diff options
author | Andrew Cady <d@jerkface.net> | 2020-10-10 19:28:10 -0400 |
---|---|---|
committer | Andrew Cady <d@jerkface.net> | 2020-10-10 19:28:10 -0400 |
commit | 7e58194eb06762d7e6a99558dfe90e6485da89aa (patch) | |
tree | 477cb0b3d1cadc899773d6343e322f84495a66f9 | |
parent | 319e8a24f991aa2d1a81ddf9319c8214b73c9027 (diff) |
about to reboot and try this shit
-rwxr-xr-x | src/initrd/grok-block | 17 | ||||
-rwxr-xr-x | src/parted-usb.sh | 145 |
2 files changed, 115 insertions, 47 deletions
diff --git a/src/initrd/grok-block b/src/initrd/grok-block index ee23b38..0b5f3f9 100755 --- a/src/initrd/grok-block +++ b/src/initrd/grok-block | |||
@@ -177,14 +177,15 @@ grok_block() | |||
177 | case "$ID_PART_ENTRY_NAME" in | 177 | case "$ID_PART_ENTRY_NAME" in |
178 | samizdat-grub-incomplete|samizdat-plaintext-incomplete|samizdat-luks-encrypted-incomplete) return ;; | 178 | samizdat-grub-incomplete|samizdat-plaintext-incomplete|samizdat-luks-encrypted-incomplete) return ;; |
179 | samizdat-plaintext) | 179 | samizdat-plaintext) |
180 | . /verity.sh | 180 | # . /verity.sh |
181 | cp /verity.sh /run/initramfs/samizdat/ | 181 | # cp /verity.sh /run/initramfs/samizdat/ |
182 | veritysetup --hash-offset="$verity_hash_offset" \ | 182 | # veritysetup --hash-offset="$verity_hash_offset" \ |
183 | create samizverity \ | 183 | # create samizverity \ |
184 | "$DEVNAME" "$DEVNAME" "$verity_root_hash" | 184 | # "$DEVNAME" "$DEVNAME" "$verity_root_hash" |
185 | bootdone veritysetup | 185 | # bootdone veritysetup |
186 | return | 186 | return |
187 | ;; | 187 | ;; |
188 | samizdat-keys) ;; | ||
188 | samizdat-grub) return ;; | 189 | samizdat-grub) return ;; |
189 | samizdat-luks-encrypted) | 190 | samizdat-luks-encrypted) |
190 | menu-select boot-native "$(parent_device "$DEVNAME")" | 191 | menu-select boot-native "$(parent_device "$DEVNAME")" |
@@ -218,6 +219,10 @@ grok_block() | |||
218 | # TODO: Need option to boot the partitions we create | 219 | # TODO: Need option to boot the partitions we create |
219 | # TODO: And what if we create partitions and then reboot the machine mid-install? | 220 | # TODO: And what if we create partitions and then reboot the machine mid-install? |
220 | 221 | ||
222 | elif [ "$ID_PART_ENTRY_NAME" = samizdat-keys ]; then | ||
223 | mkdir -p /gpg | ||
224 | cp -a "$mountpoint"/gnupghome /gpg/ && bootdone samizdat-gpg && bootdone samizdat-cdrom | ||
225 | |||
221 | elif [ "$ID_PART_ENTRY_NAME" = samizdat-plaintext ]; then | 226 | elif [ "$ID_PART_ENTRY_NAME" = samizdat-plaintext ]; then |
222 | if gpg_verify "$mountpoint"/disk.key && gpg_can_decrypt "$mountpoint"/disk.key; then | 227 | if gpg_verify "$mountpoint"/disk.key && gpg_can_decrypt "$mountpoint"/disk.key; then |
223 | addmenu_choose_native_root "$(parent_device "$DEVNAME")" | 228 | addmenu_choose_native_root "$(parent_device "$DEVNAME")" |
diff --git a/src/parted-usb.sh b/src/parted-usb.sh index 4047331..8c3c048 100755 --- a/src/parted-usb.sh +++ b/src/parted-usb.sh | |||
@@ -15,6 +15,10 @@ MiB() | |||
15 | 15 | ||
16 | initialize_target() | 16 | initialize_target() |
17 | { | 17 | { |
18 | if [ -b "$target" ] | ||
19 | then return | ||
20 | fi | ||
21 | |||
18 | rm -f "$target" | 22 | rm -f "$target" |
19 | if [ "$ROOTFS" ] | 23 | if [ "$ROOTFS" ] |
20 | then | 24 | then |
@@ -33,6 +37,10 @@ partition_target() | |||
33 | mkpart samizdat-grub 1 8 \ | 37 | mkpart samizdat-grub 1 8 \ |
34 | set 1 bios_grub on \ | 38 | set 1 bios_grub on \ |
35 | mkpart samizdat-keys btrfs ${start_keys} ${end_keys} | 39 | mkpart samizdat-keys btrfs ${start_keys} ${end_keys} |
40 | case "$target" in | ||
41 | /dev/loop*) ;; | ||
42 | *) partx -u "$target" ;; | ||
43 | esac | ||
36 | 44 | ||
37 | if [ "$ROOTFS" ] | 45 | if [ "$ROOTFS" ] |
38 | then | 46 | then |
@@ -43,17 +51,24 @@ partition_target() | |||
43 | 51 | ||
44 | make_target_bootable() | 52 | make_target_bootable() |
45 | { | 53 | { |
46 | losetup -f "$target" | 54 | if [ -b "$target" ] |
47 | dev=$(losetup -j "$target" -O NAME --noheadings) | 55 | then |
56 | dev=$target | ||
57 | part=$target | ||
58 | mnt=/mnt/${target#/dev/} | ||
59 | else | ||
60 | losetup -f "$target" | ||
61 | dev=$(losetup -j "$target" -O NAME --noheadings) | ||
48 | 62 | ||
49 | kpartx -vasas "$dev" | 63 | kpartx -vasas "$dev" |
50 | kdev=/dev/mapper/${dev##*/} | 64 | part=/dev/mapper/${dev##*/}p |
51 | 65 | ||
52 | mnt=$target.mnt | 66 | mnt=$target.mnt |
67 | fi | ||
53 | 68 | ||
54 | mkfs.btrfs --mixed "$kdev"p2 | 69 | mkfs.btrfs -f --mixed "$part"2 |
55 | mkdir -p "$mnt" | 70 | mkdir -p "$mnt" |
56 | mount "$kdev"p2 "$mnt" | 71 | mount "$part"2 "$mnt" |
57 | 72 | ||
58 | mkdir -p "$mnt"/boot/grub | 73 | mkdir -p "$mnt"/boot/grub |
59 | cp -aL "$GRUB_CONFIG" "$mnt"/boot/grub | 74 | cp -aL "$GRUB_CONFIG" "$mnt"/boot/grub |
@@ -65,23 +80,36 @@ make_target_bootable() | |||
65 | release_target_kernel_resources() | 80 | release_target_kernel_resources() |
66 | { | 81 | { |
67 | umount "$mnt" | 82 | umount "$mnt" |
68 | kpartx -d "$dev" | 83 | case "$dev" in |
69 | losetup -d "$dev" | 84 | /dev/loop*) |
85 | kpartx -d "$dev" | ||
86 | losetup -d "$dev" | ||
87 | ;; | ||
88 | esac | ||
70 | } | 89 | } |
71 | 90 | ||
72 | with_target() | 91 | with_target() |
73 | { | 92 | { |
74 | local mnt dev target="$1" | 93 | local mnt dev target="$1" |
75 | shift | 94 | shift |
95 | if [ -b "$target" ] | ||
96 | then | ||
97 | mnt=/mnt/${target#/dev/} | ||
98 | dev=${target}2 | ||
99 | else | ||
100 | losetup -f "$target" -o $(MiB $start_keys) | ||
101 | dev=$(losetup -j "$target" -O NAME --noheadings) | ||
102 | mnt=$target.mnt | ||
103 | fi | ||
76 | 104 | ||
77 | mnt=$target.mnt | ||
78 | mkdir -p "$mnt" | 105 | mkdir -p "$mnt" |
79 | losetup -f "$target" -o $(MiB $start_keys) | ||
80 | dev=$(losetup -j "$target" -O NAME --noheadings) | ||
81 | mount "$dev" "$mnt" | 106 | mount "$dev" "$mnt" |
82 | "$@" | 107 | "$@" |
83 | umount "$mnt" | 108 | umount "$mnt" |
84 | losetup -d "$dev" | 109 | |
110 | case "$dev" in | ||
111 | /dev/loop*) losetup -d "$dev" ;; | ||
112 | esac | ||
85 | } | 113 | } |
86 | 114 | ||
87 | add_keys() | 115 | add_keys() |
@@ -110,6 +138,18 @@ individualize() | |||
110 | add_grub_cfg | 138 | add_grub_cfg |
111 | } | 139 | } |
112 | 140 | ||
141 | globalize() | ||
142 | { | ||
143 | : initialize | ||
144 | initialize_target | ||
145 | : partition | ||
146 | partition_target | ||
147 | : install-grub | ||
148 | make_target_bootable | ||
149 | : release | ||
150 | release_target_kernel_resources | ||
151 | } | ||
152 | |||
113 | sanity_checks() | 153 | sanity_checks() |
114 | { | 154 | { |
115 | [[ $UID = 0 ]] || die "You are not root." | 155 | [[ $UID = 0 ]] || die "You are not root." |
@@ -119,24 +159,44 @@ sanity_checks() | |||
119 | done | 159 | done |
120 | } | 160 | } |
121 | 161 | ||
122 | create_template() | 162 | individualize_target_from() |
123 | { | 163 | { |
124 | local target="${1}.tmp" | 164 | cp -T --reflink=always "$1" "$target" |
165 | with_target "$target" individualize | ||
166 | } | ||
125 | 167 | ||
126 | if [ ! -e "${target%.tmp}" ] | 168 | find_mac() |
127 | then | 169 | { |
128 | initialize_target | 170 | start_mac=$1 |
129 | partition_target | 171 | for mac in $(ip link show | grep link/ether | (read _ mac _; echo $mac | tr : -)); do |
130 | make_target_bootable | 172 | if [ "${mac%??}" = "${start_mac%??}" ]; then |
131 | release_target_kernel_resources | 173 | prefix=${mac%??} |
132 | mv -T "$target" "${target%.tmp}" | 174 | suffix=$(printf %x $(( 0x${mac##*-} + 1 ))) |
133 | fi | 175 | MAC=${prefix}${suffix} |
176 | return | ||
177 | fi | ||
178 | done | ||
179 | MAC=$start_mac | ||
134 | } | 180 | } |
135 | 181 | ||
136 | individualize_target_from() | 182 | boot_vm() |
137 | { | 183 | { |
138 | cp -T --reflink=always "$1" "$target" | 184 | installer_target=samizdat.disk.img |
139 | with_target "$target" individualize | 185 | if [ ! -e "$installer_target" ] |
186 | then | ||
187 | fallocate -l 15G "$installer_target" | ||
188 | fi | ||
189 | |||
190 | find_mac 52-54-00-12-34-56 | ||
191 | qemu-system-x86_64 \ | ||
192 | -enable-kvm \ | ||
193 | -smp 2 \ | ||
194 | -m 512 \ | ||
195 | -k en-us \ | ||
196 | -net nic,model=virtio,macaddr=$MAC \ | ||
197 | -vga qxl \ | ||
198 | -drive file="$final",format=raw \ | ||
199 | -drive file="$installer_target",format=raw | ||
140 | } | 200 | } |
141 | 201 | ||
142 | . samizdat-paths.sh || die 'samizdat-paths.sh not found' | 202 | . samizdat-paths.sh || die 'samizdat-paths.sh not found' |
@@ -151,23 +211,26 @@ then | |||
151 | version_suffix=-$1 | 211 | version_suffix=-$1 |
152 | fi | 212 | fi |
153 | 213 | ||
154 | |||
155 | sanity_checks | 214 | sanity_checks |
156 | set -e | 215 | set -e |
157 | template=boot-disk.template.img | ||
158 | target=boot-disk.img.tmp | ||
159 | final=${target%.tmp} | ||
160 | create_template "$template" | ||
161 | individualize_target_from "$template" | ||
162 | mv -T "$target" "$final" | ||
163 | 216 | ||
164 | 217 | if [ "$TARGET" ] | |
165 | installer_target=target-disk.img | ||
166 | rm -f "$installer_target" | ||
167 | if [ ! -e "$installer_target" ] | ||
168 | then | 218 | then |
169 | fallocate -l 10G "$installer_target" | 219 | target=$TARGET globalize |
220 | with_target "$TARGET" individualize | ||
221 | final=$TARGET | ||
222 | boot_vm | ||
223 | else | ||
224 | template=boot-disk.template.img | ||
225 | target=boot-disk.img.tmp | ||
226 | final=${target%.tmp} | ||
227 | if [ ! -e "$template" ] | ||
228 | then | ||
229 | target="$template".tmp globalize | ||
230 | mv -T "$template".tmp "$template" | ||
231 | fi | ||
232 | cp -T --reflink=always "$template" "$target" | ||
233 | with_target "$target" individualize | ||
234 | mv -T "$target" "$final" | ||
235 | boot_vm | ||
170 | fi | 236 | fi |
171 | |||
172 | qemu-system-x86_64 -enable-kvm -smp 2 -m 512 -k en-us -vga qxl -drive file="$final",format=raw -drive file="$installer_target",format=raw | ||
173 | |||