[PR PATCH] Improve consistency of relative paths in kernel hooks

[PR PATCH] Improve consistency of relative paths in kernel hooks

[ahesford]

[-- Attachment #1: Type: text/plain, Size: 1412 bytes --]

There is a new pull request by ahesford against master on the void-packages repository

https://github.com/ahesford/void-packages hooks
https://github.com/void-linux/void-packages/pull/24079

Improve consistency of relative paths in kernel hooks
Motivated by a breakage in the `dracut` removal hook as called from `vkpurge`, I cleaned up several packages that install kernel hooks to try to make their behavior more consistent. The XBPS trigger runs hooks from the target root directory with `ROOTDIR` set, so hooks should accommodate this if possible. `vkpurge` now changes to `/` and sets `ROOTDIR` to make sure any hooks it calls work as expected. It would be good to verify correct operation of all hooks after these changes, but `dkms` and `dracut` seem to be the most critical.

- [x] base-files
- [x] dkms
- [x] dracut
- [ ] gummiboot
- [ ] mkinitcpio
- [ ] refind
- [ ] sbsigntool

**Note 1**: `dracut` now uses `--sysroot .` to (hopefully) operate properly in a relative environment.

**Note 2**: `dkms` makes a lot of assumptions about running in the system root that are trickier to override, and the hook already made a lot of absolute path references, so I went all-in on absolute paths in the `dkms` hooks.

Affected maintainers: @Gottox @q66 @thypon @sgn
General interest: @ericonr @duncaen

A patch file from https://github.com/void-linux/void-packages/pull/24079.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-hooks-24079.patch --]
[-- Type: text/x-diff, Size: 17377 bytes --]

From e4164a9f365ec3b21b707ce80f3ef80fc2c827a8 Mon Sep 17 00:00:00 2001
From: "Andrew J. Hesford" <ajh@sideband.org>
Date: Wed, 5 Aug 2020 12:13:08 -0400
Subject: [PATCH 1/7] base-files: improve consistency of relative paths in
 kernel hooks

---
 srcpkgs/base-files/files/vkpurge | 4 +++-
 srcpkgs/base-files/template      | 2 +-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/srcpkgs/base-files/files/vkpurge b/srcpkgs/base-files/files/vkpurge
index 92098ec736e..5519147b905 100644
--- a/srcpkgs/base-files/files/vkpurge
+++ b/srcpkgs/base-files/files/vkpurge
@@ -39,10 +39,12 @@ list_kernels() {
 run_hooks() {
 	dir="$1"
 	kver="$2"
+
 	for d in /etc/kernel.d/"${dir}"/*; do
 		[ -x "$d" ] || continue
 		printf "Running %s kernel hook: %s...\n" "$dir" "${d##*/}"
-		"$d" kernel "$kver"
+		# Hooks assume they run from the root
+		(cd / && ROOTDIR=. "$d" kernel "$kver")
 	done
 }
 
diff --git a/srcpkgs/base-files/template b/srcpkgs/base-files/template
index d608bc81f57..6b503690606 100644
--- a/srcpkgs/base-files/template
+++ b/srcpkgs/base-files/template
@@ -1,7 +1,7 @@
 # Template file for 'base-files'
 pkgname=base-files
 version=0.141
-revision=1
+revision=2
 bootstrap=yes
 depends="xbps-triggers"
 short_desc="Void Linux base system files"

From 0b70e31d1b4c11572b61e5c2f030bf3678ec1af1 Mon Sep 17 00:00:00 2001
From: "Andrew J. Hesford" <ajh@sideband.org>
Date: Wed, 5 Aug 2020 12:13:08 -0400
Subject: [PATCH 2/7] dkms: improve consistency of relative paths in kernel
 hooks

---
 srcpkgs/dkms/files/kernel.d/dkms.postinst | 34 ++++++++++++-----------
 srcpkgs/dkms/files/kernel.d/dkms.prerm    |  6 ++--
 srcpkgs/dkms/template                     |  2 +-
 3 files changed, 22 insertions(+), 20 deletions(-)

diff --git a/srcpkgs/dkms/files/kernel.d/dkms.postinst b/srcpkgs/dkms/files/kernel.d/dkms.postinst
index 5cfc630de1c..ef2a10bac28 100644
--- a/srcpkgs/dkms/files/kernel.d/dkms.postinst
+++ b/srcpkgs/dkms/files/kernel.d/dkms.postinst
@@ -8,7 +8,7 @@ PKGNAME="$1"
 VERSION="$2"
 ARCH=$(uname -m)
 
-if [ ! -x /usr/sbin/dkms ]; then
+if [ ! -x /usr/bin/dkms ]; then
 	exit 0
 fi
 
@@ -59,16 +59,16 @@ while [ $# -gt 1 ]; do
 	# If adding a module, depmod is necessary unless dkms runs it
 	do_depmod="yes"
 
-	status=$(dkms status -m ${module} -v ${modulever} -k ${VERSION})
+	status=$(/usr/bin/dkms status -m ${module} -v ${modulever} -k ${VERSION})
 	if [ $(echo "$status"|grep -c ": built") -eq 0 ]; then
 		# Check if the module is still there.
-		if [ ! -f usr/src/${module}-${modulever}/dkms.conf ]; then
+		if [ ! -f /usr/src/${module}-${modulever}/dkms.conf ]; then
 			echo "Skipping nonexistent DKMS module: ${module}-${modulever}."
 			continue
 		fi
 		# Build the module
 		echo -n "Building DKMS module: ${module}-${modulever}... "
-		dkms build -q -m ${module} -v ${modulever} -k ${VERSION} -a ${ARCH}
+		/usr/bin/dkms build -q -m ${module} -v ${modulever} -k ${VERSION} -a ${ARCH}
 		rval=$?
 		# If the module was skipped or failed, go to the next module.
 		if [ $rval -eq 0 ]; then
@@ -80,14 +80,14 @@ while [ $# -gt 1 ]; do
 			echo "FAILED!"
 			continue
 		fi
-		status=$(dkms status -m ${module} -v ${modulever} -k ${VERSION})
+		status=$(/usr/bin/dkms status -m ${module} -v ${modulever} -k ${VERSION})
 	fi
 
 	# If the module is built (either pre-built or just now), install it
 	if [ $(echo "$status"|grep -c ": built") -eq 1 ] &&
 	   [ $(echo "$status"|grep -c ": installed") -eq 0 ]; then
 		echo -n "Installing DKMS module: ${module}-${modulever}... "
-		dkms install -q -m ${module} -v ${modulever} -k ${VERSION} -a ${ARCH}
+		/usr/bin/dkms install -q -m ${module} -v ${modulever} -k ${VERSION} -a ${ARCH}
 		rval=$?
 		# If the module failed installation, go to the next module.
 		if [ $rval -eq 0 ]; then
@@ -101,16 +101,18 @@ while [ $# -gt 1 ]; do
 	fi
 done
 
-if [ -n "$do_depmod" ]; then
-	echo -n "Generating kernel module dependency lists... "
-	depmod -a ${VERSION}
-	rval=$?
-	if [ $rval -eq 0 ]; then
-		echo "done."
-	else
-		echo "FAILED!"
-		exit $rval
-	fi
+if [ -z "$do_depmod" ] || [ ! -x /usr/bin/depmod ]; then
+	exit 0
+fi
+
+echo -n "Generating kernel module dependency lists... "
+/usr/bin/depmod -a ${VERSION}
+rval=$?
+if [ $rval -eq 0 ]; then
+	echo "done."
+else
+	echo "FAILED!"
+	exit $rval
 fi
 
 exit 0
diff --git a/srcpkgs/dkms/files/kernel.d/dkms.prerm b/srcpkgs/dkms/files/kernel.d/dkms.prerm
index 0307e895311..155e9734aee 100644
--- a/srcpkgs/dkms/files/kernel.d/dkms.prerm
+++ b/srcpkgs/dkms/files/kernel.d/dkms.prerm
@@ -4,14 +4,14 @@
 PKGNAME="$1"
 VERSION="$2"
 
-if [ -x /usr/sbin/dkms ]; then
+if [ -x /usr/bin/dkms ]; then
 while read line; do
    name=`echo "$line" | awk '{print $1}' | sed 's/,$//'`
    vers=`echo "$line" | awk '{print $2}' | sed 's/,$//'`
    arch=`echo "$line" | awk '{print $4}' | sed 's/:$//'`
    echo "dkms: removing: $name $vers (${PKGNAME}-${VERSION}) ($arch)" >&2
-   dkms remove -q -m $name -v $vers -k ${VERSION} -a $arch
-done < <(dkms status -k ${VERSION} 2>/dev/null | grep ": installed")
+   /usr/bin/dkms remove -q -m $name -v $vers -k ${VERSION} -a $arch
+done < <(/usr/bin/dkms status -k ${VERSION} 2>/dev/null | grep ": installed")
 fi
 
 rmdir \
diff --git a/srcpkgs/dkms/template b/srcpkgs/dkms/template
index 4365bc5a7d7..f6b5035e8a0 100644
--- a/srcpkgs/dkms/template
+++ b/srcpkgs/dkms/template
@@ -1,7 +1,7 @@
 # Template file for 'dkms'
 pkgname=dkms
 version=2.8.3
-revision=1
+revision=2
 conf_files="/etc/dkms/framework.conf"
 depends="bash kmod gcc make coreutils linux-headers"
 short_desc="Dynamic Kernel Modules System"

From 321c3e33d6a955e1a086c04fecce760c8a5a418f Mon Sep 17 00:00:00 2001
From: "Andrew J. Hesford" <ajh@sideband.org>
Date: Wed, 5 Aug 2020 12:13:08 -0400
Subject: [PATCH 3/7] dracut: improve consistency of relative paths in kernel
 hooks

---
 srcpkgs/dracut/files/kernel-hook-postinst      | 4 ++--
 srcpkgs/dracut/files/kernel-hook-postrm        | 4 +---
 srcpkgs/dracut/files/kernel-uefi-hook-postinst | 5 +++--
 srcpkgs/dracut/files/kernel-uefi-hook-postrm   | 4 +---
 srcpkgs/dracut/template                        | 2 +-
 5 files changed, 8 insertions(+), 11 deletions(-)

diff --git a/srcpkgs/dracut/files/kernel-hook-postinst b/srcpkgs/dracut/files/kernel-hook-postinst
index a9d265b6ed6..537af549796 100644
--- a/srcpkgs/dracut/files/kernel-hook-postinst
+++ b/srcpkgs/dracut/files/kernel-hook-postinst
@@ -7,9 +7,9 @@
 PKGNAME="$1"
 VERSION="$2"
 
-if [ ! -x bin/dracut ]; then
+if [ ! -x usr/bin/dracut ]; then
 	exit 0
 fi
 
-dracut -q --force boot/initramfs-${VERSION}.img ${VERSION}
+usr/bin/dracut -q --force --sysroot . boot/initramfs-${VERSION}.img ${VERSION}
 exit $?
diff --git a/srcpkgs/dracut/files/kernel-hook-postrm b/srcpkgs/dracut/files/kernel-hook-postrm
index f99458a4bfa..c338cf617a7 100644
--- a/srcpkgs/dracut/files/kernel-hook-postrm
+++ b/srcpkgs/dracut/files/kernel-hook-postrm
@@ -7,7 +7,5 @@
 PKGNAME="$1"
 VERSION="$2"
 
-if [ -f boot/initramfs-${VERSION}.img ]; then
-	rm -f boot/initramfs-${VERSION}.img
-fi
+rm -f boot/initramfs-${VERSION}.img
 exit $?
diff --git a/srcpkgs/dracut/files/kernel-uefi-hook-postinst b/srcpkgs/dracut/files/kernel-uefi-hook-postinst
index d623c3f86df..f1098a48a81 100644
--- a/srcpkgs/dracut/files/kernel-uefi-hook-postinst
+++ b/srcpkgs/dracut/files/kernel-uefi-hook-postinst
@@ -12,12 +12,13 @@ if [ -z "${CREATE_UEFI_BUNDLES}" ]; then
 	exit 0
 fi
 
-if [ ! -x bin/dracut ]; then
+if [ ! -x usr/bin/dracut ]; then
 	exit 0
 fi
 
 mkdir -p ${UEFI_BUNDLE_DIR:=boot/efi/EFI/void}
 
-dracut -q --force ${KERNEL_CMDLINE:+--kernel-cmdline="${KERNEL_CMDLINE}"} ${DRACUT_OPTIONS} \
+usr/bin/dracut -q --force --sysroot . ${DRACUT_OPTIONS} \
+	${KERNEL_CMDLINE:+--kernel-cmdline="${KERNEL_CMDLINE}"} \
 	--uefi ${UEFI_BUNDLE_DIR}/linux-${VERSION}.efi ${VERSION}
 exit $?
diff --git a/srcpkgs/dracut/files/kernel-uefi-hook-postrm b/srcpkgs/dracut/files/kernel-uefi-hook-postrm
index 8183bb26f08..63b25498789 100644
--- a/srcpkgs/dracut/files/kernel-uefi-hook-postrm
+++ b/srcpkgs/dracut/files/kernel-uefi-hook-postrm
@@ -11,7 +11,5 @@ VERSION="$2"
 
 : "${UEFI_BUNDLE_DIR:=boot/efi/EFI/void}"
 
-if [ -f "${UEFI_BUNDLE_DIR}/linux-${VERSION}.efi" ]; then
-	rm -fv "${UEFI_BUNDLE_DIR}/linux-${VERSION}.efi"
-fi
+rm -fv "${UEFI_BUNDLE_DIR}/linux-${VERSION}.efi"
 exit $?
diff --git a/srcpkgs/dracut/template b/srcpkgs/dracut/template
index 8fb41d17a72..232f70a0d4a 100644
--- a/srcpkgs/dracut/template
+++ b/srcpkgs/dracut/template
@@ -1,7 +1,7 @@
 # Template file for 'dracut'
 pkgname=dracut
 version=050
-revision=5
+revision=6
 build_style=configure
 configure_args="--prefix=/usr --sysconfdir=/etc"
 conf_files="/etc/dracut.conf"

From 386aa5db5b5dbd25f2b4694e5c3ae8cd9f712036 Mon Sep 17 00:00:00 2001
From: "Andrew J. Hesford" <ajh@sideband.org>
Date: Wed, 5 Aug 2020 12:13:08 -0400
Subject: [PATCH 4/7] gummiboot: improve consistency of relative paths in
 kernel hooks

---
 .../files/kernel.d/gummiboot.post-install     | 28 +++++++++----------
 .../files/kernel.d/gummiboot.post-remove      | 16 +++++------
 srcpkgs/gummiboot/template                    |  2 +-
 3 files changed, 23 insertions(+), 23 deletions(-)

diff --git a/srcpkgs/gummiboot/files/kernel.d/gummiboot.post-install b/srcpkgs/gummiboot/files/kernel.d/gummiboot.post-install
index 7f4d27e985d..2517421e3e5 100644
--- a/srcpkgs/gummiboot/files/kernel.d/gummiboot.post-install
+++ b/srcpkgs/gummiboot/files/kernel.d/gummiboot.post-install
@@ -13,33 +13,33 @@ if [ "$GUMMIBOOT_DISABLE" ]; then
 	exit 0
 fi
 
-boot=$ROOTDIR/boot
-entries=$boot/loader/entries
-name=void-$VERSION
-entry=$entries/$name.conf
-options=$boot/loader/void-options.conf
-loader=$boot/loader/loader.conf
+boot="$ROOTDIR/boot"
+entries="$boot/loader/entries"
+name="void-$VERSION"
+entry="$entries/$name.conf"
+options="$boot/loader/void-options.conf"
+loader="$boot/loader/loader.conf"
 
-[ -d $boot ] || exit 0
+[ -d "$boot" ] || exit 0
 
-mkdir -p $entries
+mkdir -p "$entries"
 
-cat <<-EOF > $entry
+cat <<-EOF > "$entry"
 	title Void Linux
 	version $VERSION
 	linux /vmlinuz-$VERSION
 	initrd /initramfs-$VERSION.img
 EOF
 
-if [ -r $options ]; then
+if [ -r "$options" ]; then
 	# Add user provided options from /boot/loader/void-options.conf:
-	printf 'options %s\n' "$(cat $options | sed '/^#/d;/^$/d')" >> $entry
+	printf 'options %s\n' "$(cat "$options" | sed '/^#/d;/^$/d')" >> "$entry"
 fi
 
-if grep -q ^default $loader 2>/dev/null; then
+if grep -q ^default "$loader" 2>/dev/null; then
 	# Replace existing default entry with this entry:
-	sed -i "s/default.*/default $name/" $loader
+	sed -i "s/default.*/default $name/" "$loader"
 else
 	# Add this entry as the default:
-	printf 'default %s\n' $name >>$loader
+	printf 'default %s\n' $name >>"$loader"
 fi
diff --git a/srcpkgs/gummiboot/files/kernel.d/gummiboot.post-remove b/srcpkgs/gummiboot/files/kernel.d/gummiboot.post-remove
index b946d62456a..a207b2d362c 100644
--- a/srcpkgs/gummiboot/files/kernel.d/gummiboot.post-remove
+++ b/srcpkgs/gummiboot/files/kernel.d/gummiboot.post-remove
@@ -7,15 +7,15 @@
 PKGNAME="$1"
 VERSION="$2"
 
-boot=$ROOTDIR/boot
-entries=$boot/loader/entries
-name=void-$VERSION
-entry=$entries/$name.conf
-loader=$boot/loader/loader.conf
+boot="$ROOTDIR/boot"
+entries="$boot/loader/entries"
+name="void-$VERSION"
+entry="$entries/$name.conf"
+loader="$boot/loader/loader.conf"
 
-[ -d $boot ] || exit 0
+[ -d "$boot" ] || exit 0
 
-rm -f $entry
+rm -f "$entry"
 
 # No default entry if the removed entry was the default:
-sed -i "/^default $name\$/d" $loader
+[ -e "$loader" ] && sed -i "/^default $name\$/d" "$loader"
diff --git a/srcpkgs/gummiboot/template b/srcpkgs/gummiboot/template
index a824e27c021..052776fe7ff 100644
--- a/srcpkgs/gummiboot/template
+++ b/srcpkgs/gummiboot/template
@@ -1,7 +1,7 @@
 # Template file for 'gummiboot'
 pkgname=gummiboot
 version=48.1
-revision=5
+revision=6
 archs="i686* x86_64* aarch64*"
 build_style=gnu-configure
 conf_files="/etc/default/gummiboot"

From 2ae30447a7e4e59d0c3fda08c9a3cd593438dc8a Mon Sep 17 00:00:00 2001
From: "Andrew J. Hesford" <ajh@sideband.org>
Date: Wed, 5 Aug 2020 12:13:09 -0400
Subject: [PATCH 5/7] mkinitcpio: improve consistency of relative paths in
 kernel hooks

---
 srcpkgs/mkinitcpio/files/kernel-hook-postinst | 4 ++--
 srcpkgs/mkinitcpio/files/kernel-hook-postrm   | 4 +---
 srcpkgs/mkinitcpio/template                   | 2 +-
 3 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/srcpkgs/mkinitcpio/files/kernel-hook-postinst b/srcpkgs/mkinitcpio/files/kernel-hook-postinst
index 31fe5705812..c6f2ab81264 100644
--- a/srcpkgs/mkinitcpio/files/kernel-hook-postinst
+++ b/srcpkgs/mkinitcpio/files/kernel-hook-postinst
@@ -7,9 +7,9 @@
 PKGNAME="$1"
 VERSION="$2"
 
-if [ ! -x bin/mkinitcpio ]; then
+if [ ! -x usr/bin/mkinitcpio ]; then
 	exit 0
 fi
 
-mkinitcpio -g boot/initramfs-${VERSION}.img -k ${VERSION}
+usr/bin/mkinitcpio -g boot/initramfs-${VERSION}.img -k ${VERSION}
 exit $?
diff --git a/srcpkgs/mkinitcpio/files/kernel-hook-postrm b/srcpkgs/mkinitcpio/files/kernel-hook-postrm
index f099aba66ca..028fd097b87 100644
--- a/srcpkgs/mkinitcpio/files/kernel-hook-postrm
+++ b/srcpkgs/mkinitcpio/files/kernel-hook-postrm
@@ -7,7 +7,5 @@
 PKGNAME="$1"
 VERSION="$2"
 
-if [ -f /boot/initramfs-${VERSION}.img ]; then
-	rm -f /boot/initramfs-${VERSION}.img
-fi
+rm -f boot/initramfs-${VERSION}.img
 exit $?
diff --git a/srcpkgs/mkinitcpio/template b/srcpkgs/mkinitcpio/template
index 303905d0f1f..a0f44360db4 100644
--- a/srcpkgs/mkinitcpio/template
+++ b/srcpkgs/mkinitcpio/template
@@ -1,7 +1,7 @@
 # Template file for 'mkinitcpio'
 pkgname=mkinitcpio
 version=27
-revision=1
+revision=2
 archs=noarch
 build_style=gnu-makefile
 depends="busybox-static bsdtar bash"

From ea584cab2ce5d2c8e8b91441dcdcaf3a4ea25a59 Mon Sep 17 00:00:00 2001
From: "Andrew J. Hesford" <ajh@sideband.org>
Date: Wed, 5 Aug 2020 12:13:09 -0400
Subject: [PATCH 6/7] refind: improve consistency of relative paths in kernel
 hooks

---
 srcpkgs/refind/files/kernel.post-install | 2 +-
 srcpkgs/refind/files/kernel.post-remove  | 2 +-
 srcpkgs/refind/template                  | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/srcpkgs/refind/files/kernel.post-install b/srcpkgs/refind/files/kernel.post-install
index 88b261aaacd..cc00a607665 100755
--- a/srcpkgs/refind/files/kernel.post-install
+++ b/srcpkgs/refind/files/kernel.post-install
@@ -13,7 +13,7 @@ if [ "z$UPDATE_REFIND_CONF" != "z1" ]; then
 fi
 
 # Default refind.conf
-: "${REFIND_CONF:=/boot/EFI/refind/refind.conf}"
+: "${REFIND_CONF:=boot/EFI/refind/refind.conf}"
 
 zrefind_dir="${REFIND_CONF%/*}"
 mkdir -p "$zrefind_dir"
diff --git a/srcpkgs/refind/files/kernel.post-remove b/srcpkgs/refind/files/kernel.post-remove
index efb3786396c..caa91fbb9b4 100755
--- a/srcpkgs/refind/files/kernel.post-remove
+++ b/srcpkgs/refind/files/kernel.post-remove
@@ -13,7 +13,7 @@ if [ "z$UPDATE_REFIND_CONF" != "z1" ]; then
 fi
 
 # Default refind.conf
-: "${REFIND_CONF:=/boot/EFI/refind/refind.conf}"
+: "${REFIND_CONF:=boot/EFI/refind/refind.conf}"
 
 [ -f "$REFIND_CONF" ] || exit 0
 
diff --git a/srcpkgs/refind/template b/srcpkgs/refind/template
index 5e9865b9667..d7f8f2fba1c 100644
--- a/srcpkgs/refind/template
+++ b/srcpkgs/refind/template
@@ -1,7 +1,7 @@
 # Template file for 'refind'
 pkgname=refind
 version=0.12.0
-revision=1
+revision=2
 archs="x86_64* i686* aarch64*"
 makedepends="gnu-efi-libs"
 depends="bash dosfstools efibootmgr"

From e7b7134a236709e4db4d120424aa1752c71bf85d Mon Sep 17 00:00:00 2001
From: "Andrew J. Hesford" <ajh@sideband.org>
Date: Wed, 5 Aug 2020 12:13:09 -0400
Subject: [PATCH 7/7] sbsigntool: improve consistency of relative paths in
 kernel hooks

---
 srcpkgs/sbsigntool/files/kernel.d/sbsigntool.post-install | 8 ++++----
 srcpkgs/sbsigntool/template                               | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/srcpkgs/sbsigntool/files/kernel.d/sbsigntool.post-install b/srcpkgs/sbsigntool/files/kernel.d/sbsigntool.post-install
index bc450dbc428..64cdef10e42 100644
--- a/srcpkgs/sbsigntool/files/kernel.d/sbsigntool.post-install
+++ b/srcpkgs/sbsigntool/files/kernel.d/sbsigntool.post-install
@@ -38,17 +38,17 @@ if [ "x${EFI_SIGN_ENGINE}" != x ]; then
 fi
 
 if ! sbsign $options -k "${EFI_KEY_FILE}" -c "${EFI_CERT_FILE}" \
-	"/boot/vmlinuz-${VERSION}"; then
+	"boot/vmlinuz-${VERSION}"; then
 	msg "failed to sign kernel"
 	exit 1
 fi
 
-if ! sbverify -c "${EFI_CERT_FILE}" "/boot/vmlinuz-${VERSION}.signed"; then
+if ! sbverify -c "${EFI_CERT_FILE}" "boot/vmlinuz-${VERSION}.signed"; then
 	msg "failed to verify the signature"
 	exit 1
 fi
 
 if [ "x${EFI_KEEP_UNSIGNED}" = "x1" ]; then
-	mv -f "/boot/vmlinuz-${VERSION}" "/boot/vmlinuz-${VERSION}.unsigned"
+	mv -f "boot/vmlinuz-${VERSION}" "boot/vmlinuz-${VERSION}.unsigned"
 fi
-mv -f "/boot/vmlinuz-${VERSION}.signed" "/boot/vmlinuz-${VERSION}"
+mv -f "boot/vmlinuz-${VERSION}.signed" "boot/vmlinuz-${VERSION}"
diff --git a/srcpkgs/sbsigntool/template b/srcpkgs/sbsigntool/template
index 6e39cac66d9..0bee8bf00b1 100644
--- a/srcpkgs/sbsigntool/template
+++ b/srcpkgs/sbsigntool/template
@@ -1,7 +1,7 @@
 # Template file for 'sbsigntool'
 pkgname=sbsigntool
 version=0.9.4
-revision=2
+revision=3
 archs="x86_64* i686* aarch64* arm*"
 wrksrc=sbsigntools-$version
 build_style=gnu-configure

Re: [PR REVIEW] Improve consistency of relative paths in kernel hooks

[ericonr]

[-- Attachment #1: Type: text/plain, Size: 194 bytes --]

New review comment by ericonr on void-packages repository

https://github.com/void-linux/void-packages/pull/24079#discussion_r465950009

Comment:
Why not increase `base-files` version directly?

Re: [PR REVIEW] Improve consistency of relative paths in kernel hooks

[ericonr]

[-- Attachment #1: Type: text/plain, Size: 191 bytes --]

New review comment by ericonr on void-packages repository

https://github.com/void-linux/void-packages/pull/24079#discussion_r465952971

Comment:
Why not use `usr/bin/sbverify` here as well?

Re: [PR REVIEW] Improve consistency of relative paths in kernel hooks

[ericonr]

[-- Attachment #1: Type: text/plain, Size: 290 bytes --]

New review comment by ericonr on void-packages repository

https://github.com/void-linux/void-packages/pull/24079#discussion_r465951952

Comment:
I don't like this, because the hook should only be there if dracut itself is installed. @sgn and I didn't include it in the `dracut-uefi` hook.

Re: [PR REVIEW] Improve consistency of relative paths in kernel hooks

[ericonr]

[-- Attachment #1: Type: text/plain, Size: 157 bytes --]

New review comment by ericonr on void-packages repository

https://github.com/void-linux/void-packages/pull/24079#discussion_r465953113

Comment:
Same here.

Re: [PR REVIEW] Improve consistency of relative paths in kernel hooks

[ericonr]

[-- Attachment #1: Type: text/plain, Size: 185 bytes --]

New review comment by ericonr on void-packages repository

https://github.com/void-linux/void-packages/pull/24079#discussion_r465952366

Comment:
Perhaps make this one verbose as well?

Re: [PR PATCH] [Updated] Improve consistency of relative paths in kernel hooks

[ahesford]

[-- Attachment #1: Type: text/plain, Size: 1417 bytes --]

There is an updated pull request by ahesford against master on the void-packages repository

https://github.com/ahesford/void-packages hooks
https://github.com/void-linux/void-packages/pull/24079

Improve consistency of relative paths in kernel hooks
Motivated by a breakage in the `dracut` removal hook as called from `vkpurge`, I cleaned up several packages that install kernel hooks to try to make their behavior more consistent. The XBPS trigger runs hooks from the target root directory with `ROOTDIR` set, so hooks should accommodate this if possible. `vkpurge` now changes to `/` and sets `ROOTDIR` to make sure any hooks it calls work as expected. It would be good to verify correct operation of all hooks after these changes, but `dkms` and `dracut` seem to be the most critical.

- [x] base-files
- [x] dkms
- [x] dracut
- [ ] gummiboot
- [ ] mkinitcpio
- [ ] refind
- [ ] sbsigntool

**Note 1**: `dracut` now uses `--sysroot .` to (hopefully) operate properly in a relative environment.

**Note 2**: `dkms` makes a lot of assumptions about running in the system root that are trickier to override, and the hook already made a lot of absolute path references, so I went all-in on absolute paths in the `dkms` hooks.

Affected maintainers: @Gottox @q66 @thypon @sgn
General interest: @ericonr @duncaen

A patch file from https://github.com/void-linux/void-packages/pull/24079.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-hooks-24079.patch --]
[-- Type: text/x-diff, Size: 17498 bytes --]

From e4164a9f365ec3b21b707ce80f3ef80fc2c827a8 Mon Sep 17 00:00:00 2001
From: "Andrew J. Hesford" <ajh@sideband.org>
Date: Wed, 5 Aug 2020 12:13:08 -0400
Subject: [PATCH 1/7] base-files: improve consistency of relative paths in
 kernel hooks

---
 srcpkgs/base-files/files/vkpurge | 4 +++-
 srcpkgs/base-files/template      | 2 +-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/srcpkgs/base-files/files/vkpurge b/srcpkgs/base-files/files/vkpurge
index 92098ec736e..5519147b905 100644
--- a/srcpkgs/base-files/files/vkpurge
+++ b/srcpkgs/base-files/files/vkpurge
@@ -39,10 +39,12 @@ list_kernels() {
 run_hooks() {
 	dir="$1"
 	kver="$2"
+
 	for d in /etc/kernel.d/"${dir}"/*; do
 		[ -x "$d" ] || continue
 		printf "Running %s kernel hook: %s...\n" "$dir" "${d##*/}"
-		"$d" kernel "$kver"
+		# Hooks assume they run from the root
+		(cd / && ROOTDIR=. "$d" kernel "$kver")
 	done
 }
 
diff --git a/srcpkgs/base-files/template b/srcpkgs/base-files/template
index d608bc81f57..6b503690606 100644
--- a/srcpkgs/base-files/template
+++ b/srcpkgs/base-files/template
@@ -1,7 +1,7 @@
 # Template file for 'base-files'
 pkgname=base-files
 version=0.141
-revision=1
+revision=2
 bootstrap=yes
 depends="xbps-triggers"
 short_desc="Void Linux base system files"

From 0b70e31d1b4c11572b61e5c2f030bf3678ec1af1 Mon Sep 17 00:00:00 2001
From: "Andrew J. Hesford" <ajh@sideband.org>
Date: Wed, 5 Aug 2020 12:13:08 -0400
Subject: [PATCH 2/7] dkms: improve consistency of relative paths in kernel
 hooks

---
 srcpkgs/dkms/files/kernel.d/dkms.postinst | 34 ++++++++++++-----------
 srcpkgs/dkms/files/kernel.d/dkms.prerm    |  6 ++--
 srcpkgs/dkms/template                     |  2 +-
 3 files changed, 22 insertions(+), 20 deletions(-)

diff --git a/srcpkgs/dkms/files/kernel.d/dkms.postinst b/srcpkgs/dkms/files/kernel.d/dkms.postinst
index 5cfc630de1c..ef2a10bac28 100644
--- a/srcpkgs/dkms/files/kernel.d/dkms.postinst
+++ b/srcpkgs/dkms/files/kernel.d/dkms.postinst
@@ -8,7 +8,7 @@ PKGNAME="$1"
 VERSION="$2"
 ARCH=$(uname -m)
 
-if [ ! -x /usr/sbin/dkms ]; then
+if [ ! -x /usr/bin/dkms ]; then
 	exit 0
 fi
 
@@ -59,16 +59,16 @@ while [ $# -gt 1 ]; do
 	# If adding a module, depmod is necessary unless dkms runs it
 	do_depmod="yes"
 
-	status=$(dkms status -m ${module} -v ${modulever} -k ${VERSION})
+	status=$(/usr/bin/dkms status -m ${module} -v ${modulever} -k ${VERSION})
 	if [ $(echo "$status"|grep -c ": built") -eq 0 ]; then
 		# Check if the module is still there.
-		if [ ! -f usr/src/${module}-${modulever}/dkms.conf ]; then
+		if [ ! -f /usr/src/${module}-${modulever}/dkms.conf ]; then
 			echo "Skipping nonexistent DKMS module: ${module}-${modulever}."
 			continue
 		fi
 		# Build the module
 		echo -n "Building DKMS module: ${module}-${modulever}... "
-		dkms build -q -m ${module} -v ${modulever} -k ${VERSION} -a ${ARCH}
+		/usr/bin/dkms build -q -m ${module} -v ${modulever} -k ${VERSION} -a ${ARCH}
 		rval=$?
 		# If the module was skipped or failed, go to the next module.
 		if [ $rval -eq 0 ]; then
@@ -80,14 +80,14 @@ while [ $# -gt 1 ]; do
 			echo "FAILED!"
 			continue
 		fi
-		status=$(dkms status -m ${module} -v ${modulever} -k ${VERSION})
+		status=$(/usr/bin/dkms status -m ${module} -v ${modulever} -k ${VERSION})
 	fi
 
 	# If the module is built (either pre-built or just now), install it
 	if [ $(echo "$status"|grep -c ": built") -eq 1 ] &&
 	   [ $(echo "$status"|grep -c ": installed") -eq 0 ]; then
 		echo -n "Installing DKMS module: ${module}-${modulever}... "
-		dkms install -q -m ${module} -v ${modulever} -k ${VERSION} -a ${ARCH}
+		/usr/bin/dkms install -q -m ${module} -v ${modulever} -k ${VERSION} -a ${ARCH}
 		rval=$?
 		# If the module failed installation, go to the next module.
 		if [ $rval -eq 0 ]; then
@@ -101,16 +101,18 @@ while [ $# -gt 1 ]; do
 	fi
 done
 
-if [ -n "$do_depmod" ]; then
-	echo -n "Generating kernel module dependency lists... "
-	depmod -a ${VERSION}
-	rval=$?
-	if [ $rval -eq 0 ]; then
-		echo "done."
-	else
-		echo "FAILED!"
-		exit $rval
-	fi
+if [ -z "$do_depmod" ] || [ ! -x /usr/bin/depmod ]; then
+	exit 0
+fi
+
+echo -n "Generating kernel module dependency lists... "
+/usr/bin/depmod -a ${VERSION}
+rval=$?
+if [ $rval -eq 0 ]; then
+	echo "done."
+else
+	echo "FAILED!"
+	exit $rval
 fi
 
 exit 0
diff --git a/srcpkgs/dkms/files/kernel.d/dkms.prerm b/srcpkgs/dkms/files/kernel.d/dkms.prerm
index 0307e895311..155e9734aee 100644
--- a/srcpkgs/dkms/files/kernel.d/dkms.prerm
+++ b/srcpkgs/dkms/files/kernel.d/dkms.prerm
@@ -4,14 +4,14 @@
 PKGNAME="$1"
 VERSION="$2"
 
-if [ -x /usr/sbin/dkms ]; then
+if [ -x /usr/bin/dkms ]; then
 while read line; do
    name=`echo "$line" | awk '{print $1}' | sed 's/,$//'`
    vers=`echo "$line" | awk '{print $2}' | sed 's/,$//'`
    arch=`echo "$line" | awk '{print $4}' | sed 's/:$//'`
    echo "dkms: removing: $name $vers (${PKGNAME}-${VERSION}) ($arch)" >&2
-   dkms remove -q -m $name -v $vers -k ${VERSION} -a $arch
-done < <(dkms status -k ${VERSION} 2>/dev/null | grep ": installed")
+   /usr/bin/dkms remove -q -m $name -v $vers -k ${VERSION} -a $arch
+done < <(/usr/bin/dkms status -k ${VERSION} 2>/dev/null | grep ": installed")
 fi
 
 rmdir \
diff --git a/srcpkgs/dkms/template b/srcpkgs/dkms/template
index 4365bc5a7d7..f6b5035e8a0 100644
--- a/srcpkgs/dkms/template
+++ b/srcpkgs/dkms/template
@@ -1,7 +1,7 @@
 # Template file for 'dkms'
 pkgname=dkms
 version=2.8.3
-revision=1
+revision=2
 conf_files="/etc/dkms/framework.conf"
 depends="bash kmod gcc make coreutils linux-headers"
 short_desc="Dynamic Kernel Modules System"

From 321c3e33d6a955e1a086c04fecce760c8a5a418f Mon Sep 17 00:00:00 2001
From: "Andrew J. Hesford" <ajh@sideband.org>
Date: Wed, 5 Aug 2020 12:13:08 -0400
Subject: [PATCH 3/7] dracut: improve consistency of relative paths in kernel
 hooks

---
 srcpkgs/dracut/files/kernel-hook-postinst      | 4 ++--
 srcpkgs/dracut/files/kernel-hook-postrm        | 4 +---
 srcpkgs/dracut/files/kernel-uefi-hook-postinst | 5 +++--
 srcpkgs/dracut/files/kernel-uefi-hook-postrm   | 4 +---
 srcpkgs/dracut/template                        | 2 +-
 5 files changed, 8 insertions(+), 11 deletions(-)

diff --git a/srcpkgs/dracut/files/kernel-hook-postinst b/srcpkgs/dracut/files/kernel-hook-postinst
index a9d265b6ed6..537af549796 100644
--- a/srcpkgs/dracut/files/kernel-hook-postinst
+++ b/srcpkgs/dracut/files/kernel-hook-postinst
@@ -7,9 +7,9 @@
 PKGNAME="$1"
 VERSION="$2"
 
-if [ ! -x bin/dracut ]; then
+if [ ! -x usr/bin/dracut ]; then
 	exit 0
 fi
 
-dracut -q --force boot/initramfs-${VERSION}.img ${VERSION}
+usr/bin/dracut -q --force --sysroot . boot/initramfs-${VERSION}.img ${VERSION}
 exit $?
diff --git a/srcpkgs/dracut/files/kernel-hook-postrm b/srcpkgs/dracut/files/kernel-hook-postrm
index f99458a4bfa..c338cf617a7 100644
--- a/srcpkgs/dracut/files/kernel-hook-postrm
+++ b/srcpkgs/dracut/files/kernel-hook-postrm
@@ -7,7 +7,5 @@
 PKGNAME="$1"
 VERSION="$2"
 
-if [ -f boot/initramfs-${VERSION}.img ]; then
-	rm -f boot/initramfs-${VERSION}.img
-fi
+rm -f boot/initramfs-${VERSION}.img
 exit $?
diff --git a/srcpkgs/dracut/files/kernel-uefi-hook-postinst b/srcpkgs/dracut/files/kernel-uefi-hook-postinst
index d623c3f86df..f1098a48a81 100644
--- a/srcpkgs/dracut/files/kernel-uefi-hook-postinst
+++ b/srcpkgs/dracut/files/kernel-uefi-hook-postinst
@@ -12,12 +12,13 @@ if [ -z "${CREATE_UEFI_BUNDLES}" ]; then
 	exit 0
 fi
 
-if [ ! -x bin/dracut ]; then
+if [ ! -x usr/bin/dracut ]; then
 	exit 0
 fi
 
 mkdir -p ${UEFI_BUNDLE_DIR:=boot/efi/EFI/void}
 
-dracut -q --force ${KERNEL_CMDLINE:+--kernel-cmdline="${KERNEL_CMDLINE}"} ${DRACUT_OPTIONS} \
+usr/bin/dracut -q --force --sysroot . ${DRACUT_OPTIONS} \
+	${KERNEL_CMDLINE:+--kernel-cmdline="${KERNEL_CMDLINE}"} \
 	--uefi ${UEFI_BUNDLE_DIR}/linux-${VERSION}.efi ${VERSION}
 exit $?
diff --git a/srcpkgs/dracut/files/kernel-uefi-hook-postrm b/srcpkgs/dracut/files/kernel-uefi-hook-postrm
index 8183bb26f08..63b25498789 100644
--- a/srcpkgs/dracut/files/kernel-uefi-hook-postrm
+++ b/srcpkgs/dracut/files/kernel-uefi-hook-postrm
@@ -11,7 +11,5 @@ VERSION="$2"
 
 : "${UEFI_BUNDLE_DIR:=boot/efi/EFI/void}"
 
-if [ -f "${UEFI_BUNDLE_DIR}/linux-${VERSION}.efi" ]; then
-	rm -fv "${UEFI_BUNDLE_DIR}/linux-${VERSION}.efi"
-fi
+rm -fv "${UEFI_BUNDLE_DIR}/linux-${VERSION}.efi"
 exit $?
diff --git a/srcpkgs/dracut/template b/srcpkgs/dracut/template
index 8fb41d17a72..232f70a0d4a 100644
--- a/srcpkgs/dracut/template
+++ b/srcpkgs/dracut/template
@@ -1,7 +1,7 @@
 # Template file for 'dracut'
 pkgname=dracut
 version=050
-revision=5
+revision=6
 build_style=configure
 configure_args="--prefix=/usr --sysconfdir=/etc"
 conf_files="/etc/dracut.conf"

From 386aa5db5b5dbd25f2b4694e5c3ae8cd9f712036 Mon Sep 17 00:00:00 2001
From: "Andrew J. Hesford" <ajh@sideband.org>
Date: Wed, 5 Aug 2020 12:13:08 -0400
Subject: [PATCH 4/7] gummiboot: improve consistency of relative paths in
 kernel hooks

---
 .../files/kernel.d/gummiboot.post-install     | 28 +++++++++----------
 .../files/kernel.d/gummiboot.post-remove      | 16 +++++------
 srcpkgs/gummiboot/template                    |  2 +-
 3 files changed, 23 insertions(+), 23 deletions(-)

diff --git a/srcpkgs/gummiboot/files/kernel.d/gummiboot.post-install b/srcpkgs/gummiboot/files/kernel.d/gummiboot.post-install
index 7f4d27e985d..2517421e3e5 100644
--- a/srcpkgs/gummiboot/files/kernel.d/gummiboot.post-install
+++ b/srcpkgs/gummiboot/files/kernel.d/gummiboot.post-install
@@ -13,33 +13,33 @@ if [ "$GUMMIBOOT_DISABLE" ]; then
 	exit 0
 fi
 
-boot=$ROOTDIR/boot
-entries=$boot/loader/entries
-name=void-$VERSION
-entry=$entries/$name.conf
-options=$boot/loader/void-options.conf
-loader=$boot/loader/loader.conf
+boot="$ROOTDIR/boot"
+entries="$boot/loader/entries"
+name="void-$VERSION"
+entry="$entries/$name.conf"
+options="$boot/loader/void-options.conf"
+loader="$boot/loader/loader.conf"
 
-[ -d $boot ] || exit 0
+[ -d "$boot" ] || exit 0
 
-mkdir -p $entries
+mkdir -p "$entries"
 
-cat <<-EOF > $entry
+cat <<-EOF > "$entry"
 	title Void Linux
 	version $VERSION
 	linux /vmlinuz-$VERSION
 	initrd /initramfs-$VERSION.img
 EOF
 
-if [ -r $options ]; then
+if [ -r "$options" ]; then
 	# Add user provided options from /boot/loader/void-options.conf:
-	printf 'options %s\n' "$(cat $options | sed '/^#/d;/^$/d')" >> $entry
+	printf 'options %s\n' "$(cat "$options" | sed '/^#/d;/^$/d')" >> "$entry"
 fi
 
-if grep -q ^default $loader 2>/dev/null; then
+if grep -q ^default "$loader" 2>/dev/null; then
 	# Replace existing default entry with this entry:
-	sed -i "s/default.*/default $name/" $loader
+	sed -i "s/default.*/default $name/" "$loader"
 else
 	# Add this entry as the default:
-	printf 'default %s\n' $name >>$loader
+	printf 'default %s\n' $name >>"$loader"
 fi
diff --git a/srcpkgs/gummiboot/files/kernel.d/gummiboot.post-remove b/srcpkgs/gummiboot/files/kernel.d/gummiboot.post-remove
index b946d62456a..a207b2d362c 100644
--- a/srcpkgs/gummiboot/files/kernel.d/gummiboot.post-remove
+++ b/srcpkgs/gummiboot/files/kernel.d/gummiboot.post-remove
@@ -7,15 +7,15 @@
 PKGNAME="$1"
 VERSION="$2"
 
-boot=$ROOTDIR/boot
-entries=$boot/loader/entries
-name=void-$VERSION
-entry=$entries/$name.conf
-loader=$boot/loader/loader.conf
+boot="$ROOTDIR/boot"
+entries="$boot/loader/entries"
+name="void-$VERSION"
+entry="$entries/$name.conf"
+loader="$boot/loader/loader.conf"
 
-[ -d $boot ] || exit 0
+[ -d "$boot" ] || exit 0
 
-rm -f $entry
+rm -f "$entry"
 
 # No default entry if the removed entry was the default:
-sed -i "/^default $name\$/d" $loader
+[ -e "$loader" ] && sed -i "/^default $name\$/d" "$loader"
diff --git a/srcpkgs/gummiboot/template b/srcpkgs/gummiboot/template
index a824e27c021..052776fe7ff 100644
--- a/srcpkgs/gummiboot/template
+++ b/srcpkgs/gummiboot/template
@@ -1,7 +1,7 @@
 # Template file for 'gummiboot'
 pkgname=gummiboot
 version=48.1
-revision=5
+revision=6
 archs="i686* x86_64* aarch64*"
 build_style=gnu-configure
 conf_files="/etc/default/gummiboot"

From 2ae30447a7e4e59d0c3fda08c9a3cd593438dc8a Mon Sep 17 00:00:00 2001
From: "Andrew J. Hesford" <ajh@sideband.org>
Date: Wed, 5 Aug 2020 12:13:09 -0400
Subject: [PATCH 5/7] mkinitcpio: improve consistency of relative paths in
 kernel hooks

---
 srcpkgs/mkinitcpio/files/kernel-hook-postinst | 4 ++--
 srcpkgs/mkinitcpio/files/kernel-hook-postrm   | 4 +---
 srcpkgs/mkinitcpio/template                   | 2 +-
 3 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/srcpkgs/mkinitcpio/files/kernel-hook-postinst b/srcpkgs/mkinitcpio/files/kernel-hook-postinst
index 31fe5705812..c6f2ab81264 100644
--- a/srcpkgs/mkinitcpio/files/kernel-hook-postinst
+++ b/srcpkgs/mkinitcpio/files/kernel-hook-postinst
@@ -7,9 +7,9 @@
 PKGNAME="$1"
 VERSION="$2"
 
-if [ ! -x bin/mkinitcpio ]; then
+if [ ! -x usr/bin/mkinitcpio ]; then
 	exit 0
 fi
 
-mkinitcpio -g boot/initramfs-${VERSION}.img -k ${VERSION}
+usr/bin/mkinitcpio -g boot/initramfs-${VERSION}.img -k ${VERSION}
 exit $?
diff --git a/srcpkgs/mkinitcpio/files/kernel-hook-postrm b/srcpkgs/mkinitcpio/files/kernel-hook-postrm
index f099aba66ca..028fd097b87 100644
--- a/srcpkgs/mkinitcpio/files/kernel-hook-postrm
+++ b/srcpkgs/mkinitcpio/files/kernel-hook-postrm
@@ -7,7 +7,5 @@
 PKGNAME="$1"
 VERSION="$2"
 
-if [ -f /boot/initramfs-${VERSION}.img ]; then
-	rm -f /boot/initramfs-${VERSION}.img
-fi
+rm -f boot/initramfs-${VERSION}.img
 exit $?
diff --git a/srcpkgs/mkinitcpio/template b/srcpkgs/mkinitcpio/template
index 303905d0f1f..a0f44360db4 100644
--- a/srcpkgs/mkinitcpio/template
+++ b/srcpkgs/mkinitcpio/template
@@ -1,7 +1,7 @@
 # Template file for 'mkinitcpio'
 pkgname=mkinitcpio
 version=27
-revision=1
+revision=2
 archs=noarch
 build_style=gnu-makefile
 depends="busybox-static bsdtar bash"

From ea584cab2ce5d2c8e8b91441dcdcaf3a4ea25a59 Mon Sep 17 00:00:00 2001
From: "Andrew J. Hesford" <ajh@sideband.org>
Date: Wed, 5 Aug 2020 12:13:09 -0400
Subject: [PATCH 6/7] refind: improve consistency of relative paths in kernel
 hooks

---
 srcpkgs/refind/files/kernel.post-install | 2 +-
 srcpkgs/refind/files/kernel.post-remove  | 2 +-
 srcpkgs/refind/template                  | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/srcpkgs/refind/files/kernel.post-install b/srcpkgs/refind/files/kernel.post-install
index 88b261aaacd..cc00a607665 100755
--- a/srcpkgs/refind/files/kernel.post-install
+++ b/srcpkgs/refind/files/kernel.post-install
@@ -13,7 +13,7 @@ if [ "z$UPDATE_REFIND_CONF" != "z1" ]; then
 fi
 
 # Default refind.conf
-: "${REFIND_CONF:=/boot/EFI/refind/refind.conf}"
+: "${REFIND_CONF:=boot/EFI/refind/refind.conf}"
 
 zrefind_dir="${REFIND_CONF%/*}"
 mkdir -p "$zrefind_dir"
diff --git a/srcpkgs/refind/files/kernel.post-remove b/srcpkgs/refind/files/kernel.post-remove
index efb3786396c..caa91fbb9b4 100755
--- a/srcpkgs/refind/files/kernel.post-remove
+++ b/srcpkgs/refind/files/kernel.post-remove
@@ -13,7 +13,7 @@ if [ "z$UPDATE_REFIND_CONF" != "z1" ]; then
 fi
 
 # Default refind.conf
-: "${REFIND_CONF:=/boot/EFI/refind/refind.conf}"
+: "${REFIND_CONF:=boot/EFI/refind/refind.conf}"
 
 [ -f "$REFIND_CONF" ] || exit 0
 
diff --git a/srcpkgs/refind/template b/srcpkgs/refind/template
index 5e9865b9667..d7f8f2fba1c 100644
--- a/srcpkgs/refind/template
+++ b/srcpkgs/refind/template
@@ -1,7 +1,7 @@
 # Template file for 'refind'
 pkgname=refind
 version=0.12.0
-revision=1
+revision=2
 archs="x86_64* i686* aarch64*"
 makedepends="gnu-efi-libs"
 depends="bash dosfstools efibootmgr"

From 30ac0f105f9dc5da9f735a2b5015eed9686ff2c1 Mon Sep 17 00:00:00 2001
From: "Andrew J. Hesford" <ajh@sideband.org>
Date: Wed, 5 Aug 2020 12:13:09 -0400
Subject: [PATCH 7/7] sbsigntool: improve consistency of relative paths in
 kernel hooks

---
 .../sbsigntool/files/kernel.d/sbsigntool.post-install  | 10 +++++-----
 srcpkgs/sbsigntool/template                            |  2 +-
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/srcpkgs/sbsigntool/files/kernel.d/sbsigntool.post-install b/srcpkgs/sbsigntool/files/kernel.d/sbsigntool.post-install
index bc450dbc428..060f0d8e26e 100644
--- a/srcpkgs/sbsigntool/files/kernel.d/sbsigntool.post-install
+++ b/srcpkgs/sbsigntool/files/kernel.d/sbsigntool.post-install
@@ -37,18 +37,18 @@ if [ "x${EFI_SIGN_ENGINE}" != x ]; then
 	options="--engine=${EFI_SIGN_ENGINE}"
 fi
 
-if ! sbsign $options -k "${EFI_KEY_FILE}" -c "${EFI_CERT_FILE}" \
-	"/boot/vmlinuz-${VERSION}"; then
+if ! usr/bin/sbsign $options -k "${EFI_KEY_FILE}" -c "${EFI_CERT_FILE}" \
+	"boot/vmlinuz-${VERSION}"; then
 	msg "failed to sign kernel"
 	exit 1
 fi
 
-if ! sbverify -c "${EFI_CERT_FILE}" "/boot/vmlinuz-${VERSION}.signed"; then
+if ! usr/bin/sbverify -c "${EFI_CERT_FILE}" "boot/vmlinuz-${VERSION}.signed"; then
 	msg "failed to verify the signature"
 	exit 1
 fi
 
 if [ "x${EFI_KEEP_UNSIGNED}" = "x1" ]; then
-	mv -f "/boot/vmlinuz-${VERSION}" "/boot/vmlinuz-${VERSION}.unsigned"
+	mv -f "boot/vmlinuz-${VERSION}" "boot/vmlinuz-${VERSION}.unsigned"
 fi
-mv -f "/boot/vmlinuz-${VERSION}.signed" "/boot/vmlinuz-${VERSION}"
+mv -f "boot/vmlinuz-${VERSION}.signed" "boot/vmlinuz-${VERSION}"
diff --git a/srcpkgs/sbsigntool/template b/srcpkgs/sbsigntool/template
index 6e39cac66d9..0bee8bf00b1 100644
--- a/srcpkgs/sbsigntool/template
+++ b/srcpkgs/sbsigntool/template
@@ -1,7 +1,7 @@
 # Template file for 'sbsigntool'
 pkgname=sbsigntool
 version=0.9.4
-revision=2
+revision=3
 archs="x86_64* i686* aarch64* arm*"
 wrksrc=sbsigntools-$version
 build_style=gnu-configure

Re: Improve consistency of relative paths in kernel hooks

[ahesford]

[-- Attachment #1: Type: text/plain, Size: 1917 bytes --]

New comment by ahesford on void-packages repository

https://github.com/void-linux/void-packages/pull/24079#issuecomment-669474162

Comment:
On 2020-08-05 at 15:28 (UTC -0400), Érico Nogueira Rolim wrote:
> @ericonr commented on this pull request.
> 
> 
> 
> >  version=0.141
> -revision=1
> +revision=2
> 
> Why not increase `base-files` version directly?

Before the last bump there was a long history of revbumping, and a
version bump seems a bit "heavy" for a minor fix.

> > +if [ ! -x usr/bin/dracut ]; then
>  	exit 0
>  fi
> 
> I don't like this, because the hook should only be there if dracut itself is installed. @sgn and I didn't include it in the `dracut-uefi` hook.

That's not unreasonable, but there are many hooks (including in
`kernel-uefi-postinst`) that follow this pattern.

> > @@ -7,7 +7,5 @@
>  PKGNAME="$1"
>  VERSION="$2"
>  
> -if [ -f boot/initramfs-${VERSION}.img ]; then
> -	rm -f boot/initramfs-${VERSION}.img
> -fi
> +rm -f boot/initramfs-${VERSION}.img
> 
> Perhaps make this one verbose as well?

I object to verbose removes even in your UEFI hook. There is no need to
clutter output with messages that an initramfs is being removed when
that's the expected action.

> >  	msg "failed to sign kernel"
>  	exit 1
>  fi
>  
> -if ! sbverify -c "${EFI_CERT_FILE}" "/boot/vmlinuz-${VERSION}.signed"; then
> +if ! sbverify -c "${EFI_CERT_FILE}" "boot/vmlinuz-${VERSION}.signed"; then
> 
> Why not use `usr/bin/sbverify` here as well?
> 
> > @@ -38,17 +38,17 @@ if [ "x${EFI_SIGN_ENGINE}" != x ]; then
>  fi
>  
>  if ! sbsign $options -k "${EFI_KEY_FILE}" -c "${EFI_CERT_FILE}" \
> 
> Same here.

Good points, fixed.

> -- 
> You are receiving this because you authored the thread.
> Reply to this email directly or view it on GitHub:
> https://github.com/void-linux/void-packages/pull/24079#pullrequestreview-461955666

-- 
Andrew J. Hesford
ajh@sideband.org
(Personal communication)

Re: Improve consistency of relative paths in kernel hooks

[ericonr]

[-- Attachment #1: Type: text/plain, Size: 727 bytes --]

New comment by ericonr on void-packages repository

https://github.com/void-linux/void-packages/pull/24079#issuecomment-669485212

Comment:
> Before the last bump there was a long history of revbumping, and a version bump seems a bit "heavy" for a minor fix.

Fair.

> That's not unreasonable, but there are many hooks (including in `kernel-uefi-postinst`) that follow this pattern.

Guess I was mistaken. Ok.

> I object to verbose removes even in your UEFI hook. There is no need to clutter output with messages that an initramfs is being removed when that's the expected action.

I thought about making it verbose to at least fit some pattern. You can remove verbosity from my hook, which achieves the same thing.

Re: [PR REVIEW] Improve consistency of relative paths in kernel hooks

[sgn]

[-- Attachment #1: Type: text/plain, Size: 170 bytes --]

New review comment by sgn on void-packages repository

https://github.com/void-linux/void-packages/pull/24079#discussion_r466087441

Comment:
+1, biting by this just now

Re: [PR REVIEW] Improve consistency of relative paths in kernel hooks

[sgn]

[-- Attachment #1: Type: text/plain, Size: 1405 bytes --]

New review comment by sgn on void-packages repository

https://github.com/void-linux/void-packages/pull/24079#discussion_r466088097

Comment:
This is not correct.
It'll break if user has changed their configuration.
And this will break the path relative to <esp> mountpoint.

Maybe something like this?

```diff
diff --git a/srcpkgs/refind/files/kernel.post-install b/srcpkgs/refind/files/kernel.post-install
index 88b261aaac..70f26936c0 100755
--- a/srcpkgs/refind/files/kernel.post-install
+++ b/srcpkgs/refind/files/kernel.post-install
@@ -15,7 +15,14 @@ fi
 # Default refind.conf
 : "${REFIND_CONF:=/boot/EFI/refind/refind.conf}"
 
+abs_rootdir="$(cd "${ROOTDIR}" && pwd)"
+if [ "$abs_rootdir" != "/" ]; then
+	abs_rootdir="$abs_rootdir/"
+fi
+
+REFIND_CONF="${abs_rootdir}${REFIND_CONF#/}"
 zrefind_dir="${REFIND_CONF%/*}"
+
 mkdir -p "$zrefind_dir"
 touch "$REFIND_CONF"
 
diff --git a/srcpkgs/refind/files/kernel.post-remove b/srcpkgs/refind/files/kernel.post-remove
index efb3786396..b50f19680b 100755
--- a/srcpkgs/refind/files/kernel.post-remove
+++ b/srcpkgs/refind/files/kernel.post-remove
@@ -13,7 +13,8 @@ if [ "z$UPDATE_REFIND_CONF" != "z1" ]; then
 fi
 
 # Default refind.conf
-: "${REFIND_CONF:=/boot/EFI/refind/refind.conf}"
+: "${REFIND_CONF:=boot/EFI/refind/refind.conf}"
+REFIND_CONF="${REFIND_CONF#/}"
 
 [ -f "$REFIND_CONF" ] || exit 0
 
```

Re: [PR REVIEW] Improve consistency of relative paths in kernel hooks

[ahesford]

[-- Attachment #1: Type: text/plain, Size: 532 bytes --]

New review comment by ahesford on void-packages repository

https://github.com/void-linux/void-packages/pull/24079#discussion_r466098367

Comment:
The `post-install` is too complicated. What about
```
REFIND_CONF="$(readlink -m "${ROOTDIR}/${REFIND_CONF:-boot/EFI/refind/refind.conf}" 2>/dev/null)"
[ -n "${REFIND_CONF}" ] || exit 0
```
Since we already rely on `cat`, which is in `coreutils` alongside `readlink`, I don't have a problem just assuming readlink exists. We also just assume `awk` and `sed` are available anyway.

Re: Improve consistency of relative paths in kernel hooks

[sgn]

[-- Attachment #1: Type: text/plain, Size: 1080 bytes --]

New comment by sgn on void-packages repository

https://github.com/void-linux/void-packages/pull/24079#issuecomment-669640399

Comment:
On 2020-08-05 18:50:05-0700, "Andrew J. Hesford" <notifications@github.com> wrote:
> @ahesford commented on this pull request.
> 
> 
> 
> > @@ -13,7 +13,7 @@ if [ "z$UPDATE_REFIND_CONF" != "z1" ]; then
>  fi
>  
>  # Default refind.conf
> -: "${REFIND_CONF:=/boot/EFI/refind/refind.conf}"
> +: "${REFIND_CONF:=boot/EFI/refind/refind.conf}"
> 
> The `post-install` is too complicated. What about
> ```
> REFIND_CONF="$(readlink -m "${ROOTDIR}/${REFIND_CONF:-boot/EFI/refind/refind.conf}" 2>/dev/null)"
> [ -n "${REFIND_CONF}" ] || exit 0
> ```
> Since we already rely on `cat`, which is in `coreutils` alongside
> `readlink`, I don't have a problem just assuming readlink exists. We
> also just assume `awk` and `sed` are available anyway.

The complicated logic below it to ensure if we don't have
`boot/EFI/refind/refind.conf`, we'll create it.

So, `exit 0` isn't a right choice.

for sbsigntool, please use the commit from #23688

-- 
Danh

Re: Improve consistency of relative paths in kernel hooks

[ahesford]

[-- Attachment #1: Type: text/plain, Size: 790 bytes --]

New comment by ahesford on void-packages repository

https://github.com/void-linux/void-packages/pull/24079#issuecomment-669658973

Comment:
On 2020-08-05 at 22:09 (UTC -0400), Danh Doan wrote:
> 
> The complicated logic below it to ensure if we don't have
> `boot/EFI/refind/refind.conf`, we'll create it.
> 
> So, `exit 0` isn't a right choice.

`readlink -m [...]` should always resolve a path because it doesn't
require any of the components to exist. In practice, `$REFIND_CONF` will
*never* be empty, but just in case something goes unexpectedly wrong
(suppose `readlink` is not found or executable, for example), we just
want to give up.

> for sbsigntool, please use the commit from #23688

I'll pull in the commit.

-- 
Andrew J. Hesford
ajh@sideband.org
(Personal communication)

Re: [PR PATCH] [Updated] Improve consistency of relative paths in kernel hooks

[ahesford]

[-- Attachment #1: Type: text/plain, Size: 1417 bytes --]

There is an updated pull request by ahesford against master on the void-packages repository

https://github.com/ahesford/void-packages hooks
https://github.com/void-linux/void-packages/pull/24079

Improve consistency of relative paths in kernel hooks
Motivated by a breakage in the `dracut` removal hook as called from `vkpurge`, I cleaned up several packages that install kernel hooks to try to make their behavior more consistent. The XBPS trigger runs hooks from the target root directory with `ROOTDIR` set, so hooks should accommodate this if possible. `vkpurge` now changes to `/` and sets `ROOTDIR` to make sure any hooks it calls work as expected. It would be good to verify correct operation of all hooks after these changes, but `dkms` and `dracut` seem to be the most critical.

- [x] base-files
- [x] dkms
- [x] dracut
- [ ] gummiboot
- [ ] mkinitcpio
- [ ] refind
- [ ] sbsigntool

**Note 1**: `dracut` now uses `--sysroot .` to (hopefully) operate properly in a relative environment.

**Note 2**: `dkms` makes a lot of assumptions about running in the system root that are trickier to override, and the hook already made a lot of absolute path references, so I went all-in on absolute paths in the `dkms` hooks.

Affected maintainers: @Gottox @q66 @thypon @sgn
General interest: @ericonr @duncaen

A patch file from https://github.com/void-linux/void-packages/pull/24079.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-hooks-24079.patch --]
[-- Type: text/x-diff, Size: 20465 bytes --]

From 5600f36562ab91513b2e7b44093e297c6a1fad66 Mon Sep 17 00:00:00 2001
From: "Andrew J. Hesford" <ajh@sideband.org>
Date: Wed, 5 Aug 2020 12:13:08 -0400
Subject: [PATCH 1/7] base-files: improve consistency of relative paths in
 kernel hooks

---
 srcpkgs/base-files/files/vkpurge | 4 +++-
 srcpkgs/base-files/template      | 2 +-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/srcpkgs/base-files/files/vkpurge b/srcpkgs/base-files/files/vkpurge
index 92098ec736e..5519147b905 100644
--- a/srcpkgs/base-files/files/vkpurge
+++ b/srcpkgs/base-files/files/vkpurge
@@ -39,10 +39,12 @@ list_kernels() {
 run_hooks() {
 	dir="$1"
 	kver="$2"
+
 	for d in /etc/kernel.d/"${dir}"/*; do
 		[ -x "$d" ] || continue
 		printf "Running %s kernel hook: %s...\n" "$dir" "${d##*/}"
-		"$d" kernel "$kver"
+		# Hooks assume they run from the root
+		(cd / && ROOTDIR=. "$d" kernel "$kver")
 	done
 }
 
diff --git a/srcpkgs/base-files/template b/srcpkgs/base-files/template
index d608bc81f57..6b503690606 100644
--- a/srcpkgs/base-files/template
+++ b/srcpkgs/base-files/template
@@ -1,7 +1,7 @@
 # Template file for 'base-files'
 pkgname=base-files
 version=0.141
-revision=1
+revision=2
 bootstrap=yes
 depends="xbps-triggers"
 short_desc="Void Linux base system files"

From 95c237bb582abdf30378d96ebfd17b87fc343f95 Mon Sep 17 00:00:00 2001
From: "Andrew J. Hesford" <ajh@sideband.org>
Date: Wed, 5 Aug 2020 12:13:08 -0400
Subject: [PATCH 2/7] dkms: improve consistency of relative paths in kernel
 hooks

---
 srcpkgs/dkms/files/kernel.d/dkms.postinst | 34 ++++++++++++-----------
 srcpkgs/dkms/files/kernel.d/dkms.prerm    |  6 ++--
 srcpkgs/dkms/template                     |  2 +-
 3 files changed, 22 insertions(+), 20 deletions(-)

diff --git a/srcpkgs/dkms/files/kernel.d/dkms.postinst b/srcpkgs/dkms/files/kernel.d/dkms.postinst
index 5cfc630de1c..ef2a10bac28 100644
--- a/srcpkgs/dkms/files/kernel.d/dkms.postinst
+++ b/srcpkgs/dkms/files/kernel.d/dkms.postinst
@@ -8,7 +8,7 @@ PKGNAME="$1"
 VERSION="$2"
 ARCH=$(uname -m)
 
-if [ ! -x /usr/sbin/dkms ]; then
+if [ ! -x /usr/bin/dkms ]; then
 	exit 0
 fi
 
@@ -59,16 +59,16 @@ while [ $# -gt 1 ]; do
 	# If adding a module, depmod is necessary unless dkms runs it
 	do_depmod="yes"
 
-	status=$(dkms status -m ${module} -v ${modulever} -k ${VERSION})
+	status=$(/usr/bin/dkms status -m ${module} -v ${modulever} -k ${VERSION})
 	if [ $(echo "$status"|grep -c ": built") -eq 0 ]; then
 		# Check if the module is still there.
-		if [ ! -f usr/src/${module}-${modulever}/dkms.conf ]; then
+		if [ ! -f /usr/src/${module}-${modulever}/dkms.conf ]; then
 			echo "Skipping nonexistent DKMS module: ${module}-${modulever}."
 			continue
 		fi
 		# Build the module
 		echo -n "Building DKMS module: ${module}-${modulever}... "
-		dkms build -q -m ${module} -v ${modulever} -k ${VERSION} -a ${ARCH}
+		/usr/bin/dkms build -q -m ${module} -v ${modulever} -k ${VERSION} -a ${ARCH}
 		rval=$?
 		# If the module was skipped or failed, go to the next module.
 		if [ $rval -eq 0 ]; then
@@ -80,14 +80,14 @@ while [ $# -gt 1 ]; do
 			echo "FAILED!"
 			continue
 		fi
-		status=$(dkms status -m ${module} -v ${modulever} -k ${VERSION})
+		status=$(/usr/bin/dkms status -m ${module} -v ${modulever} -k ${VERSION})
 	fi
 
 	# If the module is built (either pre-built or just now), install it
 	if [ $(echo "$status"|grep -c ": built") -eq 1 ] &&
 	   [ $(echo "$status"|grep -c ": installed") -eq 0 ]; then
 		echo -n "Installing DKMS module: ${module}-${modulever}... "
-		dkms install -q -m ${module} -v ${modulever} -k ${VERSION} -a ${ARCH}
+		/usr/bin/dkms install -q -m ${module} -v ${modulever} -k ${VERSION} -a ${ARCH}
 		rval=$?
 		# If the module failed installation, go to the next module.
 		if [ $rval -eq 0 ]; then
@@ -101,16 +101,18 @@ while [ $# -gt 1 ]; do
 	fi
 done
 
-if [ -n "$do_depmod" ]; then
-	echo -n "Generating kernel module dependency lists... "
-	depmod -a ${VERSION}
-	rval=$?
-	if [ $rval -eq 0 ]; then
-		echo "done."
-	else
-		echo "FAILED!"
-		exit $rval
-	fi
+if [ -z "$do_depmod" ] || [ ! -x /usr/bin/depmod ]; then
+	exit 0
+fi
+
+echo -n "Generating kernel module dependency lists... "
+/usr/bin/depmod -a ${VERSION}
+rval=$?
+if [ $rval -eq 0 ]; then
+	echo "done."
+else
+	echo "FAILED!"
+	exit $rval
 fi
 
 exit 0
diff --git a/srcpkgs/dkms/files/kernel.d/dkms.prerm b/srcpkgs/dkms/files/kernel.d/dkms.prerm
index 0307e895311..155e9734aee 100644
--- a/srcpkgs/dkms/files/kernel.d/dkms.prerm
+++ b/srcpkgs/dkms/files/kernel.d/dkms.prerm
@@ -4,14 +4,14 @@
 PKGNAME="$1"
 VERSION="$2"
 
-if [ -x /usr/sbin/dkms ]; then
+if [ -x /usr/bin/dkms ]; then
 while read line; do
    name=`echo "$line" | awk '{print $1}' | sed 's/,$//'`
    vers=`echo "$line" | awk '{print $2}' | sed 's/,$//'`
    arch=`echo "$line" | awk '{print $4}' | sed 's/:$//'`
    echo "dkms: removing: $name $vers (${PKGNAME}-${VERSION}) ($arch)" >&2
-   dkms remove -q -m $name -v $vers -k ${VERSION} -a $arch
-done < <(dkms status -k ${VERSION} 2>/dev/null | grep ": installed")
+   /usr/bin/dkms remove -q -m $name -v $vers -k ${VERSION} -a $arch
+done < <(/usr/bin/dkms status -k ${VERSION} 2>/dev/null | grep ": installed")
 fi
 
 rmdir \
diff --git a/srcpkgs/dkms/template b/srcpkgs/dkms/template
index 4365bc5a7d7..f6b5035e8a0 100644
--- a/srcpkgs/dkms/template
+++ b/srcpkgs/dkms/template
@@ -1,7 +1,7 @@
 # Template file for 'dkms'
 pkgname=dkms
 version=2.8.3
-revision=1
+revision=2
 conf_files="/etc/dkms/framework.conf"
 depends="bash kmod gcc make coreutils linux-headers"
 short_desc="Dynamic Kernel Modules System"

From 490fd3d0ff0709134e758b9af4afdf7b5e9434af Mon Sep 17 00:00:00 2001
From: "Andrew J. Hesford" <ajh@sideband.org>
Date: Wed, 5 Aug 2020 12:13:08 -0400
Subject: [PATCH 3/7] dracut: improve consistency of relative paths in kernel
 hooks

---
 srcpkgs/dracut/files/kernel-hook-postinst      | 4 ++--
 srcpkgs/dracut/files/kernel-hook-postrm        | 4 +---
 srcpkgs/dracut/files/kernel-uefi-hook-postinst | 5 +++--
 srcpkgs/dracut/files/kernel-uefi-hook-postrm   | 4 +---
 srcpkgs/dracut/template                        | 2 +-
 5 files changed, 8 insertions(+), 11 deletions(-)

diff --git a/srcpkgs/dracut/files/kernel-hook-postinst b/srcpkgs/dracut/files/kernel-hook-postinst
index a9d265b6ed6..537af549796 100644
--- a/srcpkgs/dracut/files/kernel-hook-postinst
+++ b/srcpkgs/dracut/files/kernel-hook-postinst
@@ -7,9 +7,9 @@
 PKGNAME="$1"
 VERSION="$2"
 
-if [ ! -x bin/dracut ]; then
+if [ ! -x usr/bin/dracut ]; then
 	exit 0
 fi
 
-dracut -q --force boot/initramfs-${VERSION}.img ${VERSION}
+usr/bin/dracut -q --force --sysroot . boot/initramfs-${VERSION}.img ${VERSION}
 exit $?
diff --git a/srcpkgs/dracut/files/kernel-hook-postrm b/srcpkgs/dracut/files/kernel-hook-postrm
index f99458a4bfa..c338cf617a7 100644
--- a/srcpkgs/dracut/files/kernel-hook-postrm
+++ b/srcpkgs/dracut/files/kernel-hook-postrm
@@ -7,7 +7,5 @@
 PKGNAME="$1"
 VERSION="$2"
 
-if [ -f boot/initramfs-${VERSION}.img ]; then
-	rm -f boot/initramfs-${VERSION}.img
-fi
+rm -f boot/initramfs-${VERSION}.img
 exit $?
diff --git a/srcpkgs/dracut/files/kernel-uefi-hook-postinst b/srcpkgs/dracut/files/kernel-uefi-hook-postinst
index d623c3f86df..f1098a48a81 100644
--- a/srcpkgs/dracut/files/kernel-uefi-hook-postinst
+++ b/srcpkgs/dracut/files/kernel-uefi-hook-postinst
@@ -12,12 +12,13 @@ if [ -z "${CREATE_UEFI_BUNDLES}" ]; then
 	exit 0
 fi
 
-if [ ! -x bin/dracut ]; then
+if [ ! -x usr/bin/dracut ]; then
 	exit 0
 fi
 
 mkdir -p ${UEFI_BUNDLE_DIR:=boot/efi/EFI/void}
 
-dracut -q --force ${KERNEL_CMDLINE:+--kernel-cmdline="${KERNEL_CMDLINE}"} ${DRACUT_OPTIONS} \
+usr/bin/dracut -q --force --sysroot . ${DRACUT_OPTIONS} \
+	${KERNEL_CMDLINE:+--kernel-cmdline="${KERNEL_CMDLINE}"} \
 	--uefi ${UEFI_BUNDLE_DIR}/linux-${VERSION}.efi ${VERSION}
 exit $?
diff --git a/srcpkgs/dracut/files/kernel-uefi-hook-postrm b/srcpkgs/dracut/files/kernel-uefi-hook-postrm
index 8183bb26f08..63b25498789 100644
--- a/srcpkgs/dracut/files/kernel-uefi-hook-postrm
+++ b/srcpkgs/dracut/files/kernel-uefi-hook-postrm
@@ -11,7 +11,5 @@ VERSION="$2"
 
 : "${UEFI_BUNDLE_DIR:=boot/efi/EFI/void}"
 
-if [ -f "${UEFI_BUNDLE_DIR}/linux-${VERSION}.efi" ]; then
-	rm -fv "${UEFI_BUNDLE_DIR}/linux-${VERSION}.efi"
-fi
+rm -fv "${UEFI_BUNDLE_DIR}/linux-${VERSION}.efi"
 exit $?
diff --git a/srcpkgs/dracut/template b/srcpkgs/dracut/template
index 8fb41d17a72..232f70a0d4a 100644
--- a/srcpkgs/dracut/template
+++ b/srcpkgs/dracut/template
@@ -1,7 +1,7 @@
 # Template file for 'dracut'
 pkgname=dracut
 version=050
-revision=5
+revision=6
 build_style=configure
 configure_args="--prefix=/usr --sysconfdir=/etc"
 conf_files="/etc/dracut.conf"

From fa368c1ad2cfd2ae84a90247535d918f759b368d Mon Sep 17 00:00:00 2001
From: "Andrew J. Hesford" <ajh@sideband.org>
Date: Wed, 5 Aug 2020 12:13:08 -0400
Subject: [PATCH 4/7] gummiboot: improve consistency of relative paths in
 kernel hooks

---
 .../files/kernel.d/gummiboot.post-install     | 28 +++++++++----------
 .../files/kernel.d/gummiboot.post-remove      | 16 +++++------
 srcpkgs/gummiboot/template                    |  2 +-
 3 files changed, 23 insertions(+), 23 deletions(-)

diff --git a/srcpkgs/gummiboot/files/kernel.d/gummiboot.post-install b/srcpkgs/gummiboot/files/kernel.d/gummiboot.post-install
index 7f4d27e985d..2517421e3e5 100644
--- a/srcpkgs/gummiboot/files/kernel.d/gummiboot.post-install
+++ b/srcpkgs/gummiboot/files/kernel.d/gummiboot.post-install
@@ -13,33 +13,33 @@ if [ "$GUMMIBOOT_DISABLE" ]; then
 	exit 0
 fi
 
-boot=$ROOTDIR/boot
-entries=$boot/loader/entries
-name=void-$VERSION
-entry=$entries/$name.conf
-options=$boot/loader/void-options.conf
-loader=$boot/loader/loader.conf
+boot="$ROOTDIR/boot"
+entries="$boot/loader/entries"
+name="void-$VERSION"
+entry="$entries/$name.conf"
+options="$boot/loader/void-options.conf"
+loader="$boot/loader/loader.conf"
 
-[ -d $boot ] || exit 0
+[ -d "$boot" ] || exit 0
 
-mkdir -p $entries
+mkdir -p "$entries"
 
-cat <<-EOF > $entry
+cat <<-EOF > "$entry"
 	title Void Linux
 	version $VERSION
 	linux /vmlinuz-$VERSION
 	initrd /initramfs-$VERSION.img
 EOF
 
-if [ -r $options ]; then
+if [ -r "$options" ]; then
 	# Add user provided options from /boot/loader/void-options.conf:
-	printf 'options %s\n' "$(cat $options | sed '/^#/d;/^$/d')" >> $entry
+	printf 'options %s\n' "$(cat "$options" | sed '/^#/d;/^$/d')" >> "$entry"
 fi
 
-if grep -q ^default $loader 2>/dev/null; then
+if grep -q ^default "$loader" 2>/dev/null; then
 	# Replace existing default entry with this entry:
-	sed -i "s/default.*/default $name/" $loader
+	sed -i "s/default.*/default $name/" "$loader"
 else
 	# Add this entry as the default:
-	printf 'default %s\n' $name >>$loader
+	printf 'default %s\n' $name >>"$loader"
 fi
diff --git a/srcpkgs/gummiboot/files/kernel.d/gummiboot.post-remove b/srcpkgs/gummiboot/files/kernel.d/gummiboot.post-remove
index b946d62456a..a207b2d362c 100644
--- a/srcpkgs/gummiboot/files/kernel.d/gummiboot.post-remove
+++ b/srcpkgs/gummiboot/files/kernel.d/gummiboot.post-remove
@@ -7,15 +7,15 @@
 PKGNAME="$1"
 VERSION="$2"
 
-boot=$ROOTDIR/boot
-entries=$boot/loader/entries
-name=void-$VERSION
-entry=$entries/$name.conf
-loader=$boot/loader/loader.conf
+boot="$ROOTDIR/boot"
+entries="$boot/loader/entries"
+name="void-$VERSION"
+entry="$entries/$name.conf"
+loader="$boot/loader/loader.conf"
 
-[ -d $boot ] || exit 0
+[ -d "$boot" ] || exit 0
 
-rm -f $entry
+rm -f "$entry"
 
 # No default entry if the removed entry was the default:
-sed -i "/^default $name\$/d" $loader
+[ -e "$loader" ] && sed -i "/^default $name\$/d" "$loader"
diff --git a/srcpkgs/gummiboot/template b/srcpkgs/gummiboot/template
index a824e27c021..052776fe7ff 100644
--- a/srcpkgs/gummiboot/template
+++ b/srcpkgs/gummiboot/template
@@ -1,7 +1,7 @@
 # Template file for 'gummiboot'
 pkgname=gummiboot
 version=48.1
-revision=5
+revision=6
 archs="i686* x86_64* aarch64*"
 build_style=gnu-configure
 conf_files="/etc/default/gummiboot"

From ff37dc33abae07b7bf4bcfcec8dddf7ee81da0a9 Mon Sep 17 00:00:00 2001
From: "Andrew J. Hesford" <ajh@sideband.org>
Date: Wed, 5 Aug 2020 12:13:09 -0400
Subject: [PATCH 5/7] mkinitcpio: improve consistency of relative paths in
 kernel hooks

---
 srcpkgs/mkinitcpio/files/kernel-hook-postinst | 4 ++--
 srcpkgs/mkinitcpio/files/kernel-hook-postrm   | 4 +---
 srcpkgs/mkinitcpio/template                   | 2 +-
 3 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/srcpkgs/mkinitcpio/files/kernel-hook-postinst b/srcpkgs/mkinitcpio/files/kernel-hook-postinst
index 31fe5705812..c6f2ab81264 100644
--- a/srcpkgs/mkinitcpio/files/kernel-hook-postinst
+++ b/srcpkgs/mkinitcpio/files/kernel-hook-postinst
@@ -7,9 +7,9 @@
 PKGNAME="$1"
 VERSION="$2"
 
-if [ ! -x bin/mkinitcpio ]; then
+if [ ! -x usr/bin/mkinitcpio ]; then
 	exit 0
 fi
 
-mkinitcpio -g boot/initramfs-${VERSION}.img -k ${VERSION}
+usr/bin/mkinitcpio -g boot/initramfs-${VERSION}.img -k ${VERSION}
 exit $?
diff --git a/srcpkgs/mkinitcpio/files/kernel-hook-postrm b/srcpkgs/mkinitcpio/files/kernel-hook-postrm
index f099aba66ca..028fd097b87 100644
--- a/srcpkgs/mkinitcpio/files/kernel-hook-postrm
+++ b/srcpkgs/mkinitcpio/files/kernel-hook-postrm
@@ -7,7 +7,5 @@
 PKGNAME="$1"
 VERSION="$2"
 
-if [ -f /boot/initramfs-${VERSION}.img ]; then
-	rm -f /boot/initramfs-${VERSION}.img
-fi
+rm -f boot/initramfs-${VERSION}.img
 exit $?
diff --git a/srcpkgs/mkinitcpio/template b/srcpkgs/mkinitcpio/template
index 303905d0f1f..a0f44360db4 100644
--- a/srcpkgs/mkinitcpio/template
+++ b/srcpkgs/mkinitcpio/template
@@ -1,7 +1,7 @@
 # Template file for 'mkinitcpio'
 pkgname=mkinitcpio
 version=27
-revision=1
+revision=2
 archs=noarch
 build_style=gnu-makefile
 depends="busybox-static bsdtar bash"

From 94d34101dd2a4d9f7b8dac5e1d293f0c9e91478b Mon Sep 17 00:00:00 2001
From: "Andrew J. Hesford" <ajh@sideband.org>
Date: Wed, 5 Aug 2020 12:13:09 -0400
Subject: [PATCH 6/7] refind: improve consistency of relative paths in kernel
 hooks

---
 srcpkgs/refind/files/kernel.post-install | 5 +++--
 srcpkgs/refind/files/kernel.post-remove  | 4 +++-
 srcpkgs/refind/template                  | 2 +-
 3 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/srcpkgs/refind/files/kernel.post-install b/srcpkgs/refind/files/kernel.post-install
index 88b261aaacd..b56fde5e13e 100755
--- a/srcpkgs/refind/files/kernel.post-install
+++ b/srcpkgs/refind/files/kernel.post-install
@@ -12,8 +12,9 @@ if [ "z$UPDATE_REFIND_CONF" != "z1" ]; then
 	exit 0;
 fi
 
-# Default refind.conf
-: "${REFIND_CONF:=/boot/EFI/refind/refind.conf}"
+# Expand the configuration location wrt the root; full path needs not exist
+REFIND_CONF="$(readlink -m "${ROOTDIR}/${REFIND_CONF:-boot/EFI/refind/refind.conf}" 2>/dev/null)"
+[ -n "${REFIND_CONF}" ] || exit 0
 
 zrefind_dir="${REFIND_CONF%/*}"
 mkdir -p "$zrefind_dir"
diff --git a/srcpkgs/refind/files/kernel.post-remove b/srcpkgs/refind/files/kernel.post-remove
index efb3786396c..58881766e4d 100755
--- a/srcpkgs/refind/files/kernel.post-remove
+++ b/srcpkgs/refind/files/kernel.post-remove
@@ -13,7 +13,9 @@ if [ "z$UPDATE_REFIND_CONF" != "z1" ]; then
 fi
 
 # Default refind.conf
-: "${REFIND_CONF:=/boot/EFI/refind/refind.conf}"
+: "${REFIND_CONF:=boot/EFI/refind/refind.conf}"
+# Make sure paths are relative
+REFIND_CONF="${REFIND_CONF#/}"
 
 [ -f "$REFIND_CONF" ] || exit 0
 
diff --git a/srcpkgs/refind/template b/srcpkgs/refind/template
index 5e9865b9667..d7f8f2fba1c 100644
--- a/srcpkgs/refind/template
+++ b/srcpkgs/refind/template
@@ -1,7 +1,7 @@
 # Template file for 'refind'
 pkgname=refind
 version=0.12.0
-revision=1
+revision=2
 archs="x86_64* i686* aarch64*"
 makedepends="gnu-efi-libs"
 depends="bash dosfstools efibootmgr"

From 6ff6f80cb6b56a6c42d1bd7c9893c47502038fe8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C4=90o=C3=A0n=20Tr=E1=BA=A7n=20C=C3=B4ng=20Danh?=
 <congdanhqx@gmail.com>
Date: Tue, 21 Jul 2020 00:03:15 +0700
Subject: [PATCH 7/7] sbsigntool: rewrite post-install kernel hook

* run the hook on target filesystem
* Use ls | awk to check ownership and permission, instead of relying on
  GNU-stat.
* libify signing code, in order to support uefi bundle in the future
* Stop append signature to the efi signed by current key/cert.

While we're at it,
* add post-remove script to remove unsigned file if exist
---
 .../files/kernel.d/sbsigntool.post-install    | 66 +++++++++++--------
 .../files/kernel.d/sbsigntool.post-remove     | 13 ++++
 srcpkgs/sbsigntool/template                   |  4 +-
 3 files changed, 53 insertions(+), 30 deletions(-)
 create mode 100644 srcpkgs/sbsigntool/files/kernel.d/sbsigntool.post-remove

diff --git a/srcpkgs/sbsigntool/files/kernel.d/sbsigntool.post-install b/srcpkgs/sbsigntool/files/kernel.d/sbsigntool.post-install
index bc450dbc428..70918527711 100644
--- a/srcpkgs/sbsigntool/files/kernel.d/sbsigntool.post-install
+++ b/srcpkgs/sbsigntool/files/kernel.d/sbsigntool.post-install
@@ -9,7 +9,35 @@ PKGNAME="$1"
 VERSION="$2"
 
 msg() {
-	echo "EFI sbsign hook: $1"
+	echo "sbsigntool: $1"
+}
+
+do_sign() {
+	_kernel="$1"
+	if [ ! -f "$_kernel" ]; then
+		msg "$_kernel not found"
+		return 1
+	fi
+	# Ignore efi file signed with this key
+	if usr/bin/sbverify -c "$ROOTDIR/$EFI_CERT_FILE" "$_kernel" >/dev/null 2>&1; then
+		return 0
+	fi
+	if ! usr/bin/sbsign ${EFI_SIGN_ENGINE:+"--engine=$EFI_SIGN_ENGINE"} \
+		-k "$ROOTDIR/$EFI_KEY_FILE" -c "$ROOTDIR/$EFI_CERT_FILE" \
+		"$_kernel"
+	then
+		msg "failed to sign $_kernel"
+		return 1
+	fi
+	if ! usr/bin/sbverify -c "$ROOTDIR/$EFI_CERT_FILE" "$_kernel.signed"; then
+		msg "failed to verify the signature"
+		return 1
+	fi
+
+	if [ "x${EFI_KEEP_UNSIGNED}" = "x1" ]; then
+		mv -f "$_kernel" "$_kernel.unsigned"
+	fi
+	mv -f "$_kernel.signed" "$_kernel"
 }
 
 . "${ROOTDIR}/etc/default/sbsigntool-kernel-hook"
@@ -17,38 +45,18 @@ if [ "x${SBSIGN_EFI_KERNEL}" != x1 ]; then
 	exit 0
 fi
 
-if [ ! -f "${EFI_KEY_FILE}" ] || [ ! -f "${EFI_CERT_FILE}" ]; then
+if [ ! -f "$ROOTDIR/$EFI_KEY_FILE" ] || [ ! -f "$ROOTDIR/$EFI_CERT_FILE" ]; then
 	msg "key and/or certificate is not available"
 	exit 1
 fi
 
-key_stat=$(stat --dereference --format="%a %u" "${EFI_KEY_FILE}")
-
-# check if go=00 owner=0
-if [ "${key_stat}" = "${key_stat%00 0}" ]; then
-	msg "Please  chown root:root '${EFI_KEY_FILE}'"
-	msg "and     chmod go-rwx '${EFI_KEY_FILE}'"
-	exit 1
-fi
-
-# this part is completely untested
-options=""
-if [ "x${EFI_SIGN_ENGINE}" != x ]; then
-	options="--engine=${EFI_SIGN_ENGINE}"
-fi
-
-if ! sbsign $options -k "${EFI_KEY_FILE}" -c "${EFI_CERT_FILE}" \
-	"/boot/vmlinuz-${VERSION}"; then
-	msg "failed to sign kernel"
-	exit 1
-fi
-
-if ! sbverify -c "${EFI_CERT_FILE}" "/boot/vmlinuz-${VERSION}.signed"; then
-	msg "failed to verify the signature"
+# All POSIX comformance ls should work
+if ! ls -Ll "$ROOTDIR/$EFI_KEY_FILE" "$ROOTDIR/$EFI_CERT_FILE" |
+	awk '$1 !~ /^-...------$/ || $3 != "root" { exit 1 }'
+then
+	msg "$EFI_KEY_FILE and $EFI_CERT_FILE must be owned by root."
+	msg "and not readable by other users."
 	exit 1
 fi
 
-if [ "x${EFI_KEEP_UNSIGNED}" = "x1" ]; then
-	mv -f "/boot/vmlinuz-${VERSION}" "/boot/vmlinuz-${VERSION}.unsigned"
-fi
-mv -f "/boot/vmlinuz-${VERSION}.signed" "/boot/vmlinuz-${VERSION}"
+do_sign "boot/vmlinuz-$VERSION"
diff --git a/srcpkgs/sbsigntool/files/kernel.d/sbsigntool.post-remove b/srcpkgs/sbsigntool/files/kernel.d/sbsigntool.post-remove
new file mode 100644
index 00000000000..5d3f73602af
--- /dev/null
+++ b/srcpkgs/sbsigntool/files/kernel.d/sbsigntool.post-remove
@@ -0,0 +1,13 @@
+#!/bin/sh
+#
+# Kernel hook for sbsigntool.
+#
+# Arguments passed to this script: $1 pkgname, $2 version.
+#
+
+PKGNAME="$1"
+VERSION="$2"
+
+if [ -f "boot/vmlinuz-$VERSION.unsigned" ]; then
+	rm -f "boot/vmlinuz-${VERSION}.unsigned"
+fi
diff --git a/srcpkgs/sbsigntool/template b/srcpkgs/sbsigntool/template
index 6e39cac66d9..6ee86139b27 100644
--- a/srcpkgs/sbsigntool/template
+++ b/srcpkgs/sbsigntool/template
@@ -1,7 +1,7 @@
 # Template file for 'sbsigntool'
 pkgname=sbsigntool
 version=0.9.4
-revision=2
+revision=3
 archs="x86_64* i686* aarch64* arm*"
 wrksrc=sbsigntools-$version
 build_style=gnu-configure
@@ -59,4 +59,6 @@ post_install() {
 	# and I'm not sure about their interaction
 	vinstall ${FILESDIR}/kernel.d/sbsigntool.post-install 744 \
 		etc/kernel.d/post-install 40-sbsigntool
+	vinstall ${FILESDIR}/kernel.d/sbsigntool.post-remove 744 \
+		etc/kernel.d/post-remove 40-sbsigntool
 }

Re: [PR PATCH] [Updated] Improve consistency of relative paths in kernel hooks

[ahesford]

[-- Attachment #1: Type: text/plain, Size: 1417 bytes --]

There is an updated pull request by ahesford against master on the void-packages repository

https://github.com/ahesford/void-packages hooks
https://github.com/void-linux/void-packages/pull/24079

Improve consistency of relative paths in kernel hooks
Motivated by a breakage in the `dracut` removal hook as called from `vkpurge`, I cleaned up several packages that install kernel hooks to try to make their behavior more consistent. The XBPS trigger runs hooks from the target root directory with `ROOTDIR` set, so hooks should accommodate this if possible. `vkpurge` now changes to `/` and sets `ROOTDIR` to make sure any hooks it calls work as expected. It would be good to verify correct operation of all hooks after these changes, but `dkms` and `dracut` seem to be the most critical.

- [x] base-files
- [x] dkms
- [x] dracut
- [ ] gummiboot
- [ ] mkinitcpio
- [ ] refind
- [ ] sbsigntool

**Note 1**: `dracut` now uses `--sysroot .` to (hopefully) operate properly in a relative environment.

**Note 2**: `dkms` makes a lot of assumptions about running in the system root that are trickier to override, and the hook already made a lot of absolute path references, so I went all-in on absolute paths in the `dkms` hooks.

Affected maintainers: @Gottox @q66 @thypon @sgn
General interest: @ericonr @duncaen

A patch file from https://github.com/void-linux/void-packages/pull/24079.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-hooks-24079.patch --]
[-- Type: text/x-diff, Size: 20481 bytes --]

From 5600f36562ab91513b2e7b44093e297c6a1fad66 Mon Sep 17 00:00:00 2001
From: "Andrew J. Hesford" <ajh@sideband.org>
Date: Wed, 5 Aug 2020 12:13:08 -0400
Subject: [PATCH 1/7] base-files: improve consistency of relative paths in
 kernel hooks

---
 srcpkgs/base-files/files/vkpurge | 4 +++-
 srcpkgs/base-files/template      | 2 +-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/srcpkgs/base-files/files/vkpurge b/srcpkgs/base-files/files/vkpurge
index 92098ec736e..5519147b905 100644
--- a/srcpkgs/base-files/files/vkpurge
+++ b/srcpkgs/base-files/files/vkpurge
@@ -39,10 +39,12 @@ list_kernels() {
 run_hooks() {
 	dir="$1"
 	kver="$2"
+
 	for d in /etc/kernel.d/"${dir}"/*; do
 		[ -x "$d" ] || continue
 		printf "Running %s kernel hook: %s...\n" "$dir" "${d##*/}"
-		"$d" kernel "$kver"
+		# Hooks assume they run from the root
+		(cd / && ROOTDIR=. "$d" kernel "$kver")
 	done
 }
 
diff --git a/srcpkgs/base-files/template b/srcpkgs/base-files/template
index d608bc81f57..6b503690606 100644
--- a/srcpkgs/base-files/template
+++ b/srcpkgs/base-files/template
@@ -1,7 +1,7 @@
 # Template file for 'base-files'
 pkgname=base-files
 version=0.141
-revision=1
+revision=2
 bootstrap=yes
 depends="xbps-triggers"
 short_desc="Void Linux base system files"

From 95c237bb582abdf30378d96ebfd17b87fc343f95 Mon Sep 17 00:00:00 2001
From: "Andrew J. Hesford" <ajh@sideband.org>
Date: Wed, 5 Aug 2020 12:13:08 -0400
Subject: [PATCH 2/7] dkms: improve consistency of relative paths in kernel
 hooks

---
 srcpkgs/dkms/files/kernel.d/dkms.postinst | 34 ++++++++++++-----------
 srcpkgs/dkms/files/kernel.d/dkms.prerm    |  6 ++--
 srcpkgs/dkms/template                     |  2 +-
 3 files changed, 22 insertions(+), 20 deletions(-)

diff --git a/srcpkgs/dkms/files/kernel.d/dkms.postinst b/srcpkgs/dkms/files/kernel.d/dkms.postinst
index 5cfc630de1c..ef2a10bac28 100644
--- a/srcpkgs/dkms/files/kernel.d/dkms.postinst
+++ b/srcpkgs/dkms/files/kernel.d/dkms.postinst
@@ -8,7 +8,7 @@ PKGNAME="$1"
 VERSION="$2"
 ARCH=$(uname -m)
 
-if [ ! -x /usr/sbin/dkms ]; then
+if [ ! -x /usr/bin/dkms ]; then
 	exit 0
 fi
 
@@ -59,16 +59,16 @@ while [ $# -gt 1 ]; do
 	# If adding a module, depmod is necessary unless dkms runs it
 	do_depmod="yes"
 
-	status=$(dkms status -m ${module} -v ${modulever} -k ${VERSION})
+	status=$(/usr/bin/dkms status -m ${module} -v ${modulever} -k ${VERSION})
 	if [ $(echo "$status"|grep -c ": built") -eq 0 ]; then
 		# Check if the module is still there.
-		if [ ! -f usr/src/${module}-${modulever}/dkms.conf ]; then
+		if [ ! -f /usr/src/${module}-${modulever}/dkms.conf ]; then
 			echo "Skipping nonexistent DKMS module: ${module}-${modulever}."
 			continue
 		fi
 		# Build the module
 		echo -n "Building DKMS module: ${module}-${modulever}... "
-		dkms build -q -m ${module} -v ${modulever} -k ${VERSION} -a ${ARCH}
+		/usr/bin/dkms build -q -m ${module} -v ${modulever} -k ${VERSION} -a ${ARCH}
 		rval=$?
 		# If the module was skipped or failed, go to the next module.
 		if [ $rval -eq 0 ]; then
@@ -80,14 +80,14 @@ while [ $# -gt 1 ]; do
 			echo "FAILED!"
 			continue
 		fi
-		status=$(dkms status -m ${module} -v ${modulever} -k ${VERSION})
+		status=$(/usr/bin/dkms status -m ${module} -v ${modulever} -k ${VERSION})
 	fi
 
 	# If the module is built (either pre-built or just now), install it
 	if [ $(echo "$status"|grep -c ": built") -eq 1 ] &&
 	   [ $(echo "$status"|grep -c ": installed") -eq 0 ]; then
 		echo -n "Installing DKMS module: ${module}-${modulever}... "
-		dkms install -q -m ${module} -v ${modulever} -k ${VERSION} -a ${ARCH}
+		/usr/bin/dkms install -q -m ${module} -v ${modulever} -k ${VERSION} -a ${ARCH}
 		rval=$?
 		# If the module failed installation, go to the next module.
 		if [ $rval -eq 0 ]; then
@@ -101,16 +101,18 @@ while [ $# -gt 1 ]; do
 	fi
 done
 
-if [ -n "$do_depmod" ]; then
-	echo -n "Generating kernel module dependency lists... "
-	depmod -a ${VERSION}
-	rval=$?
-	if [ $rval -eq 0 ]; then
-		echo "done."
-	else
-		echo "FAILED!"
-		exit $rval
-	fi
+if [ -z "$do_depmod" ] || [ ! -x /usr/bin/depmod ]; then
+	exit 0
+fi
+
+echo -n "Generating kernel module dependency lists... "
+/usr/bin/depmod -a ${VERSION}
+rval=$?
+if [ $rval -eq 0 ]; then
+	echo "done."
+else
+	echo "FAILED!"
+	exit $rval
 fi
 
 exit 0
diff --git a/srcpkgs/dkms/files/kernel.d/dkms.prerm b/srcpkgs/dkms/files/kernel.d/dkms.prerm
index 0307e895311..155e9734aee 100644
--- a/srcpkgs/dkms/files/kernel.d/dkms.prerm
+++ b/srcpkgs/dkms/files/kernel.d/dkms.prerm
@@ -4,14 +4,14 @@
 PKGNAME="$1"
 VERSION="$2"
 
-if [ -x /usr/sbin/dkms ]; then
+if [ -x /usr/bin/dkms ]; then
 while read line; do
    name=`echo "$line" | awk '{print $1}' | sed 's/,$//'`
    vers=`echo "$line" | awk '{print $2}' | sed 's/,$//'`
    arch=`echo "$line" | awk '{print $4}' | sed 's/:$//'`
    echo "dkms: removing: $name $vers (${PKGNAME}-${VERSION}) ($arch)" >&2
-   dkms remove -q -m $name -v $vers -k ${VERSION} -a $arch
-done < <(dkms status -k ${VERSION} 2>/dev/null | grep ": installed")
+   /usr/bin/dkms remove -q -m $name -v $vers -k ${VERSION} -a $arch
+done < <(/usr/bin/dkms status -k ${VERSION} 2>/dev/null | grep ": installed")
 fi
 
 rmdir \
diff --git a/srcpkgs/dkms/template b/srcpkgs/dkms/template
index 4365bc5a7d7..f6b5035e8a0 100644
--- a/srcpkgs/dkms/template
+++ b/srcpkgs/dkms/template
@@ -1,7 +1,7 @@
 # Template file for 'dkms'
 pkgname=dkms
 version=2.8.3
-revision=1
+revision=2
 conf_files="/etc/dkms/framework.conf"
 depends="bash kmod gcc make coreutils linux-headers"
 short_desc="Dynamic Kernel Modules System"

From 490fd3d0ff0709134e758b9af4afdf7b5e9434af Mon Sep 17 00:00:00 2001
From: "Andrew J. Hesford" <ajh@sideband.org>
Date: Wed, 5 Aug 2020 12:13:08 -0400
Subject: [PATCH 3/7] dracut: improve consistency of relative paths in kernel
 hooks

---
 srcpkgs/dracut/files/kernel-hook-postinst      | 4 ++--
 srcpkgs/dracut/files/kernel-hook-postrm        | 4 +---
 srcpkgs/dracut/files/kernel-uefi-hook-postinst | 5 +++--
 srcpkgs/dracut/files/kernel-uefi-hook-postrm   | 4 +---
 srcpkgs/dracut/template                        | 2 +-
 5 files changed, 8 insertions(+), 11 deletions(-)

diff --git a/srcpkgs/dracut/files/kernel-hook-postinst b/srcpkgs/dracut/files/kernel-hook-postinst
index a9d265b6ed6..537af549796 100644
--- a/srcpkgs/dracut/files/kernel-hook-postinst
+++ b/srcpkgs/dracut/files/kernel-hook-postinst
@@ -7,9 +7,9 @@
 PKGNAME="$1"
 VERSION="$2"
 
-if [ ! -x bin/dracut ]; then
+if [ ! -x usr/bin/dracut ]; then
 	exit 0
 fi
 
-dracut -q --force boot/initramfs-${VERSION}.img ${VERSION}
+usr/bin/dracut -q --force --sysroot . boot/initramfs-${VERSION}.img ${VERSION}
 exit $?
diff --git a/srcpkgs/dracut/files/kernel-hook-postrm b/srcpkgs/dracut/files/kernel-hook-postrm
index f99458a4bfa..c338cf617a7 100644
--- a/srcpkgs/dracut/files/kernel-hook-postrm
+++ b/srcpkgs/dracut/files/kernel-hook-postrm
@@ -7,7 +7,5 @@
 PKGNAME="$1"
 VERSION="$2"
 
-if [ -f boot/initramfs-${VERSION}.img ]; then
-	rm -f boot/initramfs-${VERSION}.img
-fi
+rm -f boot/initramfs-${VERSION}.img
 exit $?
diff --git a/srcpkgs/dracut/files/kernel-uefi-hook-postinst b/srcpkgs/dracut/files/kernel-uefi-hook-postinst
index d623c3f86df..f1098a48a81 100644
--- a/srcpkgs/dracut/files/kernel-uefi-hook-postinst
+++ b/srcpkgs/dracut/files/kernel-uefi-hook-postinst
@@ -12,12 +12,13 @@ if [ -z "${CREATE_UEFI_BUNDLES}" ]; then
 	exit 0
 fi
 
-if [ ! -x bin/dracut ]; then
+if [ ! -x usr/bin/dracut ]; then
 	exit 0
 fi
 
 mkdir -p ${UEFI_BUNDLE_DIR:=boot/efi/EFI/void}
 
-dracut -q --force ${KERNEL_CMDLINE:+--kernel-cmdline="${KERNEL_CMDLINE}"} ${DRACUT_OPTIONS} \
+usr/bin/dracut -q --force --sysroot . ${DRACUT_OPTIONS} \
+	${KERNEL_CMDLINE:+--kernel-cmdline="${KERNEL_CMDLINE}"} \
 	--uefi ${UEFI_BUNDLE_DIR}/linux-${VERSION}.efi ${VERSION}
 exit $?
diff --git a/srcpkgs/dracut/files/kernel-uefi-hook-postrm b/srcpkgs/dracut/files/kernel-uefi-hook-postrm
index 8183bb26f08..63b25498789 100644
--- a/srcpkgs/dracut/files/kernel-uefi-hook-postrm
+++ b/srcpkgs/dracut/files/kernel-uefi-hook-postrm
@@ -11,7 +11,5 @@ VERSION="$2"
 
 : "${UEFI_BUNDLE_DIR:=boot/efi/EFI/void}"
 
-if [ -f "${UEFI_BUNDLE_DIR}/linux-${VERSION}.efi" ]; then
-	rm -fv "${UEFI_BUNDLE_DIR}/linux-${VERSION}.efi"
-fi
+rm -fv "${UEFI_BUNDLE_DIR}/linux-${VERSION}.efi"
 exit $?
diff --git a/srcpkgs/dracut/template b/srcpkgs/dracut/template
index 8fb41d17a72..232f70a0d4a 100644
--- a/srcpkgs/dracut/template
+++ b/srcpkgs/dracut/template
@@ -1,7 +1,7 @@
 # Template file for 'dracut'
 pkgname=dracut
 version=050
-revision=5
+revision=6
 build_style=configure
 configure_args="--prefix=/usr --sysconfdir=/etc"
 conf_files="/etc/dracut.conf"

From fa368c1ad2cfd2ae84a90247535d918f759b368d Mon Sep 17 00:00:00 2001
From: "Andrew J. Hesford" <ajh@sideband.org>
Date: Wed, 5 Aug 2020 12:13:08 -0400
Subject: [PATCH 4/7] gummiboot: improve consistency of relative paths in
 kernel hooks

---
 .../files/kernel.d/gummiboot.post-install     | 28 +++++++++----------
 .../files/kernel.d/gummiboot.post-remove      | 16 +++++------
 srcpkgs/gummiboot/template                    |  2 +-
 3 files changed, 23 insertions(+), 23 deletions(-)

diff --git a/srcpkgs/gummiboot/files/kernel.d/gummiboot.post-install b/srcpkgs/gummiboot/files/kernel.d/gummiboot.post-install
index 7f4d27e985d..2517421e3e5 100644
--- a/srcpkgs/gummiboot/files/kernel.d/gummiboot.post-install
+++ b/srcpkgs/gummiboot/files/kernel.d/gummiboot.post-install
@@ -13,33 +13,33 @@ if [ "$GUMMIBOOT_DISABLE" ]; then
 	exit 0
 fi
 
-boot=$ROOTDIR/boot
-entries=$boot/loader/entries
-name=void-$VERSION
-entry=$entries/$name.conf
-options=$boot/loader/void-options.conf
-loader=$boot/loader/loader.conf
+boot="$ROOTDIR/boot"
+entries="$boot/loader/entries"
+name="void-$VERSION"
+entry="$entries/$name.conf"
+options="$boot/loader/void-options.conf"
+loader="$boot/loader/loader.conf"
 
-[ -d $boot ] || exit 0
+[ -d "$boot" ] || exit 0
 
-mkdir -p $entries
+mkdir -p "$entries"
 
-cat <<-EOF > $entry
+cat <<-EOF > "$entry"
 	title Void Linux
 	version $VERSION
 	linux /vmlinuz-$VERSION
 	initrd /initramfs-$VERSION.img
 EOF
 
-if [ -r $options ]; then
+if [ -r "$options" ]; then
 	# Add user provided options from /boot/loader/void-options.conf:
-	printf 'options %s\n' "$(cat $options | sed '/^#/d;/^$/d')" >> $entry
+	printf 'options %s\n' "$(cat "$options" | sed '/^#/d;/^$/d')" >> "$entry"
 fi
 
-if grep -q ^default $loader 2>/dev/null; then
+if grep -q ^default "$loader" 2>/dev/null; then
 	# Replace existing default entry with this entry:
-	sed -i "s/default.*/default $name/" $loader
+	sed -i "s/default.*/default $name/" "$loader"
 else
 	# Add this entry as the default:
-	printf 'default %s\n' $name >>$loader
+	printf 'default %s\n' $name >>"$loader"
 fi
diff --git a/srcpkgs/gummiboot/files/kernel.d/gummiboot.post-remove b/srcpkgs/gummiboot/files/kernel.d/gummiboot.post-remove
index b946d62456a..a207b2d362c 100644
--- a/srcpkgs/gummiboot/files/kernel.d/gummiboot.post-remove
+++ b/srcpkgs/gummiboot/files/kernel.d/gummiboot.post-remove
@@ -7,15 +7,15 @@
 PKGNAME="$1"
 VERSION="$2"
 
-boot=$ROOTDIR/boot
-entries=$boot/loader/entries
-name=void-$VERSION
-entry=$entries/$name.conf
-loader=$boot/loader/loader.conf
+boot="$ROOTDIR/boot"
+entries="$boot/loader/entries"
+name="void-$VERSION"
+entry="$entries/$name.conf"
+loader="$boot/loader/loader.conf"
 
-[ -d $boot ] || exit 0
+[ -d "$boot" ] || exit 0
 
-rm -f $entry
+rm -f "$entry"
 
 # No default entry if the removed entry was the default:
-sed -i "/^default $name\$/d" $loader
+[ -e "$loader" ] && sed -i "/^default $name\$/d" "$loader"
diff --git a/srcpkgs/gummiboot/template b/srcpkgs/gummiboot/template
index a824e27c021..052776fe7ff 100644
--- a/srcpkgs/gummiboot/template
+++ b/srcpkgs/gummiboot/template
@@ -1,7 +1,7 @@
 # Template file for 'gummiboot'
 pkgname=gummiboot
 version=48.1
-revision=5
+revision=6
 archs="i686* x86_64* aarch64*"
 build_style=gnu-configure
 conf_files="/etc/default/gummiboot"

From ff37dc33abae07b7bf4bcfcec8dddf7ee81da0a9 Mon Sep 17 00:00:00 2001
From: "Andrew J. Hesford" <ajh@sideband.org>
Date: Wed, 5 Aug 2020 12:13:09 -0400
Subject: [PATCH 5/7] mkinitcpio: improve consistency of relative paths in
 kernel hooks

---
 srcpkgs/mkinitcpio/files/kernel-hook-postinst | 4 ++--
 srcpkgs/mkinitcpio/files/kernel-hook-postrm   | 4 +---
 srcpkgs/mkinitcpio/template                   | 2 +-
 3 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/srcpkgs/mkinitcpio/files/kernel-hook-postinst b/srcpkgs/mkinitcpio/files/kernel-hook-postinst
index 31fe5705812..c6f2ab81264 100644
--- a/srcpkgs/mkinitcpio/files/kernel-hook-postinst
+++ b/srcpkgs/mkinitcpio/files/kernel-hook-postinst
@@ -7,9 +7,9 @@
 PKGNAME="$1"
 VERSION="$2"
 
-if [ ! -x bin/mkinitcpio ]; then
+if [ ! -x usr/bin/mkinitcpio ]; then
 	exit 0
 fi
 
-mkinitcpio -g boot/initramfs-${VERSION}.img -k ${VERSION}
+usr/bin/mkinitcpio -g boot/initramfs-${VERSION}.img -k ${VERSION}
 exit $?
diff --git a/srcpkgs/mkinitcpio/files/kernel-hook-postrm b/srcpkgs/mkinitcpio/files/kernel-hook-postrm
index f099aba66ca..028fd097b87 100644
--- a/srcpkgs/mkinitcpio/files/kernel-hook-postrm
+++ b/srcpkgs/mkinitcpio/files/kernel-hook-postrm
@@ -7,7 +7,5 @@
 PKGNAME="$1"
 VERSION="$2"
 
-if [ -f /boot/initramfs-${VERSION}.img ]; then
-	rm -f /boot/initramfs-${VERSION}.img
-fi
+rm -f boot/initramfs-${VERSION}.img
 exit $?
diff --git a/srcpkgs/mkinitcpio/template b/srcpkgs/mkinitcpio/template
index 303905d0f1f..a0f44360db4 100644
--- a/srcpkgs/mkinitcpio/template
+++ b/srcpkgs/mkinitcpio/template
@@ -1,7 +1,7 @@
 # Template file for 'mkinitcpio'
 pkgname=mkinitcpio
 version=27
-revision=1
+revision=2
 archs=noarch
 build_style=gnu-makefile
 depends="busybox-static bsdtar bash"

From 94d34101dd2a4d9f7b8dac5e1d293f0c9e91478b Mon Sep 17 00:00:00 2001
From: "Andrew J. Hesford" <ajh@sideband.org>
Date: Wed, 5 Aug 2020 12:13:09 -0400
Subject: [PATCH 6/7] refind: improve consistency of relative paths in kernel
 hooks

---
 srcpkgs/refind/files/kernel.post-install | 5 +++--
 srcpkgs/refind/files/kernel.post-remove  | 4 +++-
 srcpkgs/refind/template                  | 2 +-
 3 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/srcpkgs/refind/files/kernel.post-install b/srcpkgs/refind/files/kernel.post-install
index 88b261aaacd..b56fde5e13e 100755
--- a/srcpkgs/refind/files/kernel.post-install
+++ b/srcpkgs/refind/files/kernel.post-install
@@ -12,8 +12,9 @@ if [ "z$UPDATE_REFIND_CONF" != "z1" ]; then
 	exit 0;
 fi
 
-# Default refind.conf
-: "${REFIND_CONF:=/boot/EFI/refind/refind.conf}"
+# Expand the configuration location wrt the root; full path needs not exist
+REFIND_CONF="$(readlink -m "${ROOTDIR}/${REFIND_CONF:-boot/EFI/refind/refind.conf}" 2>/dev/null)"
+[ -n "${REFIND_CONF}" ] || exit 0
 
 zrefind_dir="${REFIND_CONF%/*}"
 mkdir -p "$zrefind_dir"
diff --git a/srcpkgs/refind/files/kernel.post-remove b/srcpkgs/refind/files/kernel.post-remove
index efb3786396c..58881766e4d 100755
--- a/srcpkgs/refind/files/kernel.post-remove
+++ b/srcpkgs/refind/files/kernel.post-remove
@@ -13,7 +13,9 @@ if [ "z$UPDATE_REFIND_CONF" != "z1" ]; then
 fi
 
 # Default refind.conf
-: "${REFIND_CONF:=/boot/EFI/refind/refind.conf}"
+: "${REFIND_CONF:=boot/EFI/refind/refind.conf}"
+# Make sure paths are relative
+REFIND_CONF="${REFIND_CONF#/}"
 
 [ -f "$REFIND_CONF" ] || exit 0
 
diff --git a/srcpkgs/refind/template b/srcpkgs/refind/template
index 5e9865b9667..d7f8f2fba1c 100644
--- a/srcpkgs/refind/template
+++ b/srcpkgs/refind/template
@@ -1,7 +1,7 @@
 # Template file for 'refind'
 pkgname=refind
 version=0.12.0
-revision=1
+revision=2
 archs="x86_64* i686* aarch64*"
 makedepends="gnu-efi-libs"
 depends="bash dosfstools efibootmgr"

From ec2aaca61353eabeeb4eb36e031649345c1a2e72 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C4=90o=C3=A0n=20Tr=E1=BA=A7n=20C=C3=B4ng=20Danh?=
 <congdanhqx@gmail.com>
Date: Tue, 21 Jul 2020 00:03:15 +0700
Subject: [PATCH 7/7] sbsigntool: rewrite post-install kernel hook

* run the hook on target filesystem
* Use ls | awk to check ownership and permission, instead of relying on
  GNU-stat.
* libify signing code, in order to support uefi bundle in the future
* Stop append signature to the efi signed by current key/cert.

While we're at it,
* add post-remove script to remove unsigned file if exist

Closes #23688.
---
 .../files/kernel.d/sbsigntool.post-install    | 66 +++++++++++--------
 .../files/kernel.d/sbsigntool.post-remove     | 13 ++++
 srcpkgs/sbsigntool/template                   |  4 +-
 3 files changed, 53 insertions(+), 30 deletions(-)
 create mode 100644 srcpkgs/sbsigntool/files/kernel.d/sbsigntool.post-remove

diff --git a/srcpkgs/sbsigntool/files/kernel.d/sbsigntool.post-install b/srcpkgs/sbsigntool/files/kernel.d/sbsigntool.post-install
index bc450dbc428..70918527711 100644
--- a/srcpkgs/sbsigntool/files/kernel.d/sbsigntool.post-install
+++ b/srcpkgs/sbsigntool/files/kernel.d/sbsigntool.post-install
@@ -9,7 +9,35 @@ PKGNAME="$1"
 VERSION="$2"
 
 msg() {
-	echo "EFI sbsign hook: $1"
+	echo "sbsigntool: $1"
+}
+
+do_sign() {
+	_kernel="$1"
+	if [ ! -f "$_kernel" ]; then
+		msg "$_kernel not found"
+		return 1
+	fi
+	# Ignore efi file signed with this key
+	if usr/bin/sbverify -c "$ROOTDIR/$EFI_CERT_FILE" "$_kernel" >/dev/null 2>&1; then
+		return 0
+	fi
+	if ! usr/bin/sbsign ${EFI_SIGN_ENGINE:+"--engine=$EFI_SIGN_ENGINE"} \
+		-k "$ROOTDIR/$EFI_KEY_FILE" -c "$ROOTDIR/$EFI_CERT_FILE" \
+		"$_kernel"
+	then
+		msg "failed to sign $_kernel"
+		return 1
+	fi
+	if ! usr/bin/sbverify -c "$ROOTDIR/$EFI_CERT_FILE" "$_kernel.signed"; then
+		msg "failed to verify the signature"
+		return 1
+	fi
+
+	if [ "x${EFI_KEEP_UNSIGNED}" = "x1" ]; then
+		mv -f "$_kernel" "$_kernel.unsigned"
+	fi
+	mv -f "$_kernel.signed" "$_kernel"
 }
 
 . "${ROOTDIR}/etc/default/sbsigntool-kernel-hook"
@@ -17,38 +45,18 @@ if [ "x${SBSIGN_EFI_KERNEL}" != x1 ]; then
 	exit 0
 fi
 
-if [ ! -f "${EFI_KEY_FILE}" ] || [ ! -f "${EFI_CERT_FILE}" ]; then
+if [ ! -f "$ROOTDIR/$EFI_KEY_FILE" ] || [ ! -f "$ROOTDIR/$EFI_CERT_FILE" ]; then
 	msg "key and/or certificate is not available"
 	exit 1
 fi
 
-key_stat=$(stat --dereference --format="%a %u" "${EFI_KEY_FILE}")
-
-# check if go=00 owner=0
-if [ "${key_stat}" = "${key_stat%00 0}" ]; then
-	msg "Please  chown root:root '${EFI_KEY_FILE}'"
-	msg "and     chmod go-rwx '${EFI_KEY_FILE}'"
-	exit 1
-fi
-
-# this part is completely untested
-options=""
-if [ "x${EFI_SIGN_ENGINE}" != x ]; then
-	options="--engine=${EFI_SIGN_ENGINE}"
-fi
-
-if ! sbsign $options -k "${EFI_KEY_FILE}" -c "${EFI_CERT_FILE}" \
-	"/boot/vmlinuz-${VERSION}"; then
-	msg "failed to sign kernel"
-	exit 1
-fi
-
-if ! sbverify -c "${EFI_CERT_FILE}" "/boot/vmlinuz-${VERSION}.signed"; then
-	msg "failed to verify the signature"
+# All POSIX comformance ls should work
+if ! ls -Ll "$ROOTDIR/$EFI_KEY_FILE" "$ROOTDIR/$EFI_CERT_FILE" |
+	awk '$1 !~ /^-...------$/ || $3 != "root" { exit 1 }'
+then
+	msg "$EFI_KEY_FILE and $EFI_CERT_FILE must be owned by root."
+	msg "and not readable by other users."
 	exit 1
 fi
 
-if [ "x${EFI_KEEP_UNSIGNED}" = "x1" ]; then
-	mv -f "/boot/vmlinuz-${VERSION}" "/boot/vmlinuz-${VERSION}.unsigned"
-fi
-mv -f "/boot/vmlinuz-${VERSION}.signed" "/boot/vmlinuz-${VERSION}"
+do_sign "boot/vmlinuz-$VERSION"
diff --git a/srcpkgs/sbsigntool/files/kernel.d/sbsigntool.post-remove b/srcpkgs/sbsigntool/files/kernel.d/sbsigntool.post-remove
new file mode 100644
index 00000000000..5d3f73602af
--- /dev/null
+++ b/srcpkgs/sbsigntool/files/kernel.d/sbsigntool.post-remove
@@ -0,0 +1,13 @@
+#!/bin/sh
+#
+# Kernel hook for sbsigntool.
+#
+# Arguments passed to this script: $1 pkgname, $2 version.
+#
+
+PKGNAME="$1"
+VERSION="$2"
+
+if [ -f "boot/vmlinuz-$VERSION.unsigned" ]; then
+	rm -f "boot/vmlinuz-${VERSION}.unsigned"
+fi
diff --git a/srcpkgs/sbsigntool/template b/srcpkgs/sbsigntool/template
index 6e39cac66d9..6ee86139b27 100644
--- a/srcpkgs/sbsigntool/template
+++ b/srcpkgs/sbsigntool/template
@@ -1,7 +1,7 @@
 # Template file for 'sbsigntool'
 pkgname=sbsigntool
 version=0.9.4
-revision=2
+revision=3
 archs="x86_64* i686* aarch64* arm*"
 wrksrc=sbsigntools-$version
 build_style=gnu-configure
@@ -59,4 +59,6 @@ post_install() {
 	# and I'm not sure about their interaction
 	vinstall ${FILESDIR}/kernel.d/sbsigntool.post-install 744 \
 		etc/kernel.d/post-install 40-sbsigntool
+	vinstall ${FILESDIR}/kernel.d/sbsigntool.post-remove 744 \
+		etc/kernel.d/post-remove 40-sbsigntool
 }

Re: Improve consistency of relative paths in kernel hooks

[sgn]

[-- Attachment #1: Type: text/plain, Size: 599 bytes --]

New comment by sgn on void-packages repository

https://github.com/void-linux/void-packages/pull/24079#issuecomment-669877565

Comment:
> `readlink -m [...]` should always resolve a path because it doesn't require any of the components to exist. In practice, `$REFIND_CONF` will *never* be empty, but just in case something goes unexpectedly wrong (suppose `readlink` is not found or executable, for example), we just want to give up.

Yeah, I think in practice, `$REFIND_CONF` will never be empty. We can just clean up the montrosity below it. I'll look if I can come up with something simple.

Re: Improve consistency of relative paths in kernel hooks

[sgn]

[-- Attachment #1: Type: text/plain, Size: 756 bytes --]

New comment by sgn on void-packages repository

https://github.com/void-linux/void-packages/pull/24079#issuecomment-669877565

Comment:
> `readlink -m [...]` should always resolve a path because it doesn't require any of the components to exist. In practice, `$REFIND_CONF` will *never* be empty, but just in case something goes unexpectedly wrong (suppose `readlink` is not found or executable, for example), we just want to give up.

Yeah, I think in practice, `$REFIND_CONF` will never be empty. We can just clean up the montrosity below it. I'll look if I can come up with something simple.

---
Screw it, `refind-install` only supports `refind.conf` in `\EFI\BOOT\refind.conf` and `\EFI\refind\refind.conf`.

I'll take assumption from there.

Re: Improve consistency of relative paths in kernel hooks

[sgn]

[-- Attachment #1: Type: text/plain, Size: 1360 bytes --]

New comment by sgn on void-packages repository

https://github.com/void-linux/void-packages/pull/24079#issuecomment-669887298

Comment:
Simplified refind, no complicated logic, what do you think?
```sh
#!/bin/sh
#
# Kernel hook for refind.
#
# Arguments passed to this script: $1 pkgname, $2 version.
#
PKGNAME="$1"
VERSION="$2"

. "${ROOTDIR}/etc/default/refind-kernel-hook.conf"
if [ "z$UPDATE_REFIND_CONF" != "z1" ]; then
	exit 0;
fi

# Default refind.conf
: "${REFIND_CONF:=boot/EFI/refind/refind.conf}"
REFIND_CONF=${REFIND_CONF#/}
[ -n "${REFIND_CONF}" ] || exit 0

# refind-install only supports those two paths
refind_dir=
case "$REFIND_CONF" in
*/EFI/[Bb][Oo][Oo][Tt]/refind.conf)
	refind_dir="/EFI/BOOT" ;;
*/EFI/refind/refind.conf)
	refind_dir="/EFI/refind" ;;
*)
	echo >&2 "unsupported \$REFIND_CONF: $REFIND_CONF"
	exit 1 ;;
esac

tmpfile=$(mktemp /tmp/refind.XXXXXXX)

zversion=$(echo "$VERSION" | sed 's/[.]/[.]/g')

(
	# Clean itself if this is force reconfigure
	sed "/^menuentry \"Void Linux $zversion\" [{]\$/,/[}]/d" <"$REFIND_CONF"
	cat <<EOF
menuentry "Void Linux $VERSION" {
	icon     $refind_dir/icons/os_void.png
	volume   "Void Linux"
	loader   /vmlinuz-$VERSION
	initrd   /initramfs-$VERSION.img
	options  "$OPTIONS"
}
EOF
) >"$tmpfile"

mv "$tmpfile" "$REFIND_CONF"

exit 0
```

Re: Improve consistency of relative paths in kernel hooks

[sgn]

[-- Attachment #1: Type: text/plain, Size: 1522 bytes --]

New comment by sgn on void-packages repository

https://github.com/void-linux/void-packages/pull/24079#issuecomment-669887298

Comment:
Simplified refind, no complicated logic, what do you think?
For your convenience, that patch can be taken from here: https://github.com/void-linux/void-packages/pull/23688/commits/eeeaea4d37068c199a822e2b62b6ce67de8e1fdd
```sh
#!/bin/sh
#
# Kernel hook for refind.
#
# Arguments passed to this script: $1 pkgname, $2 version.
#
PKGNAME="$1"
VERSION="$2"

. "${ROOTDIR}/etc/default/refind-kernel-hook.conf"
if [ "z$UPDATE_REFIND_CONF" != "z1" ]; then
	exit 0;
fi

# Default refind.conf
: "${REFIND_CONF:=boot/EFI/refind/refind.conf}"
REFIND_CONF=${REFIND_CONF#/}
[ -n "${REFIND_CONF}" ] || exit 0

# refind-install only supports those two paths
refind_dir=
case "$REFIND_CONF" in
*/EFI/[Bb][Oo][Oo][Tt]/refind.conf)
	refind_dir="/EFI/BOOT" ;;
*/EFI/refind/refind.conf)
	refind_dir="/EFI/refind" ;;
*)
	echo >&2 "unsupported \$REFIND_CONF: $REFIND_CONF"
	exit 1 ;;
esac

tmpfile=$(mktemp /tmp/refind.XXXXXXX)

zversion=$(echo "$VERSION" | sed 's/[.]/[.]/g')

(
	# Clean itself if this is force reconfigure
	sed "/^menuentry \"Void Linux $zversion\" [{]\$/,/[}]/d" <"$REFIND_CONF"
	cat <<EOF
menuentry "Void Linux $VERSION" {
	icon     $refind_dir/icons/os_void.png
	volume   "Void Linux"
	loader   /vmlinuz-$VERSION
	initrd   /initramfs-$VERSION.img
	options  "$OPTIONS"
}
EOF
) >"$tmpfile"

mv "$tmpfile" "$REFIND_CONF"

exit 0
```

Re: Improve consistency of relative paths in kernel hooks

[sgn]

[-- Attachment #1: Type: text/plain, Size: 1584 bytes --]

New comment by sgn on void-packages repository

https://github.com/void-linux/void-packages/pull/24079#issuecomment-669887298

Comment:
Simplified refind, no complicated logic, what do you think?
For your convenience, that patch can be taken from here: https://github.com/void-linux/void-packages/pull/23688/commits/6fac00c4dadc63454ebb09a424478aec703e86d0
```sh
#!/bin/sh
#
# Kernel hook for refind.
#
# Arguments passed to this script: $1 pkgname, $2 version.
#
PKGNAME="$1"
VERSION="$2"

. "${ROOTDIR}/etc/default/refind-kernel-hook.conf"
if [ "z$UPDATE_REFIND_CONF" != "z1" ]; then
	exit 0;
fi

# Default refind.conf
: "${REFIND_CONF:=boot/EFI/refind/refind.conf}"
REFIND_CONF=${REFIND_CONF#/}
[ -n "${REFIND_CONF}" ] || exit 0

# refind-install only supports those two paths
refind_dir=
case "$REFIND_CONF" in
*/EFI/[Bb][Oo][Oo][Tt]/refind.conf)
	refind_dir="/EFI/BOOT" ;;
*/EFI/refind/refind.conf)
	refind_dir="/EFI/refind" ;;
*)
	echo >&2 "unsupported \$REFIND_CONF: $REFIND_CONF"
	exit 1 ;;
esac

tmpfile=$(mktemp /tmp/refind.XXXXXXX)

zversion=$(echo "$VERSION" | sed 's/[.]/[.]/g')

(
	cat <<EOF
menuentry "Void Linux $VERSION" {
	icon     $refind_dir/icons/os_void.png
	volume   "Void Linux"
	loader   /vmlinuz-$VERSION
	initrd   /initramfs-$VERSION.img
	options  "$OPTIONS"
}
EOF
	# Clean itself if this is force reconfigure
	sed "/^menuentry \"Void Linux $zversion\" [{]\$/,/[}]/d" <"$REFIND_CONF"
) >"$tmpfile"

mv "$tmpfile" "$REFIND_CONF"

exit 0
```

---
EDIT: `cat` first, `sed` later, keep old conf layout.

Re: Improve consistency of relative paths in kernel hooks

[sgn]

[-- Attachment #1: Type: text/plain, Size: 1584 bytes --]

New comment by sgn on void-packages repository

https://github.com/void-linux/void-packages/pull/24079#issuecomment-669887298

Comment:
Simplified refind, no complicated logic, what do you think?
For your convenience, that patch can be taken from here: https://github.com/void-linux/void-packages/pull/23688/commits/53bdcc8d3e0f41f29ed5dccaa0496ed1052bd7de
```sh
#!/bin/sh
#
# Kernel hook for refind.
#
# Arguments passed to this script: $1 pkgname, $2 version.
#
PKGNAME="$1"
VERSION="$2"

. "${ROOTDIR}/etc/default/refind-kernel-hook.conf"
if [ "z$UPDATE_REFIND_CONF" != "z1" ]; then
	exit 0;
fi

# Default refind.conf
: "${REFIND_CONF:=boot/EFI/refind/refind.conf}"
REFIND_CONF=${REFIND_CONF#/}
[ -n "${REFIND_CONF}" ] || exit 0

# refind-install only supports those two paths
refind_dir=
case "$REFIND_CONF" in
*/EFI/[Bb][Oo][Oo][Tt]/refind.conf)
	refind_dir="/EFI/BOOT" ;;
*/EFI/refind/refind.conf)
	refind_dir="/EFI/refind" ;;
*)
	echo >&2 "unsupported \$REFIND_CONF: $REFIND_CONF"
	exit 1 ;;
esac

tmpfile=$(mktemp /tmp/refind.XXXXXXX)

zversion=$(echo "$VERSION" | sed 's/[.]/[.]/g')

(
	cat <<EOF
menuentry "Void Linux $VERSION" {
	icon     $refind_dir/icons/os_void.png
	volume   "Void Linux"
	loader   /vmlinuz-$VERSION
	initrd   /initramfs-$VERSION.img
	options  "$OPTIONS"
}
EOF
	# Clean itself if this is force reconfigure
	sed "/^menuentry \"Void Linux $zversion\" [{]\$/,/[}]/d" <"$REFIND_CONF"
) >"$tmpfile"

mv "$tmpfile" "$REFIND_CONF"

exit 0
```

---
EDIT: `cat` first, `sed` later, keep old conf layout.

Re: [PR PATCH] [Updated] Improve consistency of relative paths in kernel hooks

[ahesford]

[-- Attachment #1: Type: text/plain, Size: 1417 bytes --]

There is an updated pull request by ahesford against master on the void-packages repository

https://github.com/ahesford/void-packages hooks
https://github.com/void-linux/void-packages/pull/24079

Improve consistency of relative paths in kernel hooks
Motivated by a breakage in the `dracut` removal hook as called from `vkpurge`, I cleaned up several packages that install kernel hooks to try to make their behavior more consistent. The XBPS trigger runs hooks from the target root directory with `ROOTDIR` set, so hooks should accommodate this if possible. `vkpurge` now changes to `/` and sets `ROOTDIR` to make sure any hooks it calls work as expected. It would be good to verify correct operation of all hooks after these changes, but `dkms` and `dracut` seem to be the most critical.

- [x] base-files
- [x] dkms
- [x] dracut
- [ ] gummiboot
- [ ] mkinitcpio
- [ ] refind
- [x] sbsigntool

**Note 1**: `dracut` now uses `--sysroot .` to (hopefully) operate properly in a relative environment.

**Note 2**: `dkms` makes a lot of assumptions about running in the system root that are trickier to override, and the hook already made a lot of absolute path references, so I went all-in on absolute paths in the `dkms` hooks.

Affected maintainers: @Gottox @q66 @thypon @sgn
General interest: @ericonr @duncaen

A patch file from https://github.com/void-linux/void-packages/pull/24079.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-hooks-24079.patch --]
[-- Type: text/x-diff, Size: 20790 bytes --]

From 5600f36562ab91513b2e7b44093e297c6a1fad66 Mon Sep 17 00:00:00 2001
From: "Andrew J. Hesford" <ajh@sideband.org>
Date: Wed, 5 Aug 2020 12:13:08 -0400
Subject: [PATCH 1/7] base-files: improve consistency of relative paths in
 kernel hooks

---
 srcpkgs/base-files/files/vkpurge | 4 +++-
 srcpkgs/base-files/template      | 2 +-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/srcpkgs/base-files/files/vkpurge b/srcpkgs/base-files/files/vkpurge
index 92098ec736e..5519147b905 100644
--- a/srcpkgs/base-files/files/vkpurge
+++ b/srcpkgs/base-files/files/vkpurge
@@ -39,10 +39,12 @@ list_kernels() {
 run_hooks() {
 	dir="$1"
 	kver="$2"
+
 	for d in /etc/kernel.d/"${dir}"/*; do
 		[ -x "$d" ] || continue
 		printf "Running %s kernel hook: %s...\n" "$dir" "${d##*/}"
-		"$d" kernel "$kver"
+		# Hooks assume they run from the root
+		(cd / && ROOTDIR=. "$d" kernel "$kver")
 	done
 }
 
diff --git a/srcpkgs/base-files/template b/srcpkgs/base-files/template
index d608bc81f57..6b503690606 100644
--- a/srcpkgs/base-files/template
+++ b/srcpkgs/base-files/template
@@ -1,7 +1,7 @@
 # Template file for 'base-files'
 pkgname=base-files
 version=0.141
-revision=1
+revision=2
 bootstrap=yes
 depends="xbps-triggers"
 short_desc="Void Linux base system files"

From 95c237bb582abdf30378d96ebfd17b87fc343f95 Mon Sep 17 00:00:00 2001
From: "Andrew J. Hesford" <ajh@sideband.org>
Date: Wed, 5 Aug 2020 12:13:08 -0400
Subject: [PATCH 2/7] dkms: improve consistency of relative paths in kernel
 hooks

---
 srcpkgs/dkms/files/kernel.d/dkms.postinst | 34 ++++++++++++-----------
 srcpkgs/dkms/files/kernel.d/dkms.prerm    |  6 ++--
 srcpkgs/dkms/template                     |  2 +-
 3 files changed, 22 insertions(+), 20 deletions(-)

diff --git a/srcpkgs/dkms/files/kernel.d/dkms.postinst b/srcpkgs/dkms/files/kernel.d/dkms.postinst
index 5cfc630de1c..ef2a10bac28 100644
--- a/srcpkgs/dkms/files/kernel.d/dkms.postinst
+++ b/srcpkgs/dkms/files/kernel.d/dkms.postinst
@@ -8,7 +8,7 @@ PKGNAME="$1"
 VERSION="$2"
 ARCH=$(uname -m)
 
-if [ ! -x /usr/sbin/dkms ]; then
+if [ ! -x /usr/bin/dkms ]; then
 	exit 0
 fi
 
@@ -59,16 +59,16 @@ while [ $# -gt 1 ]; do
 	# If adding a module, depmod is necessary unless dkms runs it
 	do_depmod="yes"
 
-	status=$(dkms status -m ${module} -v ${modulever} -k ${VERSION})
+	status=$(/usr/bin/dkms status -m ${module} -v ${modulever} -k ${VERSION})
 	if [ $(echo "$status"|grep -c ": built") -eq 0 ]; then
 		# Check if the module is still there.
-		if [ ! -f usr/src/${module}-${modulever}/dkms.conf ]; then
+		if [ ! -f /usr/src/${module}-${modulever}/dkms.conf ]; then
 			echo "Skipping nonexistent DKMS module: ${module}-${modulever}."
 			continue
 		fi
 		# Build the module
 		echo -n "Building DKMS module: ${module}-${modulever}... "
-		dkms build -q -m ${module} -v ${modulever} -k ${VERSION} -a ${ARCH}
+		/usr/bin/dkms build -q -m ${module} -v ${modulever} -k ${VERSION} -a ${ARCH}
 		rval=$?
 		# If the module was skipped or failed, go to the next module.
 		if [ $rval -eq 0 ]; then
@@ -80,14 +80,14 @@ while [ $# -gt 1 ]; do
 			echo "FAILED!"
 			continue
 		fi
-		status=$(dkms status -m ${module} -v ${modulever} -k ${VERSION})
+		status=$(/usr/bin/dkms status -m ${module} -v ${modulever} -k ${VERSION})
 	fi
 
 	# If the module is built (either pre-built or just now), install it
 	if [ $(echo "$status"|grep -c ": built") -eq 1 ] &&
 	   [ $(echo "$status"|grep -c ": installed") -eq 0 ]; then
 		echo -n "Installing DKMS module: ${module}-${modulever}... "
-		dkms install -q -m ${module} -v ${modulever} -k ${VERSION} -a ${ARCH}
+		/usr/bin/dkms install -q -m ${module} -v ${modulever} -k ${VERSION} -a ${ARCH}
 		rval=$?
 		# If the module failed installation, go to the next module.
 		if [ $rval -eq 0 ]; then
@@ -101,16 +101,18 @@ while [ $# -gt 1 ]; do
 	fi
 done
 
-if [ -n "$do_depmod" ]; then
-	echo -n "Generating kernel module dependency lists... "
-	depmod -a ${VERSION}
-	rval=$?
-	if [ $rval -eq 0 ]; then
-		echo "done."
-	else
-		echo "FAILED!"
-		exit $rval
-	fi
+if [ -z "$do_depmod" ] || [ ! -x /usr/bin/depmod ]; then
+	exit 0
+fi
+
+echo -n "Generating kernel module dependency lists... "
+/usr/bin/depmod -a ${VERSION}
+rval=$?
+if [ $rval -eq 0 ]; then
+	echo "done."
+else
+	echo "FAILED!"
+	exit $rval
 fi
 
 exit 0
diff --git a/srcpkgs/dkms/files/kernel.d/dkms.prerm b/srcpkgs/dkms/files/kernel.d/dkms.prerm
index 0307e895311..155e9734aee 100644
--- a/srcpkgs/dkms/files/kernel.d/dkms.prerm
+++ b/srcpkgs/dkms/files/kernel.d/dkms.prerm
@@ -4,14 +4,14 @@
 PKGNAME="$1"
 VERSION="$2"
 
-if [ -x /usr/sbin/dkms ]; then
+if [ -x /usr/bin/dkms ]; then
 while read line; do
    name=`echo "$line" | awk '{print $1}' | sed 's/,$//'`
    vers=`echo "$line" | awk '{print $2}' | sed 's/,$//'`
    arch=`echo "$line" | awk '{print $4}' | sed 's/:$//'`
    echo "dkms: removing: $name $vers (${PKGNAME}-${VERSION}) ($arch)" >&2
-   dkms remove -q -m $name -v $vers -k ${VERSION} -a $arch
-done < <(dkms status -k ${VERSION} 2>/dev/null | grep ": installed")
+   /usr/bin/dkms remove -q -m $name -v $vers -k ${VERSION} -a $arch
+done < <(/usr/bin/dkms status -k ${VERSION} 2>/dev/null | grep ": installed")
 fi
 
 rmdir \
diff --git a/srcpkgs/dkms/template b/srcpkgs/dkms/template
index 4365bc5a7d7..f6b5035e8a0 100644
--- a/srcpkgs/dkms/template
+++ b/srcpkgs/dkms/template
@@ -1,7 +1,7 @@
 # Template file for 'dkms'
 pkgname=dkms
 version=2.8.3
-revision=1
+revision=2
 conf_files="/etc/dkms/framework.conf"
 depends="bash kmod gcc make coreutils linux-headers"
 short_desc="Dynamic Kernel Modules System"

From 490fd3d0ff0709134e758b9af4afdf7b5e9434af Mon Sep 17 00:00:00 2001
From: "Andrew J. Hesford" <ajh@sideband.org>
Date: Wed, 5 Aug 2020 12:13:08 -0400
Subject: [PATCH 3/7] dracut: improve consistency of relative paths in kernel
 hooks

---
 srcpkgs/dracut/files/kernel-hook-postinst      | 4 ++--
 srcpkgs/dracut/files/kernel-hook-postrm        | 4 +---
 srcpkgs/dracut/files/kernel-uefi-hook-postinst | 5 +++--
 srcpkgs/dracut/files/kernel-uefi-hook-postrm   | 4 +---
 srcpkgs/dracut/template                        | 2 +-
 5 files changed, 8 insertions(+), 11 deletions(-)

diff --git a/srcpkgs/dracut/files/kernel-hook-postinst b/srcpkgs/dracut/files/kernel-hook-postinst
index a9d265b6ed6..537af549796 100644
--- a/srcpkgs/dracut/files/kernel-hook-postinst
+++ b/srcpkgs/dracut/files/kernel-hook-postinst
@@ -7,9 +7,9 @@
 PKGNAME="$1"
 VERSION="$2"
 
-if [ ! -x bin/dracut ]; then
+if [ ! -x usr/bin/dracut ]; then
 	exit 0
 fi
 
-dracut -q --force boot/initramfs-${VERSION}.img ${VERSION}
+usr/bin/dracut -q --force --sysroot . boot/initramfs-${VERSION}.img ${VERSION}
 exit $?
diff --git a/srcpkgs/dracut/files/kernel-hook-postrm b/srcpkgs/dracut/files/kernel-hook-postrm
index f99458a4bfa..c338cf617a7 100644
--- a/srcpkgs/dracut/files/kernel-hook-postrm
+++ b/srcpkgs/dracut/files/kernel-hook-postrm
@@ -7,7 +7,5 @@
 PKGNAME="$1"
 VERSION="$2"
 
-if [ -f boot/initramfs-${VERSION}.img ]; then
-	rm -f boot/initramfs-${VERSION}.img
-fi
+rm -f boot/initramfs-${VERSION}.img
 exit $?
diff --git a/srcpkgs/dracut/files/kernel-uefi-hook-postinst b/srcpkgs/dracut/files/kernel-uefi-hook-postinst
index d623c3f86df..f1098a48a81 100644
--- a/srcpkgs/dracut/files/kernel-uefi-hook-postinst
+++ b/srcpkgs/dracut/files/kernel-uefi-hook-postinst
@@ -12,12 +12,13 @@ if [ -z "${CREATE_UEFI_BUNDLES}" ]; then
 	exit 0
 fi
 
-if [ ! -x bin/dracut ]; then
+if [ ! -x usr/bin/dracut ]; then
 	exit 0
 fi
 
 mkdir -p ${UEFI_BUNDLE_DIR:=boot/efi/EFI/void}
 
-dracut -q --force ${KERNEL_CMDLINE:+--kernel-cmdline="${KERNEL_CMDLINE}"} ${DRACUT_OPTIONS} \
+usr/bin/dracut -q --force --sysroot . ${DRACUT_OPTIONS} \
+	${KERNEL_CMDLINE:+--kernel-cmdline="${KERNEL_CMDLINE}"} \
 	--uefi ${UEFI_BUNDLE_DIR}/linux-${VERSION}.efi ${VERSION}
 exit $?
diff --git a/srcpkgs/dracut/files/kernel-uefi-hook-postrm b/srcpkgs/dracut/files/kernel-uefi-hook-postrm
index 8183bb26f08..63b25498789 100644
--- a/srcpkgs/dracut/files/kernel-uefi-hook-postrm
+++ b/srcpkgs/dracut/files/kernel-uefi-hook-postrm
@@ -11,7 +11,5 @@ VERSION="$2"
 
 : "${UEFI_BUNDLE_DIR:=boot/efi/EFI/void}"
 
-if [ -f "${UEFI_BUNDLE_DIR}/linux-${VERSION}.efi" ]; then
-	rm -fv "${UEFI_BUNDLE_DIR}/linux-${VERSION}.efi"
-fi
+rm -fv "${UEFI_BUNDLE_DIR}/linux-${VERSION}.efi"
 exit $?
diff --git a/srcpkgs/dracut/template b/srcpkgs/dracut/template
index 8fb41d17a72..232f70a0d4a 100644
--- a/srcpkgs/dracut/template
+++ b/srcpkgs/dracut/template
@@ -1,7 +1,7 @@
 # Template file for 'dracut'
 pkgname=dracut
 version=050
-revision=5
+revision=6
 build_style=configure
 configure_args="--prefix=/usr --sysconfdir=/etc"
 conf_files="/etc/dracut.conf"

From fa368c1ad2cfd2ae84a90247535d918f759b368d Mon Sep 17 00:00:00 2001
From: "Andrew J. Hesford" <ajh@sideband.org>
Date: Wed, 5 Aug 2020 12:13:08 -0400
Subject: [PATCH 4/7] gummiboot: improve consistency of relative paths in
 kernel hooks

---
 .../files/kernel.d/gummiboot.post-install     | 28 +++++++++----------
 .../files/kernel.d/gummiboot.post-remove      | 16 +++++------
 srcpkgs/gummiboot/template                    |  2 +-
 3 files changed, 23 insertions(+), 23 deletions(-)

diff --git a/srcpkgs/gummiboot/files/kernel.d/gummiboot.post-install b/srcpkgs/gummiboot/files/kernel.d/gummiboot.post-install
index 7f4d27e985d..2517421e3e5 100644
--- a/srcpkgs/gummiboot/files/kernel.d/gummiboot.post-install
+++ b/srcpkgs/gummiboot/files/kernel.d/gummiboot.post-install
@@ -13,33 +13,33 @@ if [ "$GUMMIBOOT_DISABLE" ]; then
 	exit 0
 fi
 
-boot=$ROOTDIR/boot
-entries=$boot/loader/entries
-name=void-$VERSION
-entry=$entries/$name.conf
-options=$boot/loader/void-options.conf
-loader=$boot/loader/loader.conf
+boot="$ROOTDIR/boot"
+entries="$boot/loader/entries"
+name="void-$VERSION"
+entry="$entries/$name.conf"
+options="$boot/loader/void-options.conf"
+loader="$boot/loader/loader.conf"
 
-[ -d $boot ] || exit 0
+[ -d "$boot" ] || exit 0
 
-mkdir -p $entries
+mkdir -p "$entries"
 
-cat <<-EOF > $entry
+cat <<-EOF > "$entry"
 	title Void Linux
 	version $VERSION
 	linux /vmlinuz-$VERSION
 	initrd /initramfs-$VERSION.img
 EOF
 
-if [ -r $options ]; then
+if [ -r "$options" ]; then
 	# Add user provided options from /boot/loader/void-options.conf:
-	printf 'options %s\n' "$(cat $options | sed '/^#/d;/^$/d')" >> $entry
+	printf 'options %s\n' "$(cat "$options" | sed '/^#/d;/^$/d')" >> "$entry"
 fi
 
-if grep -q ^default $loader 2>/dev/null; then
+if grep -q ^default "$loader" 2>/dev/null; then
 	# Replace existing default entry with this entry:
-	sed -i "s/default.*/default $name/" $loader
+	sed -i "s/default.*/default $name/" "$loader"
 else
 	# Add this entry as the default:
-	printf 'default %s\n' $name >>$loader
+	printf 'default %s\n' $name >>"$loader"
 fi
diff --git a/srcpkgs/gummiboot/files/kernel.d/gummiboot.post-remove b/srcpkgs/gummiboot/files/kernel.d/gummiboot.post-remove
index b946d62456a..a207b2d362c 100644
--- a/srcpkgs/gummiboot/files/kernel.d/gummiboot.post-remove
+++ b/srcpkgs/gummiboot/files/kernel.d/gummiboot.post-remove
@@ -7,15 +7,15 @@
 PKGNAME="$1"
 VERSION="$2"
 
-boot=$ROOTDIR/boot
-entries=$boot/loader/entries
-name=void-$VERSION
-entry=$entries/$name.conf
-loader=$boot/loader/loader.conf
+boot="$ROOTDIR/boot"
+entries="$boot/loader/entries"
+name="void-$VERSION"
+entry="$entries/$name.conf"
+loader="$boot/loader/loader.conf"
 
-[ -d $boot ] || exit 0
+[ -d "$boot" ] || exit 0
 
-rm -f $entry
+rm -f "$entry"
 
 # No default entry if the removed entry was the default:
-sed -i "/^default $name\$/d" $loader
+[ -e "$loader" ] && sed -i "/^default $name\$/d" "$loader"
diff --git a/srcpkgs/gummiboot/template b/srcpkgs/gummiboot/template
index a824e27c021..052776fe7ff 100644
--- a/srcpkgs/gummiboot/template
+++ b/srcpkgs/gummiboot/template
@@ -1,7 +1,7 @@
 # Template file for 'gummiboot'
 pkgname=gummiboot
 version=48.1
-revision=5
+revision=6
 archs="i686* x86_64* aarch64*"
 build_style=gnu-configure
 conf_files="/etc/default/gummiboot"

From ff37dc33abae07b7bf4bcfcec8dddf7ee81da0a9 Mon Sep 17 00:00:00 2001
From: "Andrew J. Hesford" <ajh@sideband.org>
Date: Wed, 5 Aug 2020 12:13:09 -0400
Subject: [PATCH 5/7] mkinitcpio: improve consistency of relative paths in
 kernel hooks

---
 srcpkgs/mkinitcpio/files/kernel-hook-postinst | 4 ++--
 srcpkgs/mkinitcpio/files/kernel-hook-postrm   | 4 +---
 srcpkgs/mkinitcpio/template                   | 2 +-
 3 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/srcpkgs/mkinitcpio/files/kernel-hook-postinst b/srcpkgs/mkinitcpio/files/kernel-hook-postinst
index 31fe5705812..c6f2ab81264 100644
--- a/srcpkgs/mkinitcpio/files/kernel-hook-postinst
+++ b/srcpkgs/mkinitcpio/files/kernel-hook-postinst
@@ -7,9 +7,9 @@
 PKGNAME="$1"
 VERSION="$2"
 
-if [ ! -x bin/mkinitcpio ]; then
+if [ ! -x usr/bin/mkinitcpio ]; then
 	exit 0
 fi
 
-mkinitcpio -g boot/initramfs-${VERSION}.img -k ${VERSION}
+usr/bin/mkinitcpio -g boot/initramfs-${VERSION}.img -k ${VERSION}
 exit $?
diff --git a/srcpkgs/mkinitcpio/files/kernel-hook-postrm b/srcpkgs/mkinitcpio/files/kernel-hook-postrm
index f099aba66ca..028fd097b87 100644
--- a/srcpkgs/mkinitcpio/files/kernel-hook-postrm
+++ b/srcpkgs/mkinitcpio/files/kernel-hook-postrm
@@ -7,7 +7,5 @@
 PKGNAME="$1"
 VERSION="$2"
 
-if [ -f /boot/initramfs-${VERSION}.img ]; then
-	rm -f /boot/initramfs-${VERSION}.img
-fi
+rm -f boot/initramfs-${VERSION}.img
 exit $?
diff --git a/srcpkgs/mkinitcpio/template b/srcpkgs/mkinitcpio/template
index 303905d0f1f..a0f44360db4 100644
--- a/srcpkgs/mkinitcpio/template
+++ b/srcpkgs/mkinitcpio/template
@@ -1,7 +1,7 @@
 # Template file for 'mkinitcpio'
 pkgname=mkinitcpio
 version=27
-revision=1
+revision=2
 archs=noarch
 build_style=gnu-makefile
 depends="busybox-static bsdtar bash"

From 16c2057a4bf699602153bfd25aa27511e632256e Mon Sep 17 00:00:00 2001
From: "Andrew J. Hesford" <ajh@sideband.org>
Date: Wed, 5 Aug 2020 12:13:09 -0400
Subject: [PATCH 6/7] refind: improve consistency of relative paths in kernel
 hooks

---
 srcpkgs/refind/files/kernel.post-install | 10 +++-------
 srcpkgs/refind/files/kernel.post-remove  |  4 +++-
 srcpkgs/refind/template                  |  2 +-
 3 files changed, 7 insertions(+), 9 deletions(-)

diff --git a/srcpkgs/refind/files/kernel.post-install b/srcpkgs/refind/files/kernel.post-install
index 88b261aaacd..fd18f9c45ff 100755
--- a/srcpkgs/refind/files/kernel.post-install
+++ b/srcpkgs/refind/files/kernel.post-install
@@ -12,22 +12,18 @@ if [ "z$UPDATE_REFIND_CONF" != "z1" ]; then
 	exit 0;
 fi
 
-# Default refind.conf
-: "${REFIND_CONF:=/boot/EFI/refind/refind.conf}"
+: ${REFIND_CONF:=boot/EFI/refind/refind.conf}
+REFIND_CONF="${REFIND_CONF#/}"
 
-zrefind_dir="${REFIND_CONF%/*}"
-mkdir -p "$zrefind_dir"
+mkdir -p "${REFIND_CONF%/*}"
 touch "$REFIND_CONF"
 
 tmpfile=$(mktemp /tmp/refind.XXXXXXX)
 
-zefi_mountpoint=$(df -P "$REFIND_CONF" | awk 'NR==2{print $6}')
-zicon="${zrefind_dir#$zefi_mountpoint}/icons/os_void.png"
 zversion=$(echo "$VERSION" | sed 's/[.]/[.]/g')
 
 zentry=$(cat <<EOF
 menuentry "Void Linux $VERSION" {
-	icon     $zicon
 	volume   "Void Linux"
 	loader   /vmlinuz-$VERSION
 	initrd   /initramfs-$VERSION.img
diff --git a/srcpkgs/refind/files/kernel.post-remove b/srcpkgs/refind/files/kernel.post-remove
index efb3786396c..58881766e4d 100755
--- a/srcpkgs/refind/files/kernel.post-remove
+++ b/srcpkgs/refind/files/kernel.post-remove
@@ -13,7 +13,9 @@ if [ "z$UPDATE_REFIND_CONF" != "z1" ]; then
 fi
 
 # Default refind.conf
-: "${REFIND_CONF:=/boot/EFI/refind/refind.conf}"
+: "${REFIND_CONF:=boot/EFI/refind/refind.conf}"
+# Make sure paths are relative
+REFIND_CONF="${REFIND_CONF#/}"
 
 [ -f "$REFIND_CONF" ] || exit 0
 
diff --git a/srcpkgs/refind/template b/srcpkgs/refind/template
index 5e9865b9667..d7f8f2fba1c 100644
--- a/srcpkgs/refind/template
+++ b/srcpkgs/refind/template
@@ -1,7 +1,7 @@
 # Template file for 'refind'
 pkgname=refind
 version=0.12.0
-revision=1
+revision=2
 archs="x86_64* i686* aarch64*"
 makedepends="gnu-efi-libs"
 depends="bash dosfstools efibootmgr"

From 307578870b871b9d3deef5923dd34755beb1202d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C4=90o=C3=A0n=20Tr=E1=BA=A7n=20C=C3=B4ng=20Danh?=
 <congdanhqx@gmail.com>
Date: Tue, 21 Jul 2020 00:03:15 +0700
Subject: [PATCH 7/7] sbsigntool: rewrite post-install kernel hook

* run the hook on target filesystem
* Use ls | awk to check ownership and permission, instead of relying on
  GNU-stat.
* libify signing code, in order to support uefi bundle in the future
* Stop append signature to the efi signed by current key/cert.

While we're at it,
* add post-remove script to remove unsigned file if exist

Closes #23688.
---
 .../files/kernel.d/sbsigntool.post-install    | 66 +++++++++++--------
 .../files/kernel.d/sbsigntool.post-remove     | 13 ++++
 srcpkgs/sbsigntool/template                   |  4 +-
 3 files changed, 53 insertions(+), 30 deletions(-)
 create mode 100644 srcpkgs/sbsigntool/files/kernel.d/sbsigntool.post-remove

diff --git a/srcpkgs/sbsigntool/files/kernel.d/sbsigntool.post-install b/srcpkgs/sbsigntool/files/kernel.d/sbsigntool.post-install
index bc450dbc428..70918527711 100644
--- a/srcpkgs/sbsigntool/files/kernel.d/sbsigntool.post-install
+++ b/srcpkgs/sbsigntool/files/kernel.d/sbsigntool.post-install
@@ -9,7 +9,35 @@ PKGNAME="$1"
 VERSION="$2"
 
 msg() {
-	echo "EFI sbsign hook: $1"
+	echo "sbsigntool: $1"
+}
+
+do_sign() {
+	_kernel="$1"
+	if [ ! -f "$_kernel" ]; then
+		msg "$_kernel not found"
+		return 1
+	fi
+	# Ignore efi file signed with this key
+	if usr/bin/sbverify -c "$ROOTDIR/$EFI_CERT_FILE" "$_kernel" >/dev/null 2>&1; then
+		return 0
+	fi
+	if ! usr/bin/sbsign ${EFI_SIGN_ENGINE:+"--engine=$EFI_SIGN_ENGINE"} \
+		-k "$ROOTDIR/$EFI_KEY_FILE" -c "$ROOTDIR/$EFI_CERT_FILE" \
+		"$_kernel"
+	then
+		msg "failed to sign $_kernel"
+		return 1
+	fi
+	if ! usr/bin/sbverify -c "$ROOTDIR/$EFI_CERT_FILE" "$_kernel.signed"; then
+		msg "failed to verify the signature"
+		return 1
+	fi
+
+	if [ "x${EFI_KEEP_UNSIGNED}" = "x1" ]; then
+		mv -f "$_kernel" "$_kernel.unsigned"
+	fi
+	mv -f "$_kernel.signed" "$_kernel"
 }
 
 . "${ROOTDIR}/etc/default/sbsigntool-kernel-hook"
@@ -17,38 +45,18 @@ if [ "x${SBSIGN_EFI_KERNEL}" != x1 ]; then
 	exit 0
 fi
 
-if [ ! -f "${EFI_KEY_FILE}" ] || [ ! -f "${EFI_CERT_FILE}" ]; then
+if [ ! -f "$ROOTDIR/$EFI_KEY_FILE" ] || [ ! -f "$ROOTDIR/$EFI_CERT_FILE" ]; then
 	msg "key and/or certificate is not available"
 	exit 1
 fi
 
-key_stat=$(stat --dereference --format="%a %u" "${EFI_KEY_FILE}")
-
-# check if go=00 owner=0
-if [ "${key_stat}" = "${key_stat%00 0}" ]; then
-	msg "Please  chown root:root '${EFI_KEY_FILE}'"
-	msg "and     chmod go-rwx '${EFI_KEY_FILE}'"
-	exit 1
-fi
-
-# this part is completely untested
-options=""
-if [ "x${EFI_SIGN_ENGINE}" != x ]; then
-	options="--engine=${EFI_SIGN_ENGINE}"
-fi
-
-if ! sbsign $options -k "${EFI_KEY_FILE}" -c "${EFI_CERT_FILE}" \
-	"/boot/vmlinuz-${VERSION}"; then
-	msg "failed to sign kernel"
-	exit 1
-fi
-
-if ! sbverify -c "${EFI_CERT_FILE}" "/boot/vmlinuz-${VERSION}.signed"; then
-	msg "failed to verify the signature"
+# All POSIX comformance ls should work
+if ! ls -Ll "$ROOTDIR/$EFI_KEY_FILE" "$ROOTDIR/$EFI_CERT_FILE" |
+	awk '$1 !~ /^-...------$/ || $3 != "root" { exit 1 }'
+then
+	msg "$EFI_KEY_FILE and $EFI_CERT_FILE must be owned by root."
+	msg "and not readable by other users."
 	exit 1
 fi
 
-if [ "x${EFI_KEEP_UNSIGNED}" = "x1" ]; then
-	mv -f "/boot/vmlinuz-${VERSION}" "/boot/vmlinuz-${VERSION}.unsigned"
-fi
-mv -f "/boot/vmlinuz-${VERSION}.signed" "/boot/vmlinuz-${VERSION}"
+do_sign "boot/vmlinuz-$VERSION"
diff --git a/srcpkgs/sbsigntool/files/kernel.d/sbsigntool.post-remove b/srcpkgs/sbsigntool/files/kernel.d/sbsigntool.post-remove
new file mode 100644
index 00000000000..5d3f73602af
--- /dev/null
+++ b/srcpkgs/sbsigntool/files/kernel.d/sbsigntool.post-remove
@@ -0,0 +1,13 @@
+#!/bin/sh
+#
+# Kernel hook for sbsigntool.
+#
+# Arguments passed to this script: $1 pkgname, $2 version.
+#
+
+PKGNAME="$1"
+VERSION="$2"
+
+if [ -f "boot/vmlinuz-$VERSION.unsigned" ]; then
+	rm -f "boot/vmlinuz-${VERSION}.unsigned"
+fi
diff --git a/srcpkgs/sbsigntool/template b/srcpkgs/sbsigntool/template
index 6e39cac66d9..6ee86139b27 100644
--- a/srcpkgs/sbsigntool/template
+++ b/srcpkgs/sbsigntool/template
@@ -1,7 +1,7 @@
 # Template file for 'sbsigntool'
 pkgname=sbsigntool
 version=0.9.4
-revision=2
+revision=3
 archs="x86_64* i686* aarch64* arm*"
 wrksrc=sbsigntools-$version
 build_style=gnu-configure
@@ -59,4 +59,6 @@ post_install() {
 	# and I'm not sure about their interaction
 	vinstall ${FILESDIR}/kernel.d/sbsigntool.post-install 744 \
 		etc/kernel.d/post-install 40-sbsigntool
+	vinstall ${FILESDIR}/kernel.d/sbsigntool.post-remove 744 \
+		etc/kernel.d/post-remove 40-sbsigntool
 }

Re: Improve consistency of relative paths in kernel hooks

[ahesford]

[-- Attachment #1: Type: text/plain, Size: 470 bytes --]

New comment by ahesford on void-packages repository

https://github.com/void-linux/void-packages/pull/24079#issuecomment-670290502

Comment:
Given that [rEFInd documentation](https://rodsbooks.com/refind/configfile.html#stanzas) itself says not to create manual boot stanzas unless you really need to, I dropped the icon reference in the rEFInd post-install hook. There is no need to jump through hoops to fine-tune a configuration that isn't even recommended upstream.

Re: [PR REVIEW] Improve consistency of relative paths in kernel hooks

[ericonr]

[-- Attachment #1: Type: text/plain, Size: 205 bytes --]

New review comment by ericonr on void-packages repository

https://github.com/void-linux/void-packages/pull/24079#discussion_r466834237

Comment:
You can remove the verbosity from this one, if you'd like.

Re: Improve consistency of relative paths in kernel hooks

[sgn]

[-- Attachment #1: Type: text/plain, Size: 735 bytes --]

New comment by sgn on void-packages repository

https://github.com/void-linux/void-packages/pull/24079#issuecomment-670465666

Comment:
> Given that [rEFInd documentation](https://rodsbooks.com/refind/configfile.html#stanzas) itself says not to create manual boot stanzas unless you really need to, I dropped the icon reference in the rEFInd post-install hook. There is no need to jump through hoops to fine-tune a configuration that isn't even recommended upstream.

Honestly, I couldn't remember the reason I need to write that hook,
my computer couldn't be bring up at that time for some reason.
I keep the simple version of the hook for myself for a while until someone on reddit asked for it.

Let's go with it.

:shrug: 

Re: [PR PATCH] [Closed]: Improve consistency of relative paths in kernel hooks

[ahesford]

[-- Attachment #1: Type: text/plain, Size: 1261 bytes --]

There's a closed pull request on the void-packages repository

Improve consistency of relative paths in kernel hooks
https://github.com/void-linux/void-packages/pull/24079

Description:
Motivated by a breakage in the `dracut` removal hook as called from `vkpurge`, I cleaned up several packages that install kernel hooks to try to make their behavior more consistent. The XBPS trigger runs hooks from the target root directory with `ROOTDIR` set, so hooks should accommodate this if possible. `vkpurge` now changes to `/` and sets `ROOTDIR` to make sure any hooks it calls work as expected. It would be good to verify correct operation of all hooks after these changes, but `dkms` and `dracut` seem to be the most critical.

- [x] base-files
- [x] dkms
- [x] dracut
- [ ] gummiboot
- [ ] mkinitcpio
- [x] refind
- [x] sbsigntool

**Note 1**: `dracut` now uses `--sysroot .` to (hopefully) operate properly in a relative environment.

**Note 2**: `dkms` makes a lot of assumptions about running in the system root that are trickier to override, and the hook already made a lot of absolute path references, so I went all-in on absolute paths in the `dkms` hooks.

Affected maintainers: @Gottox @q66 @thypon @sgn
General interest: @ericonr @duncaen