From 1020a0456c50b4ca45eb5464c5e68109f7bc0c0c Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Thu, 4 Jan 2024 23:26:55 +0100 Subject: [PATCH] fix: do not emit a temporary initrd location if it's not needed We fabricated a lot of initrds which were exactly the same as the one in our store when we had no initrd secrets. This ends this practice. --- rust/tool/systemd/src/install.rs | 30 ++++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) diff --git a/rust/tool/systemd/src/install.rs b/rust/tool/systemd/src/install.rs index 318c6f7d..d58117af 100644 --- a/rust/tool/systemd/src/install.rs +++ b/rust/tool/systemd/src/install.rs @@ -210,17 +210,27 @@ impl Installer { .context("Failed to install the kernel.")?; // Assemble and install the initrd, and record its path on the ESP. - let initrd_location = tempdir - .write_secure_file( - fs::read( - bootspec - .initrd - .as_ref() - .context("Lanzaboote does not support missing initrd yet.")?, + // It is not needed to write the initrd in a temporary directory + // if we do not have any initrd secret. + let initrd_location = if bootspec.initrd_secrets.is_some() { + tempdir + .write_secure_file( + fs::read( + bootspec + .initrd + .as_ref() + .context("Lanzaboote does not support missing initrd yet.")?, + ) + .context("Failed to read the initrd.")?, ) - .context("Failed to read the initrd.")?, - ) - .context("Failed to copy the initrd to the temporary directory.")?; + .context("Failed to copy the initrd to the temporary directory.")? + } else { + bootspec + .initrd + .clone() + .expect("Lanzaboote does not support missing initrd yet.") + }; + if let Some(initrd_secrets_script) = &bootspec.initrd_secrets { append_initrd_secrets(initrd_secrets_script, &initrd_location, generation.version)?; }