From 4eaf9a6f926462db4584b1290092aaf7de36c25d Mon Sep 17 00:00:00 2001
From: Samuel Dolt <samuel.dolt@netmodule.com>
Date: Thu, 11 May 2023 11:29:53 +0200
Subject: [PATCH] feat(swupdate): coreos-swupdate-helper integration

swupdate is now relying on coreos-swupdate-helper to get convert
a device abstracted path in the .swu file to the right partition
device file under /dev

Now, the efibooguard binary is updated as well

BREAKING CHANGE: .swu image generated can not be used on old
device, thus the device has to be reflashed.
---
 .../legacy-mbr-disk.inc                       |  4 ---
 .../classes/coreos-image-swupdate.bbclass     | 16 ++++++++----
 .../classes/coreos-image.bbclass              |  5 ++++
 .../meta-belden-coreos/files/sw-description   | 26 ++++++++++++++-----
 .../swupdate/sw-collections-config.sh         |  3 +++
 .../swupdate/swupdate_2022.12.bbappend        |  2 +-
 6 files changed, 40 insertions(+), 16 deletions(-)

diff --git a/layers/meta-belden-coreos-bsp/conf/machine/include/coreos-generic-features/legacy-mbr-disk.inc b/layers/meta-belden-coreos-bsp/conf/machine/include/coreos-generic-features/legacy-mbr-disk.inc
index 9997044..f07d416 100644
--- a/layers/meta-belden-coreos-bsp/conf/machine/include/coreos-generic-features/legacy-mbr-disk.inc
+++ b/layers/meta-belden-coreos-bsp/conf/machine/include/coreos-generic-features/legacy-mbr-disk.inc
@@ -2,10 +2,6 @@
 # MBR disk are still supported by CoreOS, but only for legacy product
 # This ensure that efibootguard / swupdate work with MBR disk
 
-# Do not include this file in a machine configuration if the machine support
-# a GPT disk instead
-COREOS_DISK_PARTLABEL_LOOKUP_DIRECTORY ?= "/dev/disk/by-label"
-
 # MBR can't disk can't use partition label, but may use filesystem label
 # This will only work with an initramfs. If no initramfs is used, this will
 # have to be set to the right disk device inside the machine configuration
diff --git a/layers/meta-belden-coreos/classes/coreos-image-swupdate.bbclass b/layers/meta-belden-coreos/classes/coreos-image-swupdate.bbclass
index 36357e7..dca81fd 100644
--- a/layers/meta-belden-coreos/classes/coreos-image-swupdate.bbclass
+++ b/layers/meta-belden-coreos/classes/coreos-image-swupdate.bbclass
@@ -7,9 +7,6 @@
 # Swupdate image generation
 # ==============================================================================
 
-# Machine using MBR override this value, see legacy-mbr-disk.inc
-COREOS_DISK_PARTLABEL_LOOKUP_DIRECTORY ??= "/dev/disk/by-partlabel"
-
 IMAGE_FSTYPES:append = " ext4.zst"
 python () {
     image = d.getVar('IMAGE_BASENAME')
@@ -19,9 +16,14 @@ python () {
 inherit swupdate-image
 
 # Ensure than variable used in the sw-description files are watched for change
-do_swuimage[vardeps] += "COREOS_KERNEL0_FILENAME COREOS_KERNEL1_FILENAME EFIBOOTGUARD_TIMEOUT COREOS_DISK_PARTLABEL_LOOKUP_DIRECTORY APPEND"
+do_swuimage[vardeps] += "COREOS_KERNEL0_FILENAME COREOS_KERNEL1_FILENAME EFIBOOTGUARD_TIMEOUT EFIDIR EFI_BOOT_IMAGE COREOS_EFIBOOTGUARD_FILENAME"
 do_swuimage[deptask] += "do_bundle_uki"
-SWUPDATE_IMAGES += "${COREOS_KERNEL0_NAME} ${COREOS_KERNEL1_NAME}"
+
+COREOS_EFIBOOTGUARD_NAME ?= "efibootguard${EFI_ARCH}"
+COREOS_EFIBOOTGUARD_EXT ?= ".efi"
+COREOS_EFIBOOTGUARD_FILENAME = "${COREOS_EFIBOOTGUARD_NAME}${COREOS_EFIBOOTGUARD_EXT}"
+
+SWUPDATE_IMAGES += "${COREOS_KERNEL0_NAME} ${COREOS_KERNEL1_NAME} ${COREOS_EFIBOOTGUARD_NAME}"
 
 python () {
     kernel0 = d.getVar('COREOS_KERNEL0_NAME')
@@ -29,6 +31,10 @@ python () {
     kernelext = d.getVar('COREOS_KERNEL_EXT')
     d.setVarFlag("SWUPDATE_IMAGES_FSTYPES", kernel0, kernelext)
     d.setVarFlag("SWUPDATE_IMAGES_FSTYPES", kernel1, kernelext)
+
+    efibootguard = d.getVar('COREOS_EFIBOOTGUARD_NAME')
+    efibootguardext = d.getVar('COREOS_EFIBOOTGUARD_EXT')
+    d.setVarFlag("SWUPDATE_IMAGES_FSTYPES", efibootguard, efibootguardext)
 }
 
 FILESEXTRAPATHS:append := ":${COREOS_ROOT}/layers/meta-belden-coreos/files"
diff --git a/layers/meta-belden-coreos/classes/coreos-image.bbclass b/layers/meta-belden-coreos/classes/coreos-image.bbclass
index 685ea48..d97b1a8 100644
--- a/layers/meta-belden-coreos/classes/coreos-image.bbclass
+++ b/layers/meta-belden-coreos/classes/coreos-image.bbclass
@@ -24,6 +24,11 @@ FEATURE_PACKAGES_cockpit = "packagegroup-coreos-cockpit ${@get_feature_packages_
 # *-dev-tools FEATURES_PACKAGES for any image features
 FEATURE_PACKAGES_dev-tools = "${@get_feature_packages_with_suffix('dev-tools', d)}"
 
+FEATURE_PACKAGES_tools-debug = "packagegroup-core-tools-debug"
+FEATURE_PACKAGES_tools-profile = "packagegroup-core-tools-profile"
+FEATURE_PACKAGES_tools-sdk = "packagegroup-core-sdk packagegroup-core-standalone-sdk-target"
+
+
 def get_feature_packages_with_suffix(suffix, d):
     """
     For each feature inside IMAGE_FEATURES, look if a FEATURE_PACKAGE variable
diff --git a/layers/meta-belden-coreos/files/sw-description b/layers/meta-belden-coreos/files/sw-description
index 29fb378..b018fee 100644
--- a/layers/meta-belden-coreos/files/sw-description
+++ b/layers/meta-belden-coreos/files/sw-description
@@ -12,7 +12,7 @@ software =
                         installed-directly = true;
                         # partlabel are stored inside the GPT partition table.
                         # The partition table is flashed only once and never updated
-                        device = "@@COREOS_DISK_PARTLABEL_LOOKUP_DIRECTORY@@/platform0";
+                        device = "/var/run/coreos/rootdisk/partitions/root/updatable";
                         type = "raw";
                         sha256 = "$swupdate_get_sha256(@@PN@@-@@MACHINE@@.ext4.zst)";
                     }
@@ -22,16 +22,23 @@ software =
                     {
                         filename = "@@COREOS_KERNEL0_FILENAME@@";
                         path = "/KERNEL.EFI";
-                        device = "@@COREOS_DISK_PARTLABEL_LOOKUP_DIRECTORY@@/boot0";
+                        device = "/var/run/coreos/rootdisk/partitions/ebg/updatable";
                         filesystem = "vfat";
                         sha256 = "$swupdate_get_sha256(@@COREOS_KERNEL0_FILENAME@@)";
+                    },
+                    {
+                        filename = "@@COREOS_EFIBOOTGUARD_FILENAME@@";
+                        path = "@@EFIDIR@@/@@EFI_BOOT_IMAGE@@";
+                        device = "/var/run/coreos/rootdisk/partitions/efi";
+                        filesystem = "vfat";
+                        sha256 = "$swupdate_get_sha256(@@COREOS_EFIBOOTGUARD_FILENAME@@)";
                     }
                 );
 
                 bootenv: (
                         {
                             name = "kernelparams";
-                            value = "root=PARTLABEL=platform0 @@APPEND@@";
+                            value = "";
                         },
                         {
                             name = "watchdog_timeout_sec";
@@ -53,7 +60,7 @@ software =
                         installed-directly = true;
                         # partlabel are stored inside the GPT partition table.
                         # The partition table is flashed only once and never updated
-                        device = "@@COREOS_DISK_PARTLABEL_LOOKUP_DIRECTORY@@/platform1";
+                        device = "/var/run/coreos/rootdisk/partitions/root/updatable";
                         type = "raw";
                         sha256 = "$swupdate_get_sha256(@@PN@@-@@MACHINE@@.ext4.zst)";
                     }
@@ -63,15 +70,22 @@ software =
                     {
                         filename = "@@COREOS_KERNEL1_FILENAME@@";
                         path = "/KERNEL.EFI";
-                        device = "@@COREOS_DISK_PARTLABEL_LOOKUP_DIRECTORY@@/boot1";
+                        device = "/var/run/coreos/rootdisk/partitions/ebg/updatable";
                         filesystem = "vfat";
                         sha256 = "$swupdate_get_sha256(@@COREOS_KERNEL1_FILENAME@@)";
+                    },
+                    {
+                        filename = "@@COREOS_EFIBOOTGUARD_FILENAME@@";
+                        path = "@@EFIDIR@@/@@EFI_BOOT_IMAGE@@";
+                        device = "/var/run/coreos/rootdisk/partitions/efi";
+                        filesystem = "vfat";
+                        sha256 = "$swupdate_get_sha256(@@COREOS_EFIBOOTGUARD_FILENAME@@)";
                     }
                 );
                 bootenv: (
                         {
                             name = "kernelparams";
-                            value = "root=PARTLABEL=platform1 @@APPEND@@";
+                            value = "";
                         },
                         {
                             name = "watchdog_timeout_sec";
diff --git a/layers/meta-belden-coreos/recipes-support/swupdate/swupdate/sw-collections-config.sh b/layers/meta-belden-coreos/recipes-support/swupdate/swupdate/sw-collections-config.sh
index 1238e9b..961ba60 100644
--- a/layers/meta-belden-coreos/recipes-support/swupdate/swupdate/sw-collections-config.sh
+++ b/layers/meta-belden-coreos/recipes-support/swupdate/swupdate/sw-collections-config.sh
@@ -37,3 +37,6 @@ case $ROOT_PARTLABEL in
         exit 1
         ;;
 esac
+
+# Create needed symlinks in /var/run/coreos
+coreos-swupdate-helper --config /etc/coreos-swupdate-helper/default.toml
diff --git a/layers/meta-belden-coreos/recipes-support/swupdate/swupdate_2022.12.bbappend b/layers/meta-belden-coreos/recipes-support/swupdate/swupdate_2022.12.bbappend
index 95d7c30..2eb174b 100644
--- a/layers/meta-belden-coreos/recipes-support/swupdate/swupdate_2022.12.bbappend
+++ b/layers/meta-belden-coreos/recipes-support/swupdate/swupdate_2022.12.bbappend
@@ -1,7 +1,7 @@
 # File in the swupdate subdirectory of this recipe should overwrite the
 # same file in meta-swupdate
 FILESEXTRAPATHS:prepend := "${THISDIR}/swupdate:"
-RDEPENDS:${PN}:append = " efibootguard"
+RDEPENDS:${PN}:append = " efibootguard coreos-swupdate-helper"
 
 SRC_URI += "file://webserver-config.sh \
             file://sw-collections-config.sh \