about to reboot and try this shit

author: Andrew Cady <d@jerkface.net> 2020-10-10 19:28:10 -0400
committer: Andrew Cady <d@jerkface.net> 2020-10-10 19:28:10 -0400
commit: 7e58194eb06762d7e6a99558dfe90e6485da89aa (patch)
tree: 477cb0b3d1cadc899773d6343e322f84495a66f9
parent: 319e8a24f991aa2d1a81ddf9319c8214b73c9027 (diff)
2 files changed, 115 insertions, 47 deletions
diff --git a/src/initrd/grok-block b/src/initrd/grok-block
index ee23b38..0b5f3f9 100755
--- a/src/initrd/grok-block
+++ b/src/initrd/grok-block
@@ -177,14 +177,15 @@ grok_block()
  case "$ID_PART_ENTRY_NAME" in
      samizdat-grub-incomplete|samizdat-plaintext-incomplete|samizdat-luks-encrypted-incomplete) return ;;
      samizdat-plaintext)
-          . /verity.sh
+          # . /verity.sh
-          cp /verity.sh /run/initramfs/samizdat/
+          # cp /verity.sh /run/initramfs/samizdat/
-          veritysetup --hash-offset="$verity_hash_offset" \
+          # veritysetup --hash-offset="$verity_hash_offset" \
-                      create samizverity \
+          #             create samizverity \
-                      "$DEVNAME" "$DEVNAME" "$verity_root_hash"
+          #             "$DEVNAME" "$DEVNAME" "$verity_root_hash"
-          bootdone veritysetup
+          # bootdone veritysetup
          return
          ;;
+      samizdat-keys) ;;
      samizdat-grub) return ;;
      samizdat-luks-encrypted)
          menu-select boot-native "$(parent_device "$DEVNAME")"
@@ -218,6 +219,10 @@ grok_block()
      # TODO: Need option to boot the partitions we create
      # TODO: And what if we create partitions and then reboot the machine mid-install?
+  elif [ "$ID_PART_ENTRY_NAME" = samizdat-keys ]; then
+      mkdir -p /gpg
+      cp -a "$mountpoint"/gnupghome /gpg/ && bootdone samizdat-gpg && bootdone samizdat-cdrom
  elif [ "$ID_PART_ENTRY_NAME" = samizdat-plaintext ]; then
    if gpg_verify "$mountpoint"/disk.key && gpg_can_decrypt "$mountpoint"/disk.key; then
      addmenu_choose_native_root "$(parent_device "$DEVNAME")"
diff --git a/src/parted-usb.sh b/src/parted-usb.sh
index 4047331..8c3c048 100755
--- a/src/parted-usb.sh
+++ b/src/parted-usb.sh
@@ -15,6 +15,10 @@ MiB()
 initialize_target()
 {
+    if [ -b "$target" ]
+    then return
+    fi
    rm -f "$target"
    if [ "$ROOTFS" ]
    then
@@ -33,6 +37,10 @@ partition_target()
           mkpart samizdat-grub 1 8                             \
           set 1 bios_grub on                                   \
           mkpart samizdat-keys btrfs ${start_keys} ${end_keys}
+    case "$target" in
+        /dev/loop*) ;;
+        *) partx -u "$target" ;;
+    esac
    if [ "$ROOTFS" ]
    then
@@ -43,17 +51,24 @@ partition_target()
 make_target_bootable()
 {
-    losetup -f "$target"
+    if [ -b "$target" ]
-    dev=$(losetup -j "$target" -O NAME --noheadings)
+    then
+        dev=$target
+        part=$target
+        mnt=/mnt/${target#/dev/}
+    else
+        losetup -f "$target"
+        dev=$(losetup -j "$target" -O NAME --noheadings)
-    kpartx -vasas "$dev"
+        kpartx -vasas "$dev"
-    kdev=/dev/mapper/${dev##*/}
+        part=/dev/mapper/${dev##*/}p
-    mnt=$target.mnt
+        mnt=$target.mnt
+    fi
-    mkfs.btrfs --mixed "$kdev"p2
+    mkfs.btrfs -f --mixed "$part"2
    mkdir -p "$mnt"
-    mount "$kdev"p2 "$mnt"
+    mount "$part"2 "$mnt"
    mkdir -p "$mnt"/boot/grub
    cp -aL "$GRUB_CONFIG" "$mnt"/boot/grub
@@ -65,23 +80,36 @@ make_target_bootable()
 release_target_kernel_resources()
 {
    umount "$mnt"
-    kpartx -d "$dev"
+    case "$dev" in
-    losetup -d "$dev"
+        /dev/loop*)
+            kpartx -d "$dev"
+            losetup -d "$dev"
+            ;;
+    esac
 }
 with_target()
 {
    local mnt dev target="$1"
    shift
+    if [ -b "$target" ]
+    then
+        mnt=/mnt/${target#/dev/}
+        dev=${target}2
+    else
+        losetup -f "$target" -o $(MiB $start_keys)
+        dev=$(losetup -j "$target" -O NAME --noheadings)
+        mnt=$target.mnt
+    fi
-    mnt=$target.mnt
    mkdir -p "$mnt"
-    losetup -f "$target" -o $(MiB $start_keys)
-    dev=$(losetup -j "$target" -O NAME --noheadings)
    mount "$dev" "$mnt"
    "$@"
    umount "$mnt"
-    losetup -d "$dev"
+    case "$dev" in
+        /dev/loop*) losetup -d "$dev" ;;
+    esac
 }
 add_keys()
@@ -110,6 +138,18 @@ individualize()
    add_grub_cfg
 }
+globalize()
+{
+    : initialize
+    initialize_target
+    : partition
+    partition_target
+    : install-grub
+    make_target_bootable
+    : release
+    release_target_kernel_resources
+}
 sanity_checks()
 {
    [[ $UID = 0 ]] || die "You are not root."
@@ -119,24 +159,44 @@ sanity_checks()
    done
 }
-create_template()
+individualize_target_from()
 {
-    local target="${1}.tmp"
+    cp -T --reflink=always "$1" "$target"
+    with_target "$target" individualize
+}
-    if [ ! -e "${target%.tmp}" ]
+find_mac()
-    then
+{
-        initialize_target
+    start_mac=$1
-        partition_target
+    for mac in $(ip link show | grep link/ether | (read _ mac _; echo $mac | tr : -)); do
-        make_target_bootable
+        if [ "${mac%??}" = "${start_mac%??}" ]; then
-        release_target_kernel_resources
+            prefix=${mac%??}
-        mv -T "$target" "${target%.tmp}"
+            suffix=$(printf %x $(( 0x${mac##*-} + 1 )))
-    fi
+            MAC=${prefix}${suffix}
+            return
+        fi
+    done
+    MAC=$start_mac
 }
-individualize_target_from()
+boot_vm()
 {
-    cp -T --reflink=always "$1" "$target"
+    installer_target=samizdat.disk.img
-    with_target "$target" individualize
+    if [ ! -e "$installer_target" ]
+    then
+        fallocate -l 15G "$installer_target"
+    fi
+    find_mac 52-54-00-12-34-56
+    qemu-system-x86_64 \
+        -enable-kvm \
+        -smp 2 \
+        -m 512 \
+        -k en-us \
+        -net nic,model=virtio,macaddr=$MAC \
+        -vga qxl \
+        -drive file="$final",format=raw \
+        -drive file="$installer_target",format=raw
 }
 . samizdat-paths.sh || die 'samizdat-paths.sh not found'
@@ -151,23 +211,26 @@ then
    version_suffix=-$1
 fi
 sanity_checks
 set -e
-template=boot-disk.template.img
-target=boot-disk.img.tmp
-final=${target%.tmp}
-create_template "$template"
-individualize_target_from "$template"
-mv -T "$target" "$final"
+if [ "$TARGET" ]
-installer_target=target-disk.img
-rm -f "$installer_target"
-if [ ! -e "$installer_target" ]
 then
-    fallocate -l 10G "$installer_target"
+    target=$TARGET globalize
+    with_target "$TARGET" individualize
+    final=$TARGET
+    boot_vm
+else
+    template=boot-disk.template.img
+    target=boot-disk.img.tmp
+    final=${target%.tmp}
+    if [ ! -e "$template" ]
+    then
+        target="$template".tmp globalize
+        mv -T "$template".tmp "$template"
+    fi
+    cp -T --reflink=always "$template" "$target"
+    with_target "$target" individualize
+    mv -T "$target" "$final"
+    boot_vm
 fi
-qemu-system-x86_64 -enable-kvm -smp 2 -m 512 -k en-us -vga qxl -drive file="$final",format=raw -drive file="$installer_target",format=raw
author	Andrew Cady <d@jerkface.net>	2020-10-10 19:28:10 -0400
committer	Andrew Cady <d@jerkface.net>	2020-10-10 19:28:10 -0400
commit	7e58194eb06762d7e6a99558dfe90e6485da89aa (patch)
tree	477cb0b3d1cadc899773d6343e322f84495a66f9
parent	319e8a24f991aa2d1a81ddf9319c8214b73c9027 (diff)

diff --git a/src/initrd/grok-block b/src/initrd/grok-block index ee23b38..0b5f3f9 100755 --- a/src/initrd/grok-block +++ b/src/initrd/grok-block
@@ -177,14 +177,15 @@ grok_block()
177	case "$ID_PART_ENTRY_NAME" in	177	case "$ID_PART_ENTRY_NAME" in
178	samizdat-grub-incomplete\|samizdat-plaintext-incomplete\|samizdat-luks-encrypted-incomplete) return ;;	178	samizdat-grub-incomplete\|samizdat-plaintext-incomplete\|samizdat-luks-encrypted-incomplete) return ;;
179	samizdat-plaintext)	179	samizdat-plaintext)
180	. /verity.sh	180	# . /verity.sh
181	cp /verity.sh /run/initramfs/samizdat/	181	# cp /verity.sh /run/initramfs/samizdat/
182	veritysetup --hash-offset="$verity_hash_offset" \	182	# veritysetup --hash-offset="$verity_hash_offset" \
183	create samizverity \	183	# create samizverity \
184	"$DEVNAME" "$DEVNAME" "$verity_root_hash"	184	# "$DEVNAME" "$DEVNAME" "$verity_root_hash"
185	bootdone veritysetup	185	# bootdone veritysetup
186	return	186	return
187	;;	187	;;
		188	samizdat-keys) ;;
188	samizdat-grub) return ;;	189	samizdat-grub) return ;;
189	samizdat-luks-encrypted)	190	samizdat-luks-encrypted)
190	menu-select boot-native "$(parent_device "$DEVNAME")"	191	menu-select boot-native "$(parent_device "$DEVNAME")"
@@ -218,6 +219,10 @@ grok_block()
218	# TODO: Need option to boot the partitions we create	219	# TODO: Need option to boot the partitions we create
219	# TODO: And what if we create partitions and then reboot the machine mid-install?	220	# TODO: And what if we create partitions and then reboot the machine mid-install?
220		221
		222	elif [ "$ID_PART_ENTRY_NAME" = samizdat-keys ]; then
		223	mkdir -p /gpg
		224	cp -a "$mountpoint"/gnupghome /gpg/ && bootdone samizdat-gpg && bootdone samizdat-cdrom
		225
221	elif [ "$ID_PART_ENTRY_NAME" = samizdat-plaintext ]; then	226	elif [ "$ID_PART_ENTRY_NAME" = samizdat-plaintext ]; then
222	if gpg_verify "$mountpoint"/disk.key && gpg_can_decrypt "$mountpoint"/disk.key; then	227	if gpg_verify "$mountpoint"/disk.key && gpg_can_decrypt "$mountpoint"/disk.key; then
223	addmenu_choose_native_root "$(parent_device "$DEVNAME")"	228	addmenu_choose_native_root "$(parent_device "$DEVNAME")"


diff --git a/src/parted-usb.sh b/src/parted-usb.sh index 4047331..8c3c048 100755 --- a/src/parted-usb.sh +++ b/src/parted-usb.sh
@@ -15,6 +15,10 @@ MiB()
15		15
16	initialize_target()	16	initialize_target()
17	{	17	{
		18	if [ -b "$target" ]
		19	then return
		20	fi
		21
18	rm -f "$target"	22	rm -f "$target"
19	if [ "$ROOTFS" ]	23	if [ "$ROOTFS" ]
20	then	24	then
@@ -33,6 +37,10 @@ partition_target()
33	mkpart samizdat-grub 1 8 \	37	mkpart samizdat-grub 1 8 \
34	set 1 bios_grub on \	38	set 1 bios_grub on \
35	mkpart samizdat-keys btrfs ${start_keys} ${end_keys}	39	mkpart samizdat-keys btrfs ${start_keys} ${end_keys}
		40	case "$target" in
		41	/dev/loop*) ;;
		42	*) partx -u "$target" ;;
		43	esac
36		44
37	if [ "$ROOTFS" ]	45	if [ "$ROOTFS" ]
38	then	46	then
@@ -43,17 +51,24 @@ partition_target()
43		51
44	make_target_bootable()	52	make_target_bootable()
45	{	53	{
46	losetup -f "$target"	54	if [ -b "$target" ]
47	dev=$(losetup -j "$target" -O NAME --noheadings)	55	then
		56	dev=$target
		57	part=$target
		58	mnt=/mnt/${target#/dev/}
		59	else
		60	losetup -f "$target"
		61	dev=$(losetup -j "$target" -O NAME --noheadings)
48		62
49	kpartx -vasas "$dev"	63	kpartx -vasas "$dev"
50	kdev=/dev/mapper/${dev##*/}	64	part=/dev/mapper/${dev##*/}p
51		65
52	mnt=$target.mnt	66	mnt=$target.mnt
		67	fi
53		68
54	mkfs.btrfs --mixed "$kdev"p2	69	mkfs.btrfs -f --mixed "$part"2
55	mkdir -p "$mnt"	70	mkdir -p "$mnt"
56	mount "$kdev"p2 "$mnt"	71	mount "$part"2 "$mnt"
57		72
58	mkdir -p "$mnt"/boot/grub	73	mkdir -p "$mnt"/boot/grub
59	cp -aL "$GRUB_CONFIG" "$mnt"/boot/grub	74	cp -aL "$GRUB_CONFIG" "$mnt"/boot/grub
@@ -65,23 +80,36 @@ make_target_bootable()
65	release_target_kernel_resources()	80	release_target_kernel_resources()
66	{	81	{
67	umount "$mnt"	82	umount "$mnt"
68	kpartx -d "$dev"	83	case "$dev" in
69	losetup -d "$dev"	84	/dev/loop*)
		85	kpartx -d "$dev"
		86	losetup -d "$dev"
		87	;;
		88	esac
70	}	89	}
71		90
72	with_target()	91	with_target()
73	{	92	{
74	local mnt dev target="$1"	93	local mnt dev target="$1"
75	shift	94	shift
		95	if [ -b "$target" ]
		96	then
		97	mnt=/mnt/${target#/dev/}
		98	dev=${target}2
		99	else
		100	losetup -f "$target" -o $(MiB $start_keys)
		101	dev=$(losetup -j "$target" -O NAME --noheadings)
		102	mnt=$target.mnt
		103	fi
76		104
77	mnt=$target.mnt
78	mkdir -p "$mnt"	105	mkdir -p "$mnt"
79	losetup -f "$target" -o $(MiB $start_keys)
80	dev=$(losetup -j "$target" -O NAME --noheadings)
81	mount "$dev" "$mnt"	106	mount "$dev" "$mnt"
82	"$@"	107	"$@"
83	umount "$mnt"	108	umount "$mnt"
84	losetup -d "$dev"	109
		110	case "$dev" in
		111	/dev/loop*) losetup -d "$dev" ;;
		112	esac
85	}	113	}
86		114
87	add_keys()	115	add_keys()
@@ -110,6 +138,18 @@ individualize()
110	add_grub_cfg	138	add_grub_cfg
111	}	139	}
112		140
		141	globalize()
		142	{
		143	: initialize
		144	initialize_target
		145	: partition
		146	partition_target
		147	: install-grub
		148	make_target_bootable
		149	: release
		150	release_target_kernel_resources
		151	}
		152
113	sanity_checks()	153	sanity_checks()
114	{	154	{
115	[[ $UID = 0 ]] \|\| die "You are not root."	155	[[ $UID = 0 ]] \|\| die "You are not root."
@@ -119,24 +159,44 @@ sanity_checks()
119	done	159	done
120	}	160	}
121		161
122	create_template()	162	individualize_target_from()
123	{	163	{
124	local target="${1}.tmp"	164	cp -T --reflink=always "$1" "$target"
		165	with_target "$target" individualize
		166	}
125		167
126	if [ ! -e "${target%.tmp}" ]	168	find_mac()
127	then	169	{
128	initialize_target	170	start_mac=$1
129	partition_target	171	for mac in $(ip link show \| grep link/ether \| (read _ mac _; echo $mac \| tr : -)); do
130	make_target_bootable	172	if [ "${mac%??}" = "${start_mac%??}" ]; then
131	release_target_kernel_resources	173	prefix=${mac%??}
132	mv -T "$target" "${target%.tmp}"	174	suffix=$(printf %x $(( 0x${mac##*-} + 1 )))
133	fi	175	MAC=${prefix}${suffix}
		176	return
		177	fi
		178	done
		179	MAC=$start_mac
134	}	180	}
135		181
136	individualize_target_from()	182	boot_vm()
137	{	183	{
138	cp -T --reflink=always "$1" "$target"	184	installer_target=samizdat.disk.img
139	with_target "$target" individualize	185	if [ ! -e "$installer_target" ]
		186	then
		187	fallocate -l 15G "$installer_target"
		188	fi
		189
		190	find_mac 52-54-00-12-34-56
		191	qemu-system-x86_64 \
		192	-enable-kvm \
		193	-smp 2 \
		194	-m 512 \
		195	-k en-us \
		196	-net nic,model=virtio,macaddr=$MAC \
		197	-vga qxl \
		198	-drive file="$final",format=raw \
		199	-drive file="$installer_target",format=raw
140	}	200	}
141		201
142	. samizdat-paths.sh \|\| die 'samizdat-paths.sh not found'	202	. samizdat-paths.sh \|\| die 'samizdat-paths.sh not found'
@@ -151,23 +211,26 @@ then
151	version_suffix=-$1	211	version_suffix=-$1
152	fi	212	fi
153		213
154
155	sanity_checks	214	sanity_checks
156	set -e	215	set -e
157	template=boot-disk.template.img
158	target=boot-disk.img.tmp
159	final=${target%.tmp}
160	create_template "$template"
161	individualize_target_from "$template"
162	mv -T "$target" "$final"
163		216
164		217	if [ "$TARGET" ]
165	installer_target=target-disk.img
166	rm -f "$installer_target"
167	if [ ! -e "$installer_target" ]
168	then	218	then
169	fallocate -l 10G "$installer_target"	219	target=$TARGET globalize
		220	with_target "$TARGET" individualize
		221	final=$TARGET
		222	boot_vm
		223	else
		224	template=boot-disk.template.img
		225	target=boot-disk.img.tmp
		226	final=${target%.tmp}
		227	if [ ! -e "$template" ]
		228	then
		229	target="$template".tmp globalize
		230	mv -T "$template".tmp "$template"
		231	fi
		232	cp -T --reflink=always "$template" "$target"
		233	with_target "$target" individualize
		234	mv -T "$target" "$final"
		235	boot_vm
170	fi	236	fi
171
172	qemu-system-x86_64 -enable-kvm -smp 2 -m 512 -k en-us -vga qxl -drive file="$final",format=raw -drive file="$installer_target",format=raw
173