feat(swupdate): coreos-swupdate-helper integration

swupdate is now relying on coreos-swupdate-helper to get convert
a device abstracted path in the .swu file to the right partition
device file under /dev

Now, the efibooguard binary is updated as well

BREAKING CHANGE: .swu image generated can not be used on old
device, thus the device has to be reflashed.

layers/meta-belden-coreos-bsp/conf/machine/include/coreos-generic-features/legacy-mbr-disk.inc

@@ -2,10 +2,6 @@
 # MBR disk are still supported by CoreOS, but only for legacy product
 # This ensure that efibootguard / swupdate work with MBR disk
 
-# Do not include this file in a machine configuration if the machine support
-# a GPT disk instead
-COREOS_DISK_PARTLABEL_LOOKUP_DIRECTORY ?= "/dev/disk/by-label"
-
 # MBR can't disk can't use partition label, but may use filesystem label
 # This will only work with an initramfs. If no initramfs is used, this will
 # have to be set to the right disk device inside the machine configuration

layers/meta-belden-coreos/classes/coreos-image-swupdate.bbclass

@@ -7,9 +7,6 @@
 # Swupdate image generation
 # ==============================================================================
 
-# Machine using MBR override this value, see legacy-mbr-disk.inc
-COREOS_DISK_PARTLABEL_LOOKUP_DIRECTORY ??= "/dev/disk/by-partlabel"
-
 IMAGE_FSTYPES:append = " ext4.zst"
 python () {
     image = d.getVar('IMAGE_BASENAME')
@@ -19,9 +16,14 @@ python () {
 inherit swupdate-image
 
 # Ensure than variable used in the sw-description files are watched for change
-do_swuimage[vardeps] += "COREOS_KERNEL0_FILENAME COREOS_KERNEL1_FILENAME EFIBOOTGUARD_TIMEOUT COREOS_DISK_PARTLABEL_LOOKUP_DIRECTORY APPEND"
+do_swuimage[vardeps] += "COREOS_KERNEL0_FILENAME COREOS_KERNEL1_FILENAME EFIBOOTGUARD_TIMEOUT EFIDIR EFI_BOOT_IMAGE COREOS_EFIBOOTGUARD_FILENAME"
 do_swuimage[deptask] += "do_bundle_uki"
-SWUPDATE_IMAGES += "${COREOS_KERNEL0_NAME} ${COREOS_KERNEL1_NAME}"
+
+COREOS_EFIBOOTGUARD_NAME ?= "efibootguard${EFI_ARCH}"
+COREOS_EFIBOOTGUARD_EXT ?= ".efi"
+COREOS_EFIBOOTGUARD_FILENAME = "${COREOS_EFIBOOTGUARD_NAME}${COREOS_EFIBOOTGUARD_EXT}"
+
+SWUPDATE_IMAGES += "${COREOS_KERNEL0_NAME} ${COREOS_KERNEL1_NAME} ${COREOS_EFIBOOTGUARD_NAME}"
 
 python () {
     kernel0 = d.getVar('COREOS_KERNEL0_NAME')
@@ -29,6 +31,10 @@ python () {
     kernelext = d.getVar('COREOS_KERNEL_EXT')
     d.setVarFlag("SWUPDATE_IMAGES_FSTYPES", kernel0, kernelext)
     d.setVarFlag("SWUPDATE_IMAGES_FSTYPES", kernel1, kernelext)
+
+    efibootguard = d.getVar('COREOS_EFIBOOTGUARD_NAME')
+    efibootguardext = d.getVar('COREOS_EFIBOOTGUARD_EXT')
+    d.setVarFlag("SWUPDATE_IMAGES_FSTYPES", efibootguard, efibootguardext)
 }
 
 FILESEXTRAPATHS:append := ":${COREOS_ROOT}/layers/meta-belden-coreos/files"

layers/meta-belden-coreos/classes/coreos-image.bbclass

@@ -24,6 +24,11 @@ FEATURE_PACKAGES_cockpit = "packagegroup-coreos-cockpit ${@get_feature_packages_
 # *-dev-tools FEATURES_PACKAGES for any image features
 FEATURE_PACKAGES_dev-tools = "${@get_feature_packages_with_suffix('dev-tools', d)}"
 
+FEATURE_PACKAGES_tools-debug = "packagegroup-core-tools-debug"
+FEATURE_PACKAGES_tools-profile = "packagegroup-core-tools-profile"
+FEATURE_PACKAGES_tools-sdk = "packagegroup-core-sdk packagegroup-core-standalone-sdk-target"
+
+
 def get_feature_packages_with_suffix(suffix, d):
     """
     For each feature inside IMAGE_FEATURES, look if a FEATURE_PACKAGE variable

layers/meta-belden-coreos/files/sw-description

@@ -12,7 +12,7 @@ software =
                         installed-directly = true;
                         # partlabel are stored inside the GPT partition table.
                         # The partition table is flashed only once and never updated
-                        device = "@@COREOS_DISK_PARTLABEL_LOOKUP_DIRECTORY@@/platform0";
+                        device = "/var/run/coreos/rootdisk/partitions/root/updatable";
                         type = "raw";
                         sha256 = "$swupdate_get_sha256(@@PN@@-@@MACHINE@@.ext4.zst)";
                     }
@@ -22,16 +22,23 @@ software =
                     {
                         filename = "@@COREOS_KERNEL0_FILENAME@@";
                         path = "/KERNEL.EFI";
-                        device = "@@COREOS_DISK_PARTLABEL_LOOKUP_DIRECTORY@@/boot0";
+                        device = "/var/run/coreos/rootdisk/partitions/ebg/updatable";
                         filesystem = "vfat";
                         sha256 = "$swupdate_get_sha256(@@COREOS_KERNEL0_FILENAME@@)";
+                    },
+                    {
+                        filename = "@@COREOS_EFIBOOTGUARD_FILENAME@@";
+                        path = "@@EFIDIR@@/@@EFI_BOOT_IMAGE@@";
+                        device = "/var/run/coreos/rootdisk/partitions/efi";
+                        filesystem = "vfat";
+                        sha256 = "$swupdate_get_sha256(@@COREOS_EFIBOOTGUARD_FILENAME@@)";
                     }
                 );
 
                 bootenv: (
                         {
                             name = "kernelparams";
-                            value = "root=PARTLABEL=platform0 @@APPEND@@";
+                            value = "";
                         },
                         {
                             name = "watchdog_timeout_sec";
@@ -53,7 +60,7 @@ software =
                         installed-directly = true;
                         # partlabel are stored inside the GPT partition table.
                         # The partition table is flashed only once and never updated
-                        device = "@@COREOS_DISK_PARTLABEL_LOOKUP_DIRECTORY@@/platform1";
+                        device = "/var/run/coreos/rootdisk/partitions/root/updatable";
                         type = "raw";
                         sha256 = "$swupdate_get_sha256(@@PN@@-@@MACHINE@@.ext4.zst)";
                     }
@@ -63,15 +70,22 @@ software =
                     {
                         filename = "@@COREOS_KERNEL1_FILENAME@@";
                         path = "/KERNEL.EFI";
-                        device = "@@COREOS_DISK_PARTLABEL_LOOKUP_DIRECTORY@@/boot1";
+                        device = "/var/run/coreos/rootdisk/partitions/ebg/updatable";
                         filesystem = "vfat";
                         sha256 = "$swupdate_get_sha256(@@COREOS_KERNEL1_FILENAME@@)";
+                    },
+                    {
+                        filename = "@@COREOS_EFIBOOTGUARD_FILENAME@@";
+                        path = "@@EFIDIR@@/@@EFI_BOOT_IMAGE@@";
+                        device = "/var/run/coreos/rootdisk/partitions/efi";
+                        filesystem = "vfat";
+                        sha256 = "$swupdate_get_sha256(@@COREOS_EFIBOOTGUARD_FILENAME@@)";
                     }
                 );
                 bootenv: (
                         {
                             name = "kernelparams";
-                            value = "root=PARTLABEL=platform1 @@APPEND@@";
+                            value = "";
                         },
                         {
                             name = "watchdog_timeout_sec";

layers/meta-belden-coreos/recipes-support/swupdate/swupdate/sw-collections-config.sh

@@ -37,3 +37,6 @@ case $ROOT_PARTLABEL in
         exit 1
         ;;
 esac
+
+# Create needed symlinks in /var/run/coreos
+coreos-swupdate-helper --config /etc/coreos-swupdate-helper/default.toml

layers/meta-belden-coreos/recipes-support/swupdate/swupdate_2022.12.bbappend

@@ -1,7 +1,7 @@
 # File in the swupdate subdirectory of this recipe should overwrite the
 # same file in meta-swupdate
 FILESEXTRAPATHS:prepend := "${THISDIR}/swupdate:"
-RDEPENDS:${PN}:append = " efibootguard"
+RDEPENDS:${PN}:append = " efibootguard coreos-swupdate-helper"
 
 SRC_URI += "file://webserver-config.sh \
             file://sw-collections-config.sh \