meson: Default to sbat-distro=auto

Any recent shim will refuse starting an image that does not have an sbat section
and will do so with a generic "Security Violation" message. And it is very easy
to forget passing -Dsbat-distro=auto to meson when creating a fresh build dir.

Adding sbat info when shim is not used or secure boot is disabled does not hurt
anyone, so default to auto. This still ensures to not add auto-detected info in
case we are cross building.

diff --git a/meson_options.txt b/meson_options.txt
index c09a23dc03eba0085ef99948f7a5a5920994ed43..1e91bf1fd2b219a5c0100ed4d9109d8ae6c3f3cd 100644 (file)
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -417,7 +417,7 @@ option('efi-libdir', type : 'string',
        description : 'path to the EFI lib directory')
 option('efi-includedir', type : 'string', value : '/usr/include/efi',
        description : 'path to the EFI header directory')
-option('sbat-distro', type : 'string',
+option('sbat-distro', type : 'string', value : 'auto',
        description : 'SBAT distribution ID, e.g. fedora, or auto for autodetection')
 option('sbat-distro-generation', type : 'integer', value : 1,
        description : 'SBAT distribution generation')

diff --git a/src/boot/efi/meson.build b/src/boot/efi/meson.build
index 06e42d979d6cf799545d8fda8c2ebe5f5fd1430c..a32948a9c2659699ca4077a2c3bdc9aa69634249 100644 (file)
--- a/src/boot/efi/meson.build
+++ b/src/boot/efi/meson.build
@@ -162,7 +162,9 @@ foreach ctype : ['color-normal', 'color-entry', 'color-highlight', 'color-edit']
                 'EFI_' + c[1].strip().underscorify().to_upper()))
 endforeach
 
-if get_option('sbat-distro') != ''
+if meson.is_cross_build() and get_option('sbat-distro') == 'auto'
+        warning('Auto detection of SBAT information not supported when cross-building, disabling SBAT.')
+elif get_option('sbat-distro') != ''
         efi_conf.set_quoted('SBAT_PROJECT', meson.project_name())
         efi_conf.set_quoted('PROJECT_VERSION', meson.project_version())
         efi_conf.set('PROJECT_URL', conf.get('PROJECT_URL'))
@@ -174,7 +176,7 @@ if get_option('sbat-distro') != ''
                            ['sbat-distro-summary', 'NAME'],
                            ['sbat-distro-url', 'BUG_REPORT_URL']]
                 value = get_option(sbatvar[0])
-                if (value == '' and not meson.is_cross_build()) or value == 'auto'
+                if (value == '' or value == 'auto') and not meson.is_cross_build()
                         cmd = 'if [ -e /etc/os-release ]; then . /etc/os-release; else . /usr/lib/os-release; fi; echo $@0@'.format(sbatvar[1])
                         value = run_command(sh, '-c', cmd).stdout().strip()
                         message('@0@ (from @1@): @2@'.format(sbatvar[0], sbatvar[1], value))