diff options
| author | Andrew Cady <d@jerkface.net> | 2016-04-27 09:23:09 -0400 |
|---|---|---|
| committer | Andrew Cady <d@jerkface.net> | 2016-04-27 09:23:09 -0400 |
| commit | bb35cfd21f0683d17d29a5f51b22bab8047127de (patch) | |
| tree | 035abc9fcb556cd195041587cf208e0ff6ccfcb6 /old-school/lvm-create.sh | |
| parent | 5240fe8fb459d895ec8daf7da013298ac9786a59 (diff) | |
Implement encrypted cdrom ejection
This allows the cdrom to be copied onto the outer filesystem (mounted in
/outerfs) without storing unencrypted gpg keys there.
e.g.:
samizdat-eject.sh /outerfs/samizdat.iso
This was necessary because the other method probably causes btrfs deadlocks.
We do end up copying data twice this way (or three times, probably --
if the ISO is saved), but not _from the cdrom_. And we get to eject
immediately after the first copy. Future copies will be from the hard
drive. Not too bad.
Diffstat (limited to 'old-school/lvm-create.sh')
| -rw-r--r-- | old-school/lvm-create.sh | 26 |
1 files changed, 25 insertions, 1 deletions
diff --git a/old-school/lvm-create.sh b/old-school/lvm-create.sh index ce0862e..916b888 100644 --- a/old-school/lvm-create.sh +++ b/old-school/lvm-create.sh | |||
| @@ -53,12 +53,35 @@ init_samizdat() | |||
| 53 | 53 | ||
| 54 | btrfs device add "$blockdev" /root || return | 54 | btrfs device add "$blockdev" /root || return |
| 55 | mount -o rw,remount /root || return | 55 | mount -o rw,remount /root || return |
| 56 | samizdat_movemounts "$imgfile" | ||
| 56 | 57 | ||
| 57 | initialize_root_filesystem || return | 58 | initialize_root_filesystem || return |
| 58 | 59 | ||
| 59 | bootdone root-mounted | 60 | bootdone root-mounted |
| 60 | } | 61 | } |
| 61 | 62 | ||
| 63 | samizdat_movemounts() | ||
| 64 | { | ||
| 65 | local imgfile="$1" mountpoint | ||
| 66 | |||
| 67 | mountpoint=$(mountpoint_of "$imgfile") || return | ||
| 68 | mkdir /root/cdrom /root/outerfs | ||
| 69 | mount -o move /cdrom /root/cdrom | ||
| 70 | mount -o move "$mountpoint" /root/outerfs | ||
| 71 | mkdir /run/initramfs/samizdat | ||
| 72 | mv /var/log /run/initramfs/samizdat/log | ||
| 73 | } | ||
| 74 | |||
| 75 | mountpoint_of() | ||
| 76 | { | ||
| 77 | local f="$1" | ||
| 78 | while ! mountpoint -q "$f"; do | ||
| 79 | f=$(dirname "$f") | ||
| 80 | [ "$f" != '.' ] || return 1 | ||
| 81 | done | ||
| 82 | printf '%s\n' "$f" | ||
| 83 | } | ||
| 84 | |||
| 62 | initialize_root_filesystem() | 85 | initialize_root_filesystem() |
| 63 | { | 86 | { |
| 64 | rm -r /root/root | 87 | rm -r /root/root |
| @@ -117,7 +140,7 @@ filesystem_incomplete() | |||
| 117 | open_samizdat() | 140 | open_samizdat() |
| 118 | { | 141 | { |
| 119 | open_samizdat_blockdev "$@" || return | 142 | open_samizdat_blockdev "$@" || return |
| 120 | local blockdev=/dev/mapper/samizdatcrypt fs | 143 | local blockdev=/dev/mapper/samizdatcrypt imgfile="$1" fs |
| 121 | 144 | ||
| 122 | # For this part, we don't necessarily need the cdrom. | 145 | # For this part, we don't necessarily need the cdrom. |
| 123 | # Unfortunately the init_gpg code is still getting the GPG key there. | 146 | # Unfortunately the init_gpg code is still getting the GPG key there. |
| @@ -127,6 +150,7 @@ open_samizdat() | |||
| 127 | modprobe btrfs || return | 150 | modprobe btrfs || return |
| 128 | btrfs device scan || return | 151 | btrfs device scan || return |
| 129 | mount -t btrfs -o subvol=ROOT "$blockdev" /root || return | 152 | mount -t btrfs -o subvol=ROOT "$blockdev" /root || return |
| 153 | samizdat_movemounts "$imgfile" | ||
| 130 | LoSetup -D | 154 | LoSetup -D |
| 131 | bootdone root-mounted | 155 | bootdone root-mounted |
| 132 | } | 156 | } |