diff options
| author | Andrew Cady <d@jerkface.net> | 2017-03-26 06:26:47 -0400 |
|---|---|---|
| committer | Andrew Cady <d@jerkface.net> | 2017-03-26 06:56:30 -0400 |
| commit | 217713edcd3a27d21577f8c4765f5b0d89981c7b (patch) | |
| tree | b1a23d31ab4a0593a4767f6fe4915953a982ff16 /src | |
| parent | 3d2ce35290969eb98a3455b78d2bdecde44fa9d6 (diff) | |
create and boot the encrypted root filesystem
Diffstat (limited to 'src')
| -rw-r--r-- | src/initrd/btrfs-create.sh | 23 | ||||
| -rwxr-xr-x | src/initrd/grok-block | 19 | ||||
| -rwxr-xr-x | src/initrd/menu-select | 12 |
3 files changed, 32 insertions, 22 deletions
diff --git a/src/initrd/btrfs-create.sh b/src/initrd/btrfs-create.sh index 5d359a9..b5cc2c5 100644 --- a/src/initrd/btrfs-create.sh +++ b/src/initrd/btrfs-create.sh | |||
| @@ -80,6 +80,7 @@ samizdat_movemounts() | |||
| 80 | mount -o move /cdrom /root/cdrom | 80 | mount -o move /cdrom /root/cdrom |
| 81 | mkdir -p /run/initramfs/samizdat/log | 81 | mkdir -p /run/initramfs/samizdat/log |
| 82 | cp /var/log/* /run/initramfs/samizdat/log | 82 | cp /var/log/* /run/initramfs/samizdat/log |
| 83 | umount /gpg | ||
| 83 | true | 84 | true |
| 84 | } | 85 | } |
| 85 | 86 | ||
| @@ -172,15 +173,15 @@ partition_new_hard_drive_DESTROYING_EVERYTHING() | |||
| 172 | { | 173 | { |
| 173 | local target="$1" | 174 | local target="$1" |
| 174 | # [ "$(parted -sm "$target" print | grep -c :)" = 1 ] || return | 175 | # [ "$(parted -sm "$target" print | grep -c :)" = 1 ] || return |
| 175 | parted "$target" -sm \ | 176 | parted "$target" -sm \ |
| 176 | unit B \ | 177 | unit B \ |
| 177 | mklabel gpt \ | 178 | mklabel gpt \ |
| 178 | mkpart primary 32KiB 4MiB \ | 179 | mkpart samizdat-grub-incomplete 32KiB 4MiB \ |
| 179 | set 1 bios_grub on \ | 180 | set 1 bios_grub on \ |
| 180 | mkpart primary btrfs 4MiB 1GiB \ | 181 | mkpart samizdat-plaintext-incomplete btrfs 4MiB 1GiB \ |
| 181 | name 2 gpg-incomplete \ | 182 | mkpart samizdat-luks-encrypted-incomplete 1GiB 100% \ |
| 182 | mkpart primary 1GiB 100% \ | 183 | && |
| 183 | name 3 luks-incomplete | 184 | udevadm settle |
| 184 | } | 185 | } |
| 185 | 186 | ||
| 186 | open_samizdat() | 187 | open_samizdat() |
| @@ -227,11 +228,9 @@ open_samizdat_blockdev() | |||
| 227 | 228 | ||
| 228 | init_samizdat_blockdev() | 229 | init_samizdat_blockdev() |
| 229 | { | 230 | { |
| 230 | local imgfile="$1" megs="$2" keyfile="$3" dev | 231 | local dev="$1" keyfile="$2" |
| 231 | local cryptname=samizdatcrypt | 232 | local cryptname=samizdatcrypt |
| 232 | 233 | ||
| 233 | dev=$(init_samizdat_lodev "$imgfile" "$megs") || return | ||
| 234 | |||
| 235 | [ ! -b /dev/mapper/"$cryptname" ] || return | 234 | [ ! -b /dev/mapper/"$cryptname" ] || return |
| 236 | 235 | ||
| 237 | luks_secret >/dev/null | 236 | luks_secret >/dev/null |
diff --git a/src/initrd/grok-block b/src/initrd/grok-block index 086722d..01265b0 100755 --- a/src/initrd/grok-block +++ b/src/initrd/grok-block | |||
| @@ -7,7 +7,7 @@ case "$DEVNAME" in /dev/loop*|/dev/ram*|/dev/dm-*|/dev/md*|/dev/fd*) exit ;; esa | |||
| 7 | 7 | ||
| 8 | debug_log "grok-block.${DEVNAME##*/}" | 8 | debug_log "grok-block.${DEVNAME##*/}" |
| 9 | 9 | ||
| 10 | addmenu_choosekey() | 10 | addmenu_choosekey() |
| 11 | { | 11 | { |
| 12 | dev=$1 | 12 | dev=$1 |
| 13 | dir=$2 | 13 | dir=$2 |
| @@ -62,8 +62,8 @@ retry_mount() | |||
| 62 | until mntout="$(mount "$@" 2>&1)" | 62 | until mntout="$(mount "$@" 2>&1)" |
| 63 | do | 63 | do |
| 64 | tries=$(( tries - 1 )) | 64 | tries=$(( tries - 1 )) |
| 65 | case "$mntout" in | 65 | case "$mntout" in |
| 66 | *"Device or resource busy"*) | 66 | *"Device or resource busy"*) |
| 67 | if [ $tries -le 0 ]; then | 67 | if [ $tries -le 0 ]; then |
| 68 | warn "mount $@ failed: $mntout" | 68 | warn "mount $@ failed: $mntout" |
| 69 | return 1 | 69 | return 1 |
| @@ -103,8 +103,9 @@ is_device_without_partitions() | |||
| 103 | 103 | ||
| 104 | is_incomplete_samizdat_install() | 104 | is_incomplete_samizdat_install() |
| 105 | { | 105 | { |
| 106 | # TODO: Possibly only some of the partitions are incomplete | ||
| 106 | local partition_names="$(parted -sm "$1" print | sed 1,2d | awk -F: -e '{printf "%s:", $6}')" | 107 | local partition_names="$(parted -sm "$1" print | sed 1,2d | awk -F: -e '{printf "%s:", $6}')" |
| 107 | [ "$partition_names" = 'primary:gpg-incomplete:luks-incomplete:' ] | 108 | [ "$partition_names" = 'samizdat-grub-incomplete:samizdat-plaintext-incomplete:samizdat-luks-encrypted-incomplete:' ] |
| 108 | } | 109 | } |
| 109 | 110 | ||
| 110 | grok_block() | 111 | grok_block() |
| @@ -119,6 +120,12 @@ grok_block() | |||
| 119 | *) mount_type="-t $ID_FS_TYPE" ;; | 120 | *) mount_type="-t $ID_FS_TYPE" ;; |
| 120 | esac | 121 | esac |
| 121 | 122 | ||
| 123 | # Skip partitions that we created. | ||
| 124 | # TODO: make these names more unique | ||
| 125 | case "$ID_PART_ENTRY_NAME" in | ||
| 126 | samizdat-grub-incomplete|samizdat-plaintext-incomplete|samizdat-luks-encrypted-incomplete) return ;; | ||
| 127 | esac | ||
| 128 | |||
| 122 | if [ "$ID_FS_TYPE" = hfsplus ] && ! fsck.hfsplus -q "$DEVNAME"; then | 129 | if [ "$ID_FS_TYPE" = hfsplus ] && ! fsck.hfsplus -q "$DEVNAME"; then |
| 123 | (if fsck.hfsplus "$DEVNAME"; then | 130 | (if fsck.hfsplus "$DEVNAME"; then |
| 124 | grok-block "$DEVNAME" | 131 | grok-block "$DEVNAME" |
| @@ -200,7 +207,7 @@ grok_block() | |||
| 200 | } | 207 | } |
| 201 | 208 | ||
| 202 | # Get me all them nice udev variables | 209 | # Get me all them nice udev variables |
| 203 | eval "$(PATH=$PATH:/lib/udev vol_id "$DEVNAME" | | 210 | eval "$(PATH=$PATH:/lib/udev vol_id "$DEVNAME" | |
| 204 | sed "s/'/'\\\\''/; s/=\(.*\)/='\1'/" | 211 | sed "s/'/'\\\\''/; s/=\(.*\)/='\1'/" |
| 205 | )" | 212 | )" |
| 206 | 213 | ||
| @@ -209,7 +216,7 @@ CDROM_ID_FS_LABEL_ENC=$(sed 's/ /\\x20/g' /lib/samizdat/vol_id.txt) | |||
| 209 | if [ "$ID_FS_UUID_ENC" = "$CDROM_ID_FS_UUID_ENC" -o \ | 216 | if [ "$ID_FS_UUID_ENC" = "$CDROM_ID_FS_UUID_ENC" -o \ |
| 210 | "$ID_FS_LABEL_ENC" = "$CDROM_ID_FS_LABEL_ENC" ] | 217 | "$ID_FS_LABEL_ENC" = "$CDROM_ID_FS_LABEL_ENC" ] |
| 211 | then | 218 | then |
| 212 | # Recognize and mount the Samizdat | 219 | # Recognize and mount the Samizdat |
| 213 | if ! mountpoint -q /cdrom; then | 220 | if ! mountpoint -q /cdrom; then |
| 214 | mkdir -p /cdrom | 221 | mkdir -p /cdrom |
| 215 | . mdadm-dup.sh | 222 | . mdadm-dup.sh |
diff --git a/src/initrd/menu-select b/src/initrd/menu-select index 4908b03..4a141a4 100755 --- a/src/initrd/menu-select +++ b/src/initrd/menu-select | |||
| @@ -83,12 +83,15 @@ case "$1" in | |||
| 83 | ;; | 83 | ;; |
| 84 | boot-destroy-disk) | 84 | boot-destroy-disk) |
| 85 | dev="$2" | 85 | dev="$2" |
| 86 | |||
| 86 | partition_new_hard_drive_DESTROYING_EVERYTHING "$dev" || error | 87 | partition_new_hard_drive_DESTROYING_EVERYTHING "$dev" || error |
| 87 | 88 | ||
| 89 | mkfs.btrfs -f "$dev"2 || error | ||
| 90 | mount "$dev"2 /gpg || error | ||
| 91 | init_gpg || error | ||
| 88 | 92 | ||
| 89 | # TODO: IMPLEMENT ME | 93 | init_samizdat_blockdev "$dev"3 /gpg/disk.key || error |
| 90 | # partition disk | 94 | init_samizdat /dev/mapper/samizdatcrypt '' || error |
| 91 | # init_samizdat | ||
| 92 | 95 | ||
| 93 | ;; | 96 | ;; |
| 94 | boot-overwrite|boot-new|boot-luks) | 97 | boot-overwrite|boot-new|boot-luks) |
| @@ -115,7 +118,8 @@ case "$1" in | |||
| 115 | 118 | ||
| 116 | start_meter "Allocating ${megs}MB in '$loopfile' on $dev..." | 119 | start_meter "Allocating ${megs}MB in '$loopfile' on $dev..." |
| 117 | 120 | ||
| 118 | if init_samizdat_blockdev "$loopfile" "$megs" "$loopfile"k && | 121 | if newdev=$(init_samizdat_lodev "$loopfile" "$megs") && |
| 122 | init_samizdat_blockdev "$newdev" "$loopfile"k && | ||
| 119 | init_samizdat /dev/mapper/samizdatcrypt "$loopfile"; then | 123 | init_samizdat /dev/mapper/samizdatcrypt "$loopfile"; then |
| 120 | stop_meter done. | 124 | stop_meter done. |
| 121 | else | 125 | else |