Second pass w/ hybrid grub/syslinux for efi/bios boot

Containerfile

@@ -5,7 +5,8 @@ FROM stagex/syslinux AS syslinux
 FROM stagex/cpio AS cpio
 FROM stagex/linux-airgap AS linux
 FROM stagex/mtools AS mtools
-FROM stagex/dosfstools AS dosfstools
+FROM stagex/xz AS xz
+FROM stagex/grub:local AS grub
 
 FROM scratch AS base
 COPY --from=busybox . /
@@ -14,56 +15,122 @@ COPY --from=xorriso . /
 COPY --from=cpio . /
 COPY --from=mtools . /
 COPY --from=linux . /
-COPY --from=dosfstools . /
 COPY --from=syslinux . /
+COPY --from=xz . /
+COPY --from=grub . /
 
 FROM base AS build
-COPY --from=linux /bzImage /iso/boot/bzImage
+
+## Kernel
+COPY --from=linux /bzImage iso/boot/vmlinuz
+
+## Initramfs
 COPY --from=stagex/busybox . initramfs
 COPY --chmod=0755 <<-EOF initramfs/init
     #!/bin/sh
     /bin/sh
 EOF
-RUN cd initramfs && find . | cpio -o -H newc | gzip -9 > /iso/boot/init.gz
-COPY <<-EOF iso/isolinux/isolinux.cfg
-    DEFAULT linux
-    LABEL linux
-    KERNEL boot/bzImage
-    APPEND initrd=boot/init.gz
-EOF
-COPY --from=syslinux /usr/share/syslinux/isolinux.bin iso/isolinux/
-COPY --from=syslinux /usr/share/syslinux/ldlinux.c32 iso/isolinux/
 RUN <<-EOF
     set -eux
-    mkdir -p iso/efi
-    truncate -s $((10796+128+128))k iso/efi/esp.img
-    mkfs.fat -F 16 -f 1 -M 0xF0 -r 112 -R 1 iso/efi/esp.img
-    mmd -i iso/efi/esp.img ::boot
-    mcopy -i iso/efi/esp.img iso/boot/bzImage ::boot/bzImage
-    mcopy -i iso/efi/esp.img iso/boot/init.gz ::boot/init.gz
-    mmd -i iso/efi/esp.img ::syslinux
-    mcopy -i iso/efi/esp.img iso/isolinux/isolinux.cfg ::syslinux/syslinux.cfg
-    mcopy -i iso/efi/esp.img /usr/share/syslinux/efi64/ldlinux.e64 ::syslinux/ldlinux.e64
-    mmd -i iso/efi/esp.img ::efi
-    mmd -i iso/efi/esp.img ::efi/boot
-    mcopy -i iso/efi/esp.img /usr/share/syslinux/efi64/syslinux.efi ::efi/boot/boot64.efi
-    ls -Rlah iso
+    cd initramfs
+    find . \
+        | cpio -o -H newc \
+        | gzip -9 \
+    > ../iso/boot/initramfs
 EOF
+
+## Grub (EFI Boot)
+COPY <<-EOF iso/boot/grub/grub.cfg
+    menuentry "Linux Airgap" {
+	    linux	/boot/vmlinuz
+		initrd	/boot/initramfs
+    }
+EOF
+COPY <<-EOF grub_early.cfg
+	search --no-floppy --set=root --label "Airgap"
+	set prefix=(\$root)/boot/grub
+EOF
+RUN <<-EOF
+    set -eux
+    mkdir -p iso/efi/boot
+    grub-mkimage \
+		--config="grub_early.cfg" \
+		--prefix="/boot/grub" \
+		--output="iso/efi/boot/bootx64.efi" \
+		--format="x86_64-efi" \
+        --compression="xz" \
+		all_video \
+        disk \
+        part_gpt \
+        part_msdos \
+        linux \
+        normal \
+        configfile \
+        search \
+        search_label \
+        efi_gop \
+        fat \
+        iso9660 \
+        cat \
+        echo \
+        ls \
+        test \
+        true \
+        help \
+        gzio
+EOF
+RUN <<-EOF
+    mformat -i iso/boot/grub/efi.img -C -f 1440 -N 0 ::
+    mcopy -i iso/boot/grub/efi.img iso/efi
+    touch -md "@0" iso/boot/grub/efi.img
+EOF
+
+
+## Syslinux (BIOS Boot)
+COPY <<-EOF iso/boot/syslinux/syslinux.cfg
+    TIMEOUT 2
+    PROMPT -1
+    DEFAULT Airgap
+    LABEL Airgap
+        MENU LABEL Linux Airgap
+        KERNEL /boot/vmlinuz
+        INITRD /boot/initramfs
+EOF
+RUN <<-EOF
+    mkdir -p iso/boot/syslinux
+    for file in \
+        isohdpfx.bin \
+        isolinux.bin \
+        ldlinux.c32 \
+        libutil.c32 \
+        libcom32.c32 \
+        mboot.c32; \
+    do
+		mv /usr/share/syslinux/$file iso/boot/syslinux/$file || return 1
+	done
+EOF
+
+## Build Hybrid EFI/BIOS ISO
 FROM build AS install
-RUN xorriso \
-    -as mkisofs \
+RUN xorrisofs \
     -output airgap.iso \
-    -eltorito-boot isolinux/isolinux.bin \
+    -full-iso9660-filenames \
+    -joliet \
+    -rational-rock \
+    -sysid LINUX \
+    -isohybrid-mbr iso/boot/syslinux/isohdpfx.bin \
+    -eltorito-boot boot/syslinux/isolinux.bin \
+    -eltorito-catalog boot/syslinux/boot.cat \
     -no-emul-boot \
     -boot-load-size 4 \
     -boot-info-table \
     -eltorito-alt-boot \
-    -eltorito-platform efi \
-    -eltorito-boot efi/esp.img \
+    -e boot/grub/efi.img \
     -no-emul-boot \
-    -eltorito-catalog isolinux/boot.cat \
-   iso
-#RUN isohybrid airgap.iso
+    -isohybrid-gpt-basdat \
+    -follow-links \
+   iso/
 
 FROM scratch AS package
+COPY --from=install /iso /iso
 COPY --from=install /airgap.iso /

Makefile

@@ -1,21 +1,27 @@
 .DEFAULT_GOAL :=
 .PHONY: default
 default: \
-	$(OUT_DIR)/airgap.iso
+	out/airgap.iso
 
 .PHONY: vm
-vm:
-	$(call toolchain,$(USER)," \
-		qemu-system-i386 \
-			-M pc \
+vm: out/airgap.iso
+	qemu-system-x86_64 \
+		-m 512M \
+		-machine pc \
 		-nographic \
-			-cdrom "$(OUT_DIR)/airgap.iso"; \
-	")
+		-cdrom "out/airgap.iso"
 
-$(OUT_DIR)/airgap.iso: \
-	$(FETCH_DIR)/buildroot
+.PHONY: vm-uefi
+vm-uefi:
+	qemu-system-x86_64 \
+		-m 4G \
+		-machine type=q35 \
+		-bios /usr/share/ovmf/OVMF.fd \
+		-cdrom "out/airgap.iso"
+
+out/airgap.iso: Containerfile
 	docker build \
 		--progress=plain \
-		--output type=oci,tar=false,force-compression=true,name=airgap,dest=airgap \
-		. \
-		-f Containerfile
+		--output type=local,dest=out \
+		-f Containerfile \
+		.