new partition tool

8 files changed, 151 insertions, 0 deletions

diff --git a/partitions/.gitignore b/partitions/.gitignore
new file mode 100644
index 0000000..e35d885
--- /dev/null
+++ b/partitions/.gitignore
@@ -0,0 +1 @@
+_build
diff --git a/partitions/Makefile b/partitions/Makefile
new file mode 100644
index 0000000..828e135
--- /dev/null
+++ b/partitions/Makefile
@@ -0,0 +1,5 @@
+
+.PHONY: all
+
+all:
+        ../src/partvi
diff --git a/partitions/part1.conf b/partitions/part1.conf
new file mode 100644
index 0000000..c43d025
--- /dev/null
+++ b/partitions/part1.conf
@@ -0,0 +1,4 @@
+name=samizdat-efi
+type=efi-system-partition
+allocation=64M
+rebuild=always
diff --git a/partitions/part2.conf b/partitions/part2.conf
new file mode 100644
index 0000000..d4a3419
--- /dev/null
+++ b/partitions/part2.conf
@@ -0,0 +1,4 @@
+name=samizdat-grub
+type=bios-grub
+allocation=64M
+rebuild=always
diff --git a/partitions/part3.conf b/partitions/part3.conf
new file mode 100644
index 0000000..a83ed06
--- /dev/null
+++ b/partitions/part3.conf
@@ -0,0 +1,4 @@
+name=samizdat-keys
+type=samizdat-keys
+allocation=256MB
+rebuild=always
diff --git a/partitions/part4.conf b/partitions/part4.conf
new file mode 100644
index 0000000..0115b54
--- /dev/null
+++ b/partitions/part4.conf
@@ -0,0 +1,3 @@
+name=samizdat-root-seed
+type=dm-verity-data
+data_path=../rootfs/samizdat-gold.seed.btrfs
diff --git a/partitions/part5.conf b/partitions/part5.conf
new file mode 100644
index 0000000..fce4b18
--- /dev/null
+++ b/partitions/part5.conf
@@ -0,0 +1,3 @@
+name=samizdat-root-seed-verity
+type=dm-verity-hashes
+data_path=../rootfs/samizdat-gold.seed.btrfs
diff --git a/src/partvi b/src/partvi
new file mode 100755
index 0000000..b50b918
--- /dev/null
+++ b/src/partvi
@@ -0,0 +1,127 @@
+#!/bin/bash
+shopt -s nullglob
+PATH=/sbin:$PATH
+
+msg() { printf '%s: %s: %s\n' "$0" "$1" "$2" >&2; }
+die() { msg Error "${*:-exiting on fatal error.}"; exit 1; }
+warn() { msg Warning "${*:-Something is wrong.}"; }
+notice() { msg Notice "$*"; }
+
+validate_name()
+{
+        case "$1" in
+        *[^a-zA-Z0-9_]*) false ;;
+        *) true ;;
+        esac
+}
+
+read_config_file()
+{
+        validate_name "$img" || { warn "invalid name: $img"; return 1; }
+        while read line
+        do
+                line=${line%%#*} # ignore comments
+                k=${line%%=*}
+                v=${line#*=}
+                [ "$k" -a "$k" != "$line" ] || return
+                eval "conf_${1}_$k=\$v"
+        done < "$1".conf
+}
+
+inquire_var() { _inquire_var "$img" "$1"; }
+_inquire_var()
+{
+        local v
+        v=conf_${1}_${2}
+        v=${!v}
+        if [ "$v" ]
+        then
+                eval "$2=\$v"
+        else
+                false
+        fi
+}
+
+require_var() { _require_var "$img" "$1"; }
+_require_var()
+{
+        _inquire_var "$@" || die "Missing required field '$2' for image file '$1'"
+}
+
+get_root_hash()
+{
+        sed -ne 's/^Root hash:[ \t]*//p' "$1"
+}
+
+builddir=_build
+mkdir -p "$builddir"
+
+for f in part*.conf
+do
+        img=${f%.conf}
+
+        read_config_file "$img" || warn "Received error return from command: read_config_file $img"
+        require_var name
+
+        require_var type
+        case "$type" in
+                efi-system-partition|bios-grub|samizdat-*) ;;
+                dm-verity-hashes|dm-verity-data) require_var data_path ;;
+                *) die "invalid type: $type" ;;
+        esac
+
+        imgfile=$builddir/$img
+
+        if inquire_var rebuild
+        then
+                case "$rebuild" in
+                        always) ;;
+                        never) ;;
+                        *) die "invalid value for field 'rebuild': $rebuild" ;;
+                esac
+        fi
+
+        if [ "$rebuild" = 'always' ] || [ ! -e "$imgfile" -a "$rebuild" != 'never' ]
+        then
+
+                if [ -e "$imgfile" ]
+                then
+                        notice "Image file exists: $imgfile"
+                fi
+
+                case "$type" in
+                        dm-verity-hashes|dm-verity-data)
+                                require_var data_path
+                                [ -f "$data_path" ]
+                                [ -f "$data_path".verity ]
+                                [ -f "$data_path".verity.log ]
+                                root_hash=$(get_root_hash "$data_path".verity.log)
+                                [ ${#root_hash} = 64 ]
+                        ;;
+                        *)
+                                require_var allocation
+                                tmp=$imgfile~tmp
+                                fallocate -l "$allocation" "$tmp"
+                        ;;
+                esac
+
+                case "$type" in
+                        efi-system-partition) mkfs.vfat "$tmp" || die "mkfs.vfat failed" ;;
+                        bios-grub)            mkfs.vfat "$tmp" || die "mkfs.vfat failed" ;;
+                        samizdat-keys)        mkfs.btrfs "$tmp" || die "mkfs.btrfs failed" ;;
+                        dm-verity-data)
+                                partuuid=${root_hash:0:32}
+                                cp -f -T --reflink "$data_path" "$builddir"/"$partuuid"
+                                ln -sfT "$partuuid" "$tmp"
+                        ;;
+                        dm-verity-hashes)
+                                partuuid=${root_hash:32:32}
+                                cp -f -T --reflink "$data_path".verity "$builddir"/"$partuuid"
+                                ln -sfT "$partuuid" "$tmp"
+                        ;;
+                        *) die "Unrecognized type: $type" ;;
+                esac
+                mv -T "$tmp" "$imgfile"
+                notice "Successfully wrote $imgfile"
+        fi
+done