/config/grub2_test.py

@@ -326,8 +326,13 @@ def test_write(
                 'some-data'
             )
 
+    @patch('kiwi.bootloader.config.grub2.DataSync.sync_data')
+    @patch('kiwi.bootloader.config.grub2.Temporary.new_dir')
     @patch('kiwi.bootloader.config.grub2.Command.run')
-    def test_create_embedded_fat_efi_image(self, mock_command):
+    def test_create_embedded_fat_efi_image(self, mock_command, mock_tmpdir, mock_syncdata):
+        tmpdir = Mock()
+        tmpdir.name = 'tmpdir'
+        mock_tmpdir.return_value = tmpdir
         self.bootloader._create_embedded_fat_efi_image('tmp-esp-image')
         assert mock_command.call_args_list == [
             call(
@@ -343,7 +348,7 @@ def test_create_embedded_fat_efi_image(self, mock_command):
             call(
                 [
                     'mcopy', '-Do', '-s', '-i', 'tmp-esp-image',
-                    'root_dir/EFI', '::'
+                    'tmpdir', '::EFI'
                 ]
             )
         ]

test/unit/defaults_test.py

@@ -107,6 +107,23 @@ def test_get_vendor_grubenv(self, mock_path_exists):
         assert Defaults.get_vendor_grubenv('boot/efi') == \
             'boot/efi/EFI/fedora/grubenv'
 
+    def test_parse_exclude_file_is_valid(self):
+        assert Defaults._parse_exclude_file(
+            '../data/root-dir', 'exclude_files.yaml'
+        ) == [
+            'usr/bin/qemu-binfmt',
+            'usr/bin/qemu-x86_64-binfmt',
+            'usr/bin/qemu-x86_64'
+        ]
+
+    @patch('yaml.safe_load')
+    def test_parse_exclude_file_is_invalid(self, mock_yaml_safe_load):
+        mock_yaml_safe_load.return_value = {'invalid': 'artificial'}
+        with self._caplog.at_level(logging.WARNING):
+            assert Defaults._parse_exclude_file(
+                '../data/root-dir', 'exclude_files.yaml'
+            ) == []
+
     def test_get_exclude_list_from_custom_exclude_files(self):
         assert Defaults.get_exclude_list_from_custom_exclude_files(
             '../data/root-dir'
@@ -126,6 +143,24 @@ def test_get_exclude_list_from_custom_exclude_files_is_invalid(
                 '../data/root-dir'
             ) == []
 
+    def test_get_exclude_list_from_custom_exclude_files_for_efifatimage(self):
+        assert Defaults.get_exclude_list_from_custom_exclude_files_for_efifatimage(
+            '../data/root-dir'
+        ) == [
+            'BOOT/fbia32.efi',
+            'BOOT/fbx64.efi',
+        ]
+
+    @patch('yaml.safe_load')
+    def test_get_exclude_list_from_custom_exclude_files_for_efifatimage_is_invalid(
+        self, mock_yaml_safe_load
+    ):
+        mock_yaml_safe_load.return_value = {'invalid': 'artificial'}
+        with self._caplog.at_level(logging.WARNING):
+            assert Defaults.get_exclude_list_from_custom_exclude_files_for_efifatimage(
+                '../data/root-dir'
+            ) == []
+
     def test_get_exclude_list_for_root_data_sync(self):
         assert Defaults.get_exclude_list_for_root_data_sync() == [
             'image', '.kconfig',