Removal of functionality that depended on gpg

This material wasn't removed in the original commit removing gpg, because it seemed to have documentary value. This commit serves as the documentation index. Some of this functionality should be reimplemented.
author: Andrew Cady <d@jerkface.net> 2023-06-22 00:01:50 -0400
committer: u <u@billy> 2023-11-17 08:44:10 -0500
commit: 0535cb9565891eb15de2dddcbf85828c8503dac0 (patch)
tree: 7cb993ba502f6bddaf30db4c2852adc65958773c
parent: 069b67461cc33d373d030b87744e11ea87fe927e (diff)
3 files changed, 4 insertions, 124 deletions
diff --git a/Makefile b/Makefile
index a376a64..f7b88c7 100644
--- a/Makefile
+++ b/Makefile
@@ -227,54 +227,6 @@ apt = $(shell which apt || which apt-get)
 apt-get-update-stamp:
        @if $(stale); then set -x; sudo $(apt) update && touch $@; fi
-samizdat.iso: patched.iso
-        cp --reflink $< $@
-patched.iso: gold.iso rootfs/samizdat.patch.btrfs
-        rm -f $@~tmp
-        cp --reflink $< $@~tmp
-        sudo xorrisofs -iso-level 3 -- \
-                -indev $@~tmp \
-                -outdev $@~tmp \
-                -return_with FAILURE 32 \
-                -pathspecs on \
-                -follow link \
-                -add /rootfs/z00.btrfs=rootfs/samizdat.patch.btrfs -- \
-                -follow default \
-                -as mkisofs -graft-points \
-                -b grub/i386-pc/eltorito.img  \
-                -no-emul-boot -boot-info-table \
-                --embedded-boot "${samizdat_grub_efi_dir}"/embedded.img \
-                --protective-msdos-label
-        mv $@~tmp $@
-gold.iso: rootfs/seed.iso reused-child
-        sudo grub-efi.sh
-        ! grep 'vmlinuz.*nbdroot' -r ${samizdat_grub_efi_dir}
-        exit 1; initrd.sh
-        rm -f $@~tmp
-        cp --reflink $< $@~tmp
-        sudo xorrisofs -iso-level 3 -- \
-                -indev $@~tmp \
-                -outdev $@~tmp \
-                -return_with FAILURE 32 \
-                -pathspecs on \
-                -rm_r linux -- \
-                -add linux="${samizdat_linux_dir}" -- \
-                -rm_r "${gpg_iso_path}" -- \
-                -add "${gpg_iso_path}=${GPG_INPUT_DIR}" -- \
-                -rm_r grub -- \
-                -add grub="${samizdat_grub_efi_dir}"/grub -- \
-                -chown_r 0 / -- \
-                -chgrp_r 0 / -- \
-                -chmod_r go-rwx "${gpg_iso_path}" -- \
-                -as mkisofs -graft-points \
-                -b grub/i386-pc/eltorito.img  \
-                -no-emul-boot -boot-info-table \
-                --embedded-boot "${samizdat_grub_efi_dir}"/embedded.img \
-                --protective-msdos-label
-        mv $@~tmp $@
 rootfs/seed.iso: $(addprefix rootfs/samizdat.seed.btrf, s \
                  $(if $(VERITY), s.verity s.verity.log))
        rm -f $@~tmp
diff --git a/src/initrd/btrfs-create.sh b/src/initrd/btrfs-create.sh
index efd8728..5ed0f89 100644
--- a/src/initrd/btrfs-create.sh
+++ b/src/initrd/btrfs-create.sh
@@ -43,18 +43,7 @@ cdrom_has_rootfs()
 losetup_layers()
 {
-    if cdrom_has_rootfs
+    if [ -e /dev/disk/by-partlabel/samizdat-rootfs ]
-    then
-        # TODO: This is some kind of shortcut or short circuit to find these
-        # files, that ought to be found through the grok-block system (i.e.,
-        # event-driven rather than polling).
-        local fs fs_rw
-        for fs in /cdrom/rootfs/*.btrfs; do
-            fs_rw=/"${fs##*/}".rw
-            dd if=/dev/zero of="$fs_rw" bs=1M count=10
-            losetup_snapshot "$fs" "$fs_rw" || return
-        done
-    elif [ -e /dev/disk/by-partlabel/samizdat-rootfs ]
    then
        # TODO: prevent raciness
        umount /dev/disk/by-partlabel/samizdat-rootfs
diff --git a/src/initrd/grok-block b/src/initrd/grok-block
index d194486..1d20850 100755
--- a/src/initrd/grok-block
+++ b/src/initrd/grok-block
@@ -146,19 +146,8 @@ grok_block()
    ;;
  esac
  case "$ID_PART_ENTRY_NAME" in
-      samizdat-grub-incomplete|samizdat-plaintext-incomplete|samizdat-luks-encrypted-incomplete) return ;;
+      samizdat-*-incomplete|samizdat-plaintext|samizdat-keys|samizdat-grub) return ;;
-      samizdat-plaintext)
-          # . /verity.sh
-          # cp /verity.sh /run/initramfs/samizdat/
-          # veritysetup --hash-offset="$verity_hash_offset" \
-          #             create samizverity \
-          #             "$DEVNAME" "$DEVNAME" "$verity_root_hash"
-          # bootdone veritysetup
-          return
-          ;;
-      samizdat-keys) ;;
      samizdat-rootfs) ;;
-      samizdat-grub) return ;;
      samizdat-luks-encrypted)
          if ! [ -f /autobooted ]
          then
@@ -196,9 +185,6 @@ grok_block()
          is_incomplete_samizdat_install "$DEVNAME" &&
              addmenu_destroy_hard_drive "$DEVNAME"
-      # TODO: Need option to boot the partitions we create
-      # TODO: And what if we create partitions and then reboot the machine mid-install?
  elif [ "$ID_PART_ENTRY_NAME" = samizdat-rootfs ]; then
    bootdone samizdat-rootfs
  elif [ "$DEVNAME" = /dev/nbd1 ]; then
@@ -206,56 +192,9 @@ grok_block()
    umount "$mountpoint"
    rmdir "$mountpoint"
    bootdone samizdat-nbd-dev
  else
-    umount=true
+    umount "$mountpoint"
-    # Device has an unencrypted filesystem on it.
+    rmdir "$mountpoint"
-    # So we mount it and look for loop-back overlays.
-    if [ -d "$mountpoint/samizdat.gpg" ]; then
-      # check the key somehow?
-      addmenu_choosekey "$DEVNAME" "$mountpoint/samizdat.gpg"
-    fi
-    N=1; while [ -e "$mountpoint/samizdat.$N" ]
-    do
-      if gpg_verify "$mountpoint/samizdat.$N"k; then
-        addmenu_chooseroot "$DEVNAME" "$mountpoint/samizdat.$N"
-        # this menu entry chooses the root fs, and should prompt and wait for the matching key
-        umount=false
-      fi
-      N=$((N+1))
-    done
-    freeblocks=$(stat -f -c %f "$mountpoint")
-    blocksize=$(stat -f -c %S "$mountpoint")
-    freemegs=$((freeblocks * blocksize / 1024 / 1024))
-    if [ "$freemegs" -ge 300 ]; then
-      umount=false
-      # bootwait samizdat-cdrom
-      # cdromblocks=$(stat -f -c %b /cdrom)
-      # cdromblocksize=$(stat -f -c %S /cdrom)
-      # cdrommegs=$((cdromblocks * cdromblocksize / 1024 / 1024))
-      cdrommegs=700 # TODO: go back to checking the size
-      if [ "$freemegs"   -ge "$((cdrommegs * 3))" ]; then
-        addmenu_makeroot "$DEVNAME" "${mountpoint}/samizdat.$N" "$((cdrommegs * 3))" 1
-      elif [ "$freemegs" -ge "$((cdrommegs * 2))" ]; then
-        addmenu_makeroot "$DEVNAME" "${mountpoint}/samizdat.$N" "$((cdrommegs * 2))" 1
-      elif [ "$freemegs" -ge "$cdrommegs" ]; then
-        addmenu_makeroot "$DEVNAME" "${mountpoint}/samizdat.$N" "$((freemegs / 2))" 0
-      else
-        addmenu_makeroot "$DEVNAME" "${mountpoint}/samizdat.$N" 256 0
-      fi
-    fi
-    if $umount; then
-      umount "$mountpoint"
-      rmdir "$mountpoint"
-    fi
  fi
 }
author	Andrew Cady <d@jerkface.net>	2023-06-22 00:01:50 -0400
committer	u <u@billy>	2023-11-17 08:44:10 -0500
commit	0535cb9565891eb15de2dddcbf85828c8503dac0 (patch)
tree	7cb993ba502f6bddaf30db4c2852adc65958773c
parent	069b67461cc33d373d030b87744e11ea87fe927e (diff)

diff --git a/Makefile b/Makefile index a376a64..f7b88c7 100644 --- a/Makefile +++ b/Makefile
@@ -227,54 +227,6 @@ apt = $(shell which apt \|\| which apt-get)
227	apt-get-update-stamp:	227	apt-get-update-stamp:
228	@if $(stale); then set -x; sudo $(apt) update && touch $@; fi	228	@if $(stale); then set -x; sudo $(apt) update && touch $@; fi
229		229
230	samizdat.iso: patched.iso
231	cp --reflink $< $@
232
233	patched.iso: gold.iso rootfs/samizdat.patch.btrfs
234	rm -f $@~tmp
235	cp --reflink $< $@~tmp
236	sudo xorrisofs -iso-level 3 -- \
237	-indev $@~tmp \
238	-outdev $@~tmp \
239	-return_with FAILURE 32 \
240	-pathspecs on \
241	-follow link \
242	-add /rootfs/z00.btrfs=rootfs/samizdat.patch.btrfs -- \
243	-follow default \
244	-as mkisofs -graft-points \
245	-b grub/i386-pc/eltorito.img \
246	-no-emul-boot -boot-info-table \
247	--embedded-boot "${samizdat_grub_efi_dir}"/embedded.img \
248	--protective-msdos-label
249	mv $@~tmp $@
250
251	gold.iso: rootfs/seed.iso reused-child
252	sudo grub-efi.sh
253	! grep 'vmlinuz.*nbdroot' -r ${samizdat_grub_efi_dir}
254	exit 1; initrd.sh
255	rm -f $@~tmp
256	cp --reflink $< $@~tmp
257	sudo xorrisofs -iso-level 3 -- \
258	-indev $@~tmp \
259	-outdev $@~tmp \
260	-return_with FAILURE 32 \
261	-pathspecs on \
262	-rm_r linux -- \
263	-add linux="${samizdat_linux_dir}" -- \
264	-rm_r "${gpg_iso_path}" -- \
265	-add "${gpg_iso_path}=${GPG_INPUT_DIR}" -- \
266	-rm_r grub -- \
267	-add grub="${samizdat_grub_efi_dir}"/grub -- \
268	-chown_r 0 / -- \
269	-chgrp_r 0 / -- \
270	-chmod_r go-rwx "${gpg_iso_path}" -- \
271	-as mkisofs -graft-points \
272	-b grub/i386-pc/eltorito.img \
273	-no-emul-boot -boot-info-table \
274	--embedded-boot "${samizdat_grub_efi_dir}"/embedded.img \
275	--protective-msdos-label
276	mv $@~tmp $@
277
278	rootfs/seed.iso: $(addprefix rootfs/samizdat.seed.btrf, s \	230	rootfs/seed.iso: $(addprefix rootfs/samizdat.seed.btrf, s \
279	$(if $(VERITY), s.verity s.verity.log))	231	$(if $(VERITY), s.verity s.verity.log))
280	rm -f $@~tmp	232	rm -f $@~tmp


diff --git a/src/initrd/btrfs-create.sh b/src/initrd/btrfs-create.sh index efd8728..5ed0f89 100644 --- a/src/initrd/btrfs-create.sh +++ b/src/initrd/btrfs-create.sh
@@ -43,18 +43,7 @@ cdrom_has_rootfs()
43		43
44	losetup_layers()	44	losetup_layers()
45	{	45	{
46	if cdrom_has_rootfs	46	if [ -e /dev/disk/by-partlabel/samizdat-rootfs ]
47	then
48	# TODO: This is some kind of shortcut or short circuit to find these
49	# files, that ought to be found through the grok-block system (i.e.,
50	# event-driven rather than polling).
51	local fs fs_rw
52	for fs in /cdrom/rootfs/*.btrfs; do
53	fs_rw=/"${fs##*/}".rw
54	dd if=/dev/zero of="$fs_rw" bs=1M count=10
55	losetup_snapshot "$fs" "$fs_rw" \|\| return
56	done
57	elif [ -e /dev/disk/by-partlabel/samizdat-rootfs ]
58	then	47	then
59	# TODO: prevent raciness	48	# TODO: prevent raciness
60	umount /dev/disk/by-partlabel/samizdat-rootfs	49	umount /dev/disk/by-partlabel/samizdat-rootfs


diff --git a/src/initrd/grok-block b/src/initrd/grok-block index d194486..1d20850 100755 --- a/src/initrd/grok-block +++ b/src/initrd/grok-block
@@ -146,19 +146,8 @@ grok_block()
146	;;	146	;;
147	esac	147	esac
148	case "$ID_PART_ENTRY_NAME" in	148	case "$ID_PART_ENTRY_NAME" in
149	samizdat-grub-incomplete\|samizdat-plaintext-incomplete\|samizdat-luks-encrypted-incomplete) return ;;	149	samizdat-*-incomplete\|samizdat-plaintext\|samizdat-keys\|samizdat-grub) return ;;
150	samizdat-plaintext)
151	# . /verity.sh
152	# cp /verity.sh /run/initramfs/samizdat/
153	# veritysetup --hash-offset="$verity_hash_offset" \
154	# create samizverity \
155	# "$DEVNAME" "$DEVNAME" "$verity_root_hash"
156	# bootdone veritysetup
157	return
158	;;
159	samizdat-keys) ;;
160	samizdat-rootfs) ;;	150	samizdat-rootfs) ;;
161	samizdat-grub) return ;;
162	samizdat-luks-encrypted)	151	samizdat-luks-encrypted)
163	if ! [ -f /autobooted ]	152	if ! [ -f /autobooted ]
164	then	153	then
@@ -196,9 +185,6 @@ grok_block()
196	is_incomplete_samizdat_install "$DEVNAME" &&	185	is_incomplete_samizdat_install "$DEVNAME" &&
197	addmenu_destroy_hard_drive "$DEVNAME"	186	addmenu_destroy_hard_drive "$DEVNAME"
198		187
199	# TODO: Need option to boot the partitions we create
200	# TODO: And what if we create partitions and then reboot the machine mid-install?
201
202	elif [ "$ID_PART_ENTRY_NAME" = samizdat-rootfs ]; then	188	elif [ "$ID_PART_ENTRY_NAME" = samizdat-rootfs ]; then
203	bootdone samizdat-rootfs	189	bootdone samizdat-rootfs
204	elif [ "$DEVNAME" = /dev/nbd1 ]; then	190	elif [ "$DEVNAME" = /dev/nbd1 ]; then
@@ -206,56 +192,9 @@ grok_block()
206	umount "$mountpoint"	192	umount "$mountpoint"
207	rmdir "$mountpoint"	193	rmdir "$mountpoint"
208	bootdone samizdat-nbd-dev	194	bootdone samizdat-nbd-dev
209
210	else	195	else
211	umount=true	196	umount "$mountpoint"
212	# Device has an unencrypted filesystem on it.	197	rmdir "$mountpoint"
213	# So we mount it and look for loop-back overlays.
214
215	if [ -d "$mountpoint/samizdat.gpg" ]; then
216	# check the key somehow?
217	addmenu_choosekey "$DEVNAME" "$mountpoint/samizdat.gpg"
218	fi
219
220	N=1; while [ -e "$mountpoint/samizdat.$N" ]
221	do
222	if gpg_verify "$mountpoint/samizdat.$N"k; then
223	addmenu_chooseroot "$DEVNAME" "$mountpoint/samizdat.$N"
224	# this menu entry chooses the root fs, and should prompt and wait for the matching key
225	umount=false
226	fi
227	N=$((N+1))
228	done
229
230	freeblocks=$(stat -f -c %f "$mountpoint")
231	blocksize=$(stat -f -c %S "$mountpoint")
232	freemegs=$((freeblocks * blocksize / 1024 / 1024))
233
234	if [ "$freemegs" -ge 300 ]; then
235
236	umount=false
237	# bootwait samizdat-cdrom
238	# cdromblocks=$(stat -f -c %b /cdrom)
239	# cdromblocksize=$(stat -f -c %S /cdrom)
240	# cdrommegs=$((cdromblocks * cdromblocksize / 1024 / 1024))
241
242	cdrommegs=700 # TODO: go back to checking the size
243
244	if [ "$freemegs" -ge "$((cdrommegs * 3))" ]; then
245	addmenu_makeroot "$DEVNAME" "${mountpoint}/samizdat.$N" "$((cdrommegs * 3))" 1
246	elif [ "$freemegs" -ge "$((cdrommegs * 2))" ]; then
247	addmenu_makeroot "$DEVNAME" "${mountpoint}/samizdat.$N" "$((cdrommegs * 2))" 1
248	elif [ "$freemegs" -ge "$cdrommegs" ]; then
249	addmenu_makeroot "$DEVNAME" "${mountpoint}/samizdat.$N" "$((freemegs / 2))" 0
250	else
251	addmenu_makeroot "$DEVNAME" "${mountpoint}/samizdat.$N" 256 0
252	fi
253	fi
254
255	if $umount; then
256	umount "$mountpoint"
257	rmdir "$mountpoint"
258	fi
259	fi	198	fi
260	}	199	}
261		200