diff options
author | Andrew Cady <d@jerkface.net> | 2023-06-22 00:01:50 -0400 |
---|---|---|
committer | u <u@billy> | 2023-11-17 08:44:10 -0500 |
commit | 0535cb9565891eb15de2dddcbf85828c8503dac0 (patch) | |
tree | 7cb993ba502f6bddaf30db4c2852adc65958773c | |
parent | 069b67461cc33d373d030b87744e11ea87fe927e (diff) |
Removal of functionality that depended on gpg
This material wasn't removed in the original commit removing gpg,
because it seemed to have documentary value. This commit serves
as the documentation index. Some of this functionality should be
reimplemented.
-rw-r--r-- | Makefile | 48 | ||||
-rw-r--r-- | src/initrd/btrfs-create.sh | 13 | ||||
-rwxr-xr-x | src/initrd/grok-block | 67 |
3 files changed, 4 insertions, 124 deletions
@@ -227,54 +227,6 @@ apt = $(shell which apt || which apt-get) | |||
227 | apt-get-update-stamp: | 227 | apt-get-update-stamp: |
228 | @if $(stale); then set -x; sudo $(apt) update && touch $@; fi | 228 | @if $(stale); then set -x; sudo $(apt) update && touch $@; fi |
229 | 229 | ||
230 | samizdat.iso: patched.iso | ||
231 | cp --reflink $< $@ | ||
232 | |||
233 | patched.iso: gold.iso rootfs/samizdat.patch.btrfs | ||
234 | rm -f $@~tmp | ||
235 | cp --reflink $< $@~tmp | ||
236 | sudo xorrisofs -iso-level 3 -- \ | ||
237 | -indev $@~tmp \ | ||
238 | -outdev $@~tmp \ | ||
239 | -return_with FAILURE 32 \ | ||
240 | -pathspecs on \ | ||
241 | -follow link \ | ||
242 | -add /rootfs/z00.btrfs=rootfs/samizdat.patch.btrfs -- \ | ||
243 | -follow default \ | ||
244 | -as mkisofs -graft-points \ | ||
245 | -b grub/i386-pc/eltorito.img \ | ||
246 | -no-emul-boot -boot-info-table \ | ||
247 | --embedded-boot "${samizdat_grub_efi_dir}"/embedded.img \ | ||
248 | --protective-msdos-label | ||
249 | mv $@~tmp $@ | ||
250 | |||
251 | gold.iso: rootfs/seed.iso reused-child | ||
252 | sudo grub-efi.sh | ||
253 | ! grep 'vmlinuz.*nbdroot' -r ${samizdat_grub_efi_dir} | ||
254 | exit 1; initrd.sh | ||
255 | rm -f $@~tmp | ||
256 | cp --reflink $< $@~tmp | ||
257 | sudo xorrisofs -iso-level 3 -- \ | ||
258 | -indev $@~tmp \ | ||
259 | -outdev $@~tmp \ | ||
260 | -return_with FAILURE 32 \ | ||
261 | -pathspecs on \ | ||
262 | -rm_r linux -- \ | ||
263 | -add linux="${samizdat_linux_dir}" -- \ | ||
264 | -rm_r "${gpg_iso_path}" -- \ | ||
265 | -add "${gpg_iso_path}=${GPG_INPUT_DIR}" -- \ | ||
266 | -rm_r grub -- \ | ||
267 | -add grub="${samizdat_grub_efi_dir}"/grub -- \ | ||
268 | -chown_r 0 / -- \ | ||
269 | -chgrp_r 0 / -- \ | ||
270 | -chmod_r go-rwx "${gpg_iso_path}" -- \ | ||
271 | -as mkisofs -graft-points \ | ||
272 | -b grub/i386-pc/eltorito.img \ | ||
273 | -no-emul-boot -boot-info-table \ | ||
274 | --embedded-boot "${samizdat_grub_efi_dir}"/embedded.img \ | ||
275 | --protective-msdos-label | ||
276 | mv $@~tmp $@ | ||
277 | |||
278 | rootfs/seed.iso: $(addprefix rootfs/samizdat.seed.btrf, s \ | 230 | rootfs/seed.iso: $(addprefix rootfs/samizdat.seed.btrf, s \ |
279 | $(if $(VERITY), s.verity s.verity.log)) | 231 | $(if $(VERITY), s.verity s.verity.log)) |
280 | rm -f $@~tmp | 232 | rm -f $@~tmp |
diff --git a/src/initrd/btrfs-create.sh b/src/initrd/btrfs-create.sh index efd8728..5ed0f89 100644 --- a/src/initrd/btrfs-create.sh +++ b/src/initrd/btrfs-create.sh | |||
@@ -43,18 +43,7 @@ cdrom_has_rootfs() | |||
43 | 43 | ||
44 | losetup_layers() | 44 | losetup_layers() |
45 | { | 45 | { |
46 | if cdrom_has_rootfs | 46 | if [ -e /dev/disk/by-partlabel/samizdat-rootfs ] |
47 | then | ||
48 | # TODO: This is some kind of shortcut or short circuit to find these | ||
49 | # files, that ought to be found through the grok-block system (i.e., | ||
50 | # event-driven rather than polling). | ||
51 | local fs fs_rw | ||
52 | for fs in /cdrom/rootfs/*.btrfs; do | ||
53 | fs_rw=/"${fs##*/}".rw | ||
54 | dd if=/dev/zero of="$fs_rw" bs=1M count=10 | ||
55 | losetup_snapshot "$fs" "$fs_rw" || return | ||
56 | done | ||
57 | elif [ -e /dev/disk/by-partlabel/samizdat-rootfs ] | ||
58 | then | 47 | then |
59 | # TODO: prevent raciness | 48 | # TODO: prevent raciness |
60 | umount /dev/disk/by-partlabel/samizdat-rootfs | 49 | umount /dev/disk/by-partlabel/samizdat-rootfs |
diff --git a/src/initrd/grok-block b/src/initrd/grok-block index d194486..1d20850 100755 --- a/src/initrd/grok-block +++ b/src/initrd/grok-block | |||
@@ -146,19 +146,8 @@ grok_block() | |||
146 | ;; | 146 | ;; |
147 | esac | 147 | esac |
148 | case "$ID_PART_ENTRY_NAME" in | 148 | case "$ID_PART_ENTRY_NAME" in |
149 | samizdat-grub-incomplete|samizdat-plaintext-incomplete|samizdat-luks-encrypted-incomplete) return ;; | 149 | samizdat-*-incomplete|samizdat-plaintext|samizdat-keys|samizdat-grub) return ;; |
150 | samizdat-plaintext) | ||
151 | # . /verity.sh | ||
152 | # cp /verity.sh /run/initramfs/samizdat/ | ||
153 | # veritysetup --hash-offset="$verity_hash_offset" \ | ||
154 | # create samizverity \ | ||
155 | # "$DEVNAME" "$DEVNAME" "$verity_root_hash" | ||
156 | # bootdone veritysetup | ||
157 | return | ||
158 | ;; | ||
159 | samizdat-keys) ;; | ||
160 | samizdat-rootfs) ;; | 150 | samizdat-rootfs) ;; |
161 | samizdat-grub) return ;; | ||
162 | samizdat-luks-encrypted) | 151 | samizdat-luks-encrypted) |
163 | if ! [ -f /autobooted ] | 152 | if ! [ -f /autobooted ] |
164 | then | 153 | then |
@@ -196,9 +185,6 @@ grok_block() | |||
196 | is_incomplete_samizdat_install "$DEVNAME" && | 185 | is_incomplete_samizdat_install "$DEVNAME" && |
197 | addmenu_destroy_hard_drive "$DEVNAME" | 186 | addmenu_destroy_hard_drive "$DEVNAME" |
198 | 187 | ||
199 | # TODO: Need option to boot the partitions we create | ||
200 | # TODO: And what if we create partitions and then reboot the machine mid-install? | ||
201 | |||
202 | elif [ "$ID_PART_ENTRY_NAME" = samizdat-rootfs ]; then | 188 | elif [ "$ID_PART_ENTRY_NAME" = samizdat-rootfs ]; then |
203 | bootdone samizdat-rootfs | 189 | bootdone samizdat-rootfs |
204 | elif [ "$DEVNAME" = /dev/nbd1 ]; then | 190 | elif [ "$DEVNAME" = /dev/nbd1 ]; then |
@@ -206,56 +192,9 @@ grok_block() | |||
206 | umount "$mountpoint" | 192 | umount "$mountpoint" |
207 | rmdir "$mountpoint" | 193 | rmdir "$mountpoint" |
208 | bootdone samizdat-nbd-dev | 194 | bootdone samizdat-nbd-dev |
209 | |||
210 | else | 195 | else |
211 | umount=true | 196 | umount "$mountpoint" |
212 | # Device has an unencrypted filesystem on it. | 197 | rmdir "$mountpoint" |
213 | # So we mount it and look for loop-back overlays. | ||
214 | |||
215 | if [ -d "$mountpoint/samizdat.gpg" ]; then | ||
216 | # check the key somehow? | ||
217 | addmenu_choosekey "$DEVNAME" "$mountpoint/samizdat.gpg" | ||
218 | fi | ||
219 | |||
220 | N=1; while [ -e "$mountpoint/samizdat.$N" ] | ||
221 | do | ||
222 | if gpg_verify "$mountpoint/samizdat.$N"k; then | ||
223 | addmenu_chooseroot "$DEVNAME" "$mountpoint/samizdat.$N" | ||
224 | # this menu entry chooses the root fs, and should prompt and wait for the matching key | ||
225 | umount=false | ||
226 | fi | ||
227 | N=$((N+1)) | ||
228 | done | ||
229 | |||
230 | freeblocks=$(stat -f -c %f "$mountpoint") | ||
231 | blocksize=$(stat -f -c %S "$mountpoint") | ||
232 | freemegs=$((freeblocks * blocksize / 1024 / 1024)) | ||
233 | |||
234 | if [ "$freemegs" -ge 300 ]; then | ||
235 | |||
236 | umount=false | ||
237 | # bootwait samizdat-cdrom | ||
238 | # cdromblocks=$(stat -f -c %b /cdrom) | ||
239 | # cdromblocksize=$(stat -f -c %S /cdrom) | ||
240 | # cdrommegs=$((cdromblocks * cdromblocksize / 1024 / 1024)) | ||
241 | |||
242 | cdrommegs=700 # TODO: go back to checking the size | ||
243 | |||
244 | if [ "$freemegs" -ge "$((cdrommegs * 3))" ]; then | ||
245 | addmenu_makeroot "$DEVNAME" "${mountpoint}/samizdat.$N" "$((cdrommegs * 3))" 1 | ||
246 | elif [ "$freemegs" -ge "$((cdrommegs * 2))" ]; then | ||
247 | addmenu_makeroot "$DEVNAME" "${mountpoint}/samizdat.$N" "$((cdrommegs * 2))" 1 | ||
248 | elif [ "$freemegs" -ge "$cdrommegs" ]; then | ||
249 | addmenu_makeroot "$DEVNAME" "${mountpoint}/samizdat.$N" "$((freemegs / 2))" 0 | ||
250 | else | ||
251 | addmenu_makeroot "$DEVNAME" "${mountpoint}/samizdat.$N" 256 0 | ||
252 | fi | ||
253 | fi | ||
254 | |||
255 | if $umount; then | ||
256 | umount "$mountpoint" | ||
257 | rmdir "$mountpoint" | ||
258 | fi | ||
259 | fi | 198 | fi |
260 | } | 199 | } |
261 | 200 | ||