diff options
-rw-r--r-- | initrd-dependencies.txt | 1 | ||||
-rw-r--r-- | old-school/lvm-create.sh | 26 | ||||
-rw-r--r-- | old-school/mdadm-dup.sh | 46 | ||||
-rwxr-xr-x | patchroot.sh | 2 | ||||
-rwxr-xr-x | samizdat-eject.sh | 2 |
5 files changed, 73 insertions, 4 deletions
diff --git a/initrd-dependencies.txt b/initrd-dependencies.txt index 531c117..36bef76 100644 --- a/initrd-dependencies.txt +++ b/initrd-dependencies.txt | |||
@@ -8,3 +8,4 @@ ntfs-3g | |||
8 | hfsplus | 8 | hfsplus |
9 | isolinux | 9 | isolinux |
10 | nbd-client | 10 | nbd-client |
11 | cryptsetup | ||
diff --git a/old-school/lvm-create.sh b/old-school/lvm-create.sh index ce0862e..916b888 100644 --- a/old-school/lvm-create.sh +++ b/old-school/lvm-create.sh | |||
@@ -53,12 +53,35 @@ init_samizdat() | |||
53 | 53 | ||
54 | btrfs device add "$blockdev" /root || return | 54 | btrfs device add "$blockdev" /root || return |
55 | mount -o rw,remount /root || return | 55 | mount -o rw,remount /root || return |
56 | samizdat_movemounts "$imgfile" | ||
56 | 57 | ||
57 | initialize_root_filesystem || return | 58 | initialize_root_filesystem || return |
58 | 59 | ||
59 | bootdone root-mounted | 60 | bootdone root-mounted |
60 | } | 61 | } |
61 | 62 | ||
63 | samizdat_movemounts() | ||
64 | { | ||
65 | local imgfile="$1" mountpoint | ||
66 | |||
67 | mountpoint=$(mountpoint_of "$imgfile") || return | ||
68 | mkdir /root/cdrom /root/outerfs | ||
69 | mount -o move /cdrom /root/cdrom | ||
70 | mount -o move "$mountpoint" /root/outerfs | ||
71 | mkdir /run/initramfs/samizdat | ||
72 | mv /var/log /run/initramfs/samizdat/log | ||
73 | } | ||
74 | |||
75 | mountpoint_of() | ||
76 | { | ||
77 | local f="$1" | ||
78 | while ! mountpoint -q "$f"; do | ||
79 | f=$(dirname "$f") | ||
80 | [ "$f" != '.' ] || return 1 | ||
81 | done | ||
82 | printf '%s\n' "$f" | ||
83 | } | ||
84 | |||
62 | initialize_root_filesystem() | 85 | initialize_root_filesystem() |
63 | { | 86 | { |
64 | rm -r /root/root | 87 | rm -r /root/root |
@@ -117,7 +140,7 @@ filesystem_incomplete() | |||
117 | open_samizdat() | 140 | open_samizdat() |
118 | { | 141 | { |
119 | open_samizdat_blockdev "$@" || return | 142 | open_samizdat_blockdev "$@" || return |
120 | local blockdev=/dev/mapper/samizdatcrypt fs | 143 | local blockdev=/dev/mapper/samizdatcrypt imgfile="$1" fs |
121 | 144 | ||
122 | # For this part, we don't necessarily need the cdrom. | 145 | # For this part, we don't necessarily need the cdrom. |
123 | # Unfortunately the init_gpg code is still getting the GPG key there. | 146 | # Unfortunately the init_gpg code is still getting the GPG key there. |
@@ -127,6 +150,7 @@ open_samizdat() | |||
127 | modprobe btrfs || return | 150 | modprobe btrfs || return |
128 | btrfs device scan || return | 151 | btrfs device scan || return |
129 | mount -t btrfs -o subvol=ROOT "$blockdev" /root || return | 152 | mount -t btrfs -o subvol=ROOT "$blockdev" /root || return |
153 | samizdat_movemounts "$imgfile" | ||
130 | LoSetup -D | 154 | LoSetup -D |
131 | bootdone root-mounted | 155 | bootdone root-mounted |
132 | } | 156 | } |
diff --git a/old-school/mdadm-dup.sh b/old-school/mdadm-dup.sh index 16e3dfd..fe18e92 100644 --- a/old-school/mdadm-dup.sh +++ b/old-school/mdadm-dup.sh | |||
@@ -116,7 +116,51 @@ mdadm_subdevices() | |||
116 | mdadm -D "$md_dev" -Y | sed -ne 's/^MD_DEVICE_.*_DEV=//p' | 116 | mdadm -D "$md_dev" -Y | sed -ne 's/^MD_DEVICE_.*_DEV=//p' |
117 | } | 117 | } |
118 | 118 | ||
119 | mdadm_copy_eject() # NOT INITRD; uses non-busybox "losetup" | 119 | cryptsetup_temp() |
120 | { | ||
121 | local sectors="$1" cryptname="$2" temp_file="$3" parms=$- secret | ||
122 | set +x | ||
123 | # Add 4096 sectors for LUKS header | ||
124 | truncate -s $(((sectors + 4096) * 512)) "$temp_file" || return | ||
125 | cleartext_dev=$(LoSetup -f --show "$temp_file") || return | ||
126 | secret="$(head -c256 /dev/urandom)" || return | ||
127 | printf %s "$secret" | | ||
128 | cryptsetup luksFormat "$cleartext_dev" - || return | ||
129 | printf %s "$secret" | | ||
130 | cryptsetup --key-file - luksOpen "$cleartext_dev" "$cryptname" || return | ||
131 | unset secret | ||
132 | set $parms | ||
133 | |||
134 | wait_for_dm_device /dev/mapper/"$cryptname" | ||
135 | echo /dev/mapper/"$cryptname" | ||
136 | } | ||
137 | |||
138 | mdadm_copy_eject_crypt() | ||
139 | { | ||
140 | local md_dev="$1" temp_file="$2" | ||
141 | |||
142 | [ -b "$md_dev" ] || return | ||
143 | [ ! -e "$temp_file" ] || return | ||
144 | |||
145 | local output_dev sectors | ||
146 | |||
147 | old_subdev=$(mdadm_subdevices "$md_dev"|head -n1) || return | ||
148 | [ -b "$old_subdev" ] || return | ||
149 | # TODO: truncate to the ISO fs size if the device is larger | ||
150 | sectors=$(blockdev --getsz "$md_dev") || return | ||
151 | |||
152 | output_dev=$(cryptsetup_temp "$sectors" samizdatiso "$temp_file") || return | ||
153 | |||
154 | mdadm "$md_dev" --add "$output_dev" || return | ||
155 | mdadm "$md_dev" --grow -n2 || return | ||
156 | |||
157 | mdadm_wait_remove "$md_dev" "$old_subdev" || return | ||
158 | |||
159 | mdadm "$md_dev" --grow -n1 --force || return | ||
160 | dm_snapshot_teardown "$old_subdev" | ||
161 | } | ||
162 | |||
163 | mdadm_copy_eject() | ||
120 | { | 164 | { |
121 | local md_dev="$1" output_file="$2" | 165 | local md_dev="$1" output_file="$2" |
122 | 166 | ||
diff --git a/patchroot.sh b/patchroot.sh index 3efa8ec..4f05de6 100755 --- a/patchroot.sh +++ b/patchroot.sh | |||
@@ -2,7 +2,7 @@ | |||
2 | 2 | ||
3 | pkgs='avahi-daemon git tmux btrfs-tools/jessie-backports sshfs eject' | 3 | pkgs='avahi-daemon git tmux btrfs-tools/jessie-backports sshfs eject' |
4 | pkgs="$pkgs $(cat initrd-dependencies.txt)" | 4 | pkgs="$pkgs $(cat initrd-dependencies.txt)" |
5 | pkgs="$pkgs linux-image-$(uname -r)" | 5 | pkgs="$pkgs linux-image-$(uname -r)/jessie-backports" |
6 | 6 | ||
7 | default_sources_list() | 7 | default_sources_list() |
8 | { | 8 | { |
diff --git a/samizdat-eject.sh b/samizdat-eject.sh index f5360a7..ac2ebc3 100755 --- a/samizdat-eject.sh +++ b/samizdat-eject.sh | |||
@@ -27,7 +27,7 @@ done | |||
27 | 27 | ||
28 | copy() | 28 | copy() |
29 | { | 29 | { |
30 | mdadm_copy_eject /dev/md55 "$target" | 30 | mdadm_copy_eject_crypt /dev/md55 "$target" |
31 | } | 31 | } |
32 | 32 | ||
33 | remove() | 33 | remove() |