genprotimg.bu: add coreos-genprotimg-generator

This fixes an issue when during firstboot system tried to mount
genprotimg partition.

Author: nikita-dubrovskii

src/secex-genprotimgvm-scripts/genprotimg.bu

@@ -20,7 +20,7 @@ storage:
       contents:
         inline: |
           #!/bin/bash
-          set -euo pipefail
+          set -xeuo pipefail
           trap "rm -f /var/genprotimg/signal.file" EXIT
           bash /var/build/genprotimg-script.sh &
           while [ ! -e "/var/genprotimg/signal.file" ]; do
@@ -29,6 +29,48 @@ storage:
           genprotimg -V --no-verify -i /var/genprotimg/vmlinuz -r /var/genprotimg/initrd.img  -p /var/genprotimg/parmfile -k /etc/se-hostkeys/ibm-z-hostkey-1 -o /var/genprotimg/se.img
           rm -f /var/genprotimg/signal.file
           bash /var/build/post-script.sh
+    - path: /etc/systemd/system-generators/coreos-genprotimg-generator
+      overwrite: true
+      mode: 0755
+      contents:
+        inline: |
+          #!/bin/bash
+          export PATH="/usr/bin:/usr/sbin:${PATH}"
+          set -euo pipefail
+          . /usr/lib/coreos/generator-lib.sh
+          if [ ! -z $(karg ignition.firstboot) ]; then
+              exit 0
+          fi
+          mkdir -p "${UNIT_DIR}/default.target.wants"
+
+          cat > "${UNIT_DIR}"/var-build.mount << 'EOF'
+          # generated by coreos-genprotimg-generator
+          # Mounts partition with parmfile, pre- and post- scripts used by genprotimg.service
+          [Unit]
+          Description=Genprotimg partition mount
+          Requires=dev-disk-by\x2did-virtio\x2dgenprotimg.device
+          After=dev-disk-by\x2did-virtio\x2dgenprotimg.device
+          [Mount]
+          What=/dev/disk/by-id/virtio-genprotimg
+          Where=/var/build
+          Type=ext4
+          Options=rw,noatime
+          EOF
+          ln -sf "../var-build.mount" "${UNIT_DIR}/default.target.wants/"
+
+          cat > "${UNIT_DIR}/genprotimg.service" << 'EOF'
+          # generated by coreos-genprotimg-generator
+          # Creates secure image by calling genprotimg tool
+          [Unit]
+          Description=Genprotimg executor
+          After=var-build.mount
+          [Service]
+          Type=oneshot
+          StandardOutput=journal+console
+          ExecStart=/etc/do_genprotimg
+          ExecStopPost=/sbin/halt
+          EOF
+          ln -sf "../genprotimg.service" "${UNIT_DIR}/default.target.wants/"
 systemd:
   units:
     - name: [email protected]
@@ -42,32 +84,3 @@ systemd:
       mask: false
     - name: [email protected]
       mask: false
-    - name: genprotimg.service
-      enabled: true
-      contents: |
-        [Unit]
-        Description=GenProtImg
-        ConditionKernelCommandLine=!ignition.firstboot
-        After=var-build.mount
-        [Service]
-        Type=oneshot
-        StandardOutput=journal+console
-        ExecStart=/etc/do_genprotimg
-        ExecStopPost=/sbin/halt
-        [Install]
-        WantedBy=default.target
-    - name: var-build.mount
-      enabled: true
-      contents: |
-        [Unit]
-        Description=Mounts genprotimg build partition
-        ConditionKernelCommandLine=!ignition.firstboot
-        Requires=dev-disk-by\x2did-virtio\x2dgenprotimg.device
-        After=dev-disk-by\x2did-virtio\x2dgenprotimg.device
-        [Mount]
-        What=/dev/disk/by-id/virtio-genprotimg
-        Where=/var/build
-        Type=ext4
-        Options=rw,noatime
-        [Install]
-        WantedBy=default.target