94 lines
4.6 KiB
XML
94 lines
4.6 KiB
XML
<?xml version="1.0" encoding="UTF-8" ?>
|
|
<!-- This example assumes Grub2 and UEFI. It should be flexible enough to tweak for other use cases
|
|
if you know what the hell you're doing. -->
|
|
<!--
|
|
SEE prep.txt FOR WHAT MUST BE DONE BEFORE RUNNING BOOTSYNC.
|
|
-->
|
|
<bootsync xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
|
xmlns="http://git.square-r00t.net/BootSync/"
|
|
xsi:schemaLocation="http://git.square-r00t.net/BootSync/plain/bootsync.xsd">
|
|
<!-- The actual EFI System Partitions (ESP). At least two are required. -->
|
|
<!-- Each drive should be prepared ahead of time with efibootmgr and grub-install (see prep.txt). -->
|
|
<partitions>
|
|
<!-- These should all be unique values.
|
|
Don't do something dumb like mount different partitions on the same mountpoint or the
|
|
the same partition on multiple mountpoints. -->
|
|
<!-- Future versions of this script may support things like UUIDs or labels as an alternative to path=,
|
|
but in the meanwhile it relies on device paths explicitly. -->
|
|
<part path="/dev/sdb1" mount="/mnt/boot1"/>
|
|
<part path="/dev/sdd1" mount="/mnt/boot2"/>
|
|
</partitions>
|
|
<!--
|
|
If fileChecks isn't provided, we will still sync syncPaths (which IS required).
|
|
These files will be evaluated to and synced to the ESP partitions with the same relative path.
|
|
i.e. (part[@mount])/(file)
|
|
|
|
fileChecks[@hashtype] attribute is used to checksum all <file> children,
|
|
unless they specify their own hashtype attribute (the default is hashtype="md5" for speed optimizations).
|
|
|
|
Guaranteed valid hashtype values are:
|
|
|
|
sha1
|
|
sha224
|
|
sha256
|
|
sha384
|
|
sha512
|
|
blake2b
|
|
blake2s
|
|
|
|
If you have a non-FIPS-compliant Python (you very most likely do), the following hashtype is also available:
|
|
|
|
md5
|
|
|
|
If you have a recent enough OpenSSL (and python3), you have the additional hashtype values available:
|
|
|
|
sha3_224
|
|
sha3_256
|
|
sha3_384
|
|
sha3_512
|
|
shake_128
|
|
shake_256
|
|
|
|
Additionally, the value "false" is always available to disable hashing for a specific <file> object or to set
|
|
the default. No checksumming will be done in this case and the file will always be overwritten on every run.
|
|
|
|
This is *highly not recommended* for solid-state disks or if you have large files you plan on syncing to
|
|
the alternate ESPs (e.g. loop-mounted ISO/IMG files).
|
|
|
|
"isKernel" is by default false, but if true it is treated specially to get a kernel version.
|
|
This is to notify you if a reboot is required. If no <file> item is isKernel="true", no reboot requirement
|
|
detection will be done.
|
|
Only *the last* <file> with isKernel="true" listed is used as the kernel identifier.
|
|
-->
|
|
<fileChecks hashtype="sha1">
|
|
<!-- RELATIVE paths to /boot on your / mount. -->
|
|
<file>initramfs-linux.img</file>
|
|
<file>intel-ucode.img</file>
|
|
<file>memtest86+/memtest.bin</file>
|
|
<file isKernel="true" hashtype="sha512">vmlinuz-linux</file>
|
|
</fileChecks>
|
|
<!--
|
|
These are system paths to sync to the ESPs. They are synced recursively.
|
|
|
|
"hashtype" is also supported for syncPaths and path objects just as the same with fileChecks
|
|
and file objects (see above).
|
|
|
|
"source" should be absolute.
|
|
"target" should be relative (to the ESP mount).
|
|
"pattern" is a regex to match to restrict *filenames* to sync. Use ".*" for all files.
|
|
-->
|
|
<syncPaths hashtype="sha1">
|
|
<!-- For example, these are grub theme files. -->
|
|
<path source="/usr/share/grub/themes" target="grub/themes" pattern=".*"/>
|
|
<!-- These are grub modules - specifically, UEFI. -->
|
|
<path source="/usr/lib/grub/x86_64-efi" target="grub/x86_64-efi" pattern="^.*\.(mod|lst|sh)$"/>
|
|
<!-- And these are ISO files, in case you're like me and do loop mounting in Grub for rescue situations.
|
|
(e.g. https://wiki.archlinux.org/index.php/Multiboot_USB_drive#Using_GRUB_and_loopback_devices) -->
|
|
<!-- You can do this yourself easily via https://git.square-r00t.net/RelChk/ -->
|
|
<!-- <path hashtype="false" source="/boot/iso" target="iso" pattern="^.*\.(iso|img)$"/> -->
|
|
<!-- I use RelChk (see above), so I also copy over the .json files that contain easily accessible information
|
|
about the ISO images. -->
|
|
<path hashtype="md5" source="/boot/iso" target="iso" pattern="^.*\.(iso|img|json)$"/>
|
|
</syncPaths>
|
|
</bootsync>
|