From fe4683843c50131480a4f8c01786221f97b9bc1f Mon Sep 17 00:00:00 2001 From: Andrey Smirnov Date: Thu, 16 Jan 2025 16:17:14 +0400 Subject: [PATCH] fix: generate UKI only if actually needed Without this fix, imager tries to generate UKI when it's not needed at all, and also it might try to generate UKI when it's not even supported for the version of Talos. Signed-off-by: Andrey Smirnov --- pkg/imager/imager.go | 21 +++++++++++++++++++-- pkg/machinery/imager/quirks/quirks.go | 16 ++++++++++++++-- 2 files changed, 33 insertions(+), 4 deletions(-) diff --git a/pkg/imager/imager.go b/pkg/imager/imager.go index c4cfdf5c13..c5c7e8be1b 100644 --- a/pkg/imager/imager.go +++ b/pkg/imager/imager.go @@ -103,8 +103,25 @@ func (i *Imager) Execute(ctx context.Context, outputPath string, report *reporte Status: reporter.StatusSucceeded, }) - // 4. Build UKI unless the output is a kernel or cmdline. - if i.prof.Output.Kind != profile.OutKindKernel && i.prof.Output.Kind != profile.OutKindCmdline { + // 4. Build UKI if needed + needBuildUKI := quirks.New(i.prof.Version).SupportsUKI() + + switch i.prof.Output.Kind { + case profile.OutKindUKI: + if !needBuildUKI { + return "", fmt.Errorf("UKI output is not supported in this Talos version") + } + case profile.OutKindISO, profile.OutKindImage, profile.OutKindInstaller: + needBuildUKI = needBuildUKI && i.prof.SecureBootEnabled() + case profile.OutKindCmdline, profile.OutKindKernel, profile.OutKindInitramfs: + needBuildUKI = false + case profile.OutKindUnknown: + fallthrough + default: + return "", fmt.Errorf("unknown output kind: %s", i.prof.Output.Kind) + } + + if needBuildUKI { if err = i.buildUKI(ctx, report); err != nil { return "", err } diff --git a/pkg/machinery/imager/quirks/quirks.go b/pkg/machinery/imager/quirks/quirks.go index da995f3329..b7153b7d92 100644 --- a/pkg/machinery/imager/quirks/quirks.go +++ b/pkg/machinery/imager/quirks/quirks.go @@ -27,13 +27,13 @@ func New(talosVersion string) Quirks { }} } -var minVersionResetOption = semver.MustParse("1.4.0") - // Version returns the Talos version. func (q Quirks) Version() *semver.Version { return q.v } +var minVersionResetOption = semver.MustParse("1.4.0") + // SupportsResetGRUBOption returns true if the Talos version supports the reset option in GRUB menu (image and ISO). func (q Quirks) SupportsResetGRUBOption() bool { // if the version doesn't parse, we assume it's latest Talos @@ -44,6 +44,18 @@ func (q Quirks) SupportsResetGRUBOption() bool { return q.v.GTE(minVersionResetOption) } +var minVersionUKI = semver.MustParse("1.5.0") + +// SupportsUKI returns true if the Talos version supports building UKIs. +func (q Quirks) SupportsUKI() bool { + // if the version doesn't parse, we assume it's latest Talos + if q.v == nil { + return true + } + + return q.v.GTE(minVersionUKI) +} + var minVersionCompressedMETA = semver.MustParse("1.6.3") // SupportsCompressedEncodedMETA returns true if the Talos version supports compressed and encoded META as an environment variable.