Comments (4)
I haven't tried it, but it seems like this could be solved using the same technique described in the Arch wiki for automatically rebuilding the initial ramdisk.
from sbupdate.
I've worked around it by adding "Target = nvidia-dkms" to /usr/share/libalpm/hooks/95-sbupdate.hook. There are already hooks for intel-ucode and amd-ucode in that file. Ideally, there should be a way to trigger it any time mkinitcpio is run (rather than on specific packages), but without running it twice when pacman does a kernel update. Maybe a combination of a hook that runs whenever mkinitcpio runs and a cli option to not regenerate/re-sign the .efi file if it is already newer than the kernel and initramfs.
from sbupdate.
A more generic workaround might be to change the path triggers in 95-sbupdate.hook to the following:
Target = usr/lib/modules/*/vmlinuz
Target = usr/lib/initcpio/*
Target = usr/src/*/dkms.conf
Target = usr/lib/modules/*/build/include/
Target = usr/lib/modules/*/modules.alias
These are the triggers from 90-mkinitcpio-install.hook and 70-dkms-install.hook, so they should cause sbupdate to trigger whenever dkms triggers or mkinitcpio runs.
However, I've found another issue. It seems that with either this solution or the "Target=nvidia-dkms" solution, the alpm hooks are run in the wrong order. It's running sbupdate before it runs mkinitcpio:
:: Running post-transaction hooks...
(1/4) Arming ConditionNeedsUpdate...
(2/4) Install DKMS modules
==> dkms install --no-depmod -m nvidia -v 470.74 -k 5.14.11-arch1-1
==> depmod 5.14.11-arch1-1
(3/4) Updating UEFI kernel images...
Generating and signing linux-signed.efi
warning: data remaining[74356736 vs 74366930]: gaps between PE/COFF sections?
warning: data remaining[74356736 vs 74366936]: gaps between PE/COFF sections?
Signing Unsigned original image
(4/4) Update Nvidia module in initcpio
==> Building image from preset: /etc/mkinitcpio.d/linux.preset: 'default'
-> -k /boot/vmlinuz-linux -c /etc/mkinitcpio.conf -g /boot/initramfs-linux.img
==> Starting build: 5.14.11-arch1-1
-> Running build hook: [base]
-> Running build hook: [systemd]
-> Running build hook: [autodetect]
-> Running build hook: [keyboard]
==> WARNING: Possibly missing firmware for module: xhci_pci
-> Running build hook: [sd-vconsole]
-> Running build hook: [modconf]
-> Running build hook: [block]
-> Running build hook: [sd-encrypt]
==> WARNING: Possibly missing firmware for module: qat_4xxx
-> Running build hook: [btrfs]
-> Running build hook: [filesystems]
-> Running build hook: [fsck]
==> Generating module dependencies
==> Creating zstd-compressed initcpio image: /boot/initramfs-linux.img
==> Image generation successful
==> Building image from preset: /etc/mkinitcpio.d/linux.preset: 'fallback'
-> -k /boot/vmlinuz-linux -c /etc/mkinitcpio.conf -g /boot/initramfs-linux-fallback.img -S autodetect
==> Starting build: 5.14.11-arch1-1
-> Running build hook: [base]
-> Running build hook: [systemd]
-> Running build hook: [keyboard]
==> WARNING: Possibly missing firmware for module: xhci_pci
-> Running build hook: [sd-vconsole]
-> Running build hook: [modconf]
-> Running build hook: [block]
==> WARNING: Possibly missing firmware for module: aic94xx
==> WARNING: Possibly missing firmware for module: wd719x
-> Running build hook: [sd-encrypt]
==> WARNING: Possibly missing firmware for module: qat_4xxx
-> Running build hook: [btrfs]
-> Running build hook: [filesystems]
-> Running build hook: [fsck]
==> Generating module dependencies
==> Creating zstd-compressed initcpio image: /boot/initramfs-linux-fallback.img
==> Image generation successful
I'm not sure why this is. According to alpm-hooks, the hooks are run in alphabetical order, which should mean that the sbupdate hook runs after any dkms/mkinitcpio stuff. It might be a bug in libalpm.
from sbupdate.
Never mind the hook order thing - I just needed my custom nvidia hook to run before sbupdate (fixed by renaming nvidia.hook to 94-nvidia.hook).
I'll create a pull request for the proposed target fix.
from sbupdate.
Related Issues (20)
- Question: is btrfs supported with direct booting? HOT 4
- EXTRA_SIGN in combination w/ e.g. sd-boot can lead to an attacker being able to sign a malicious file HOT 4
- Testing HOT 2
- Wrong kernel output after system update HOT 18
- Missing AUR keys HOT 4
- Output filename for kernel? HOT 3
- signed unified kernel image file name HOT 1
- Multiple cmdlines per kernel HOT 1
- use mkinitcpio to build uefi executables HOT 9
- SBAT support for new shim HOT 4
- sbudpate fails when using grub sigchecks HOT 1
- [Feature Request] Please add option to add an extra initrd to efi image HOT 2
- [Feature Request] Please add an option to sign already created image HOT 1
- Use calculated, flexible section-vma offsets instead of hardcoded ones HOT 17
- RFE: add `CMDLINE_ALWAYS` or alike for kernel options that are always added HOT 2
- issue with systemd 252.1 HOT 3
- Allow custom `output_name`
- Allow `.cmdline` to be omitted
- objcopy: section below image base HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sbupdate.