diff options
| -rw-r--r-- | Makefile | 48 | ||||
| -rw-r--r-- | src/initrd/btrfs-create.sh | 13 | ||||
| -rwxr-xr-x | src/initrd/grok-block | 67 |
3 files changed, 4 insertions, 124 deletions
| @@ -227,54 +227,6 @@ apt = $(shell which apt || which apt-get) | |||
| 227 | apt-get-update-stamp: | 227 | apt-get-update-stamp: |
| 228 | @if $(stale); then set -x; sudo $(apt) update && touch $@; fi | 228 | @if $(stale); then set -x; sudo $(apt) update && touch $@; fi |
| 229 | 229 | ||
| 230 | samizdat.iso: patched.iso | ||
| 231 | cp --reflink $< $@ | ||
| 232 | |||
| 233 | patched.iso: gold.iso rootfs/samizdat.patch.btrfs | ||
| 234 | rm -f $@~tmp | ||
| 235 | cp --reflink $< $@~tmp | ||
| 236 | sudo xorrisofs -iso-level 3 -- \ | ||
| 237 | -indev $@~tmp \ | ||
| 238 | -outdev $@~tmp \ | ||
| 239 | -return_with FAILURE 32 \ | ||
| 240 | -pathspecs on \ | ||
| 241 | -follow link \ | ||
| 242 | -add /rootfs/z00.btrfs=rootfs/samizdat.patch.btrfs -- \ | ||
| 243 | -follow default \ | ||
| 244 | -as mkisofs -graft-points \ | ||
| 245 | -b grub/i386-pc/eltorito.img \ | ||
| 246 | -no-emul-boot -boot-info-table \ | ||
| 247 | --embedded-boot "${samizdat_grub_efi_dir}"/embedded.img \ | ||
| 248 | --protective-msdos-label | ||
| 249 | mv $@~tmp $@ | ||
| 250 | |||
| 251 | gold.iso: rootfs/seed.iso reused-child | ||
| 252 | sudo grub-efi.sh | ||
| 253 | ! grep 'vmlinuz.*nbdroot' -r ${samizdat_grub_efi_dir} | ||
| 254 | exit 1; initrd.sh | ||
| 255 | rm -f $@~tmp | ||
| 256 | cp --reflink $< $@~tmp | ||
| 257 | sudo xorrisofs -iso-level 3 -- \ | ||
| 258 | -indev $@~tmp \ | ||
| 259 | -outdev $@~tmp \ | ||
| 260 | -return_with FAILURE 32 \ | ||
| 261 | -pathspecs on \ | ||
| 262 | -rm_r linux -- \ | ||
| 263 | -add linux="${samizdat_linux_dir}" -- \ | ||
| 264 | -rm_r "${gpg_iso_path}" -- \ | ||
| 265 | -add "${gpg_iso_path}=${GPG_INPUT_DIR}" -- \ | ||
| 266 | -rm_r grub -- \ | ||
| 267 | -add grub="${samizdat_grub_efi_dir}"/grub -- \ | ||
| 268 | -chown_r 0 / -- \ | ||
| 269 | -chgrp_r 0 / -- \ | ||
| 270 | -chmod_r go-rwx "${gpg_iso_path}" -- \ | ||
| 271 | -as mkisofs -graft-points \ | ||
| 272 | -b grub/i386-pc/eltorito.img \ | ||
| 273 | -no-emul-boot -boot-info-table \ | ||
| 274 | --embedded-boot "${samizdat_grub_efi_dir}"/embedded.img \ | ||
| 275 | --protective-msdos-label | ||
| 276 | mv $@~tmp $@ | ||
| 277 | |||
| 278 | rootfs/seed.iso: $(addprefix rootfs/samizdat.seed.btrf, s \ | 230 | rootfs/seed.iso: $(addprefix rootfs/samizdat.seed.btrf, s \ |
| 279 | $(if $(VERITY), s.verity s.verity.log)) | 231 | $(if $(VERITY), s.verity s.verity.log)) |
| 280 | rm -f $@~tmp | 232 | rm -f $@~tmp |
diff --git a/src/initrd/btrfs-create.sh b/src/initrd/btrfs-create.sh index efd8728..5ed0f89 100644 --- a/src/initrd/btrfs-create.sh +++ b/src/initrd/btrfs-create.sh | |||
| @@ -43,18 +43,7 @@ cdrom_has_rootfs() | |||
| 43 | 43 | ||
| 44 | losetup_layers() | 44 | losetup_layers() |
| 45 | { | 45 | { |
| 46 | if cdrom_has_rootfs | 46 | if [ -e /dev/disk/by-partlabel/samizdat-rootfs ] |
| 47 | then | ||
| 48 | # TODO: This is some kind of shortcut or short circuit to find these | ||
| 49 | # files, that ought to be found through the grok-block system (i.e., | ||
| 50 | # event-driven rather than polling). | ||
| 51 | local fs fs_rw | ||
| 52 | for fs in /cdrom/rootfs/*.btrfs; do | ||
| 53 | fs_rw=/"${fs##*/}".rw | ||
| 54 | dd if=/dev/zero of="$fs_rw" bs=1M count=10 | ||
| 55 | losetup_snapshot "$fs" "$fs_rw" || return | ||
| 56 | done | ||
| 57 | elif [ -e /dev/disk/by-partlabel/samizdat-rootfs ] | ||
| 58 | then | 47 | then |
| 59 | # TODO: prevent raciness | 48 | # TODO: prevent raciness |
| 60 | umount /dev/disk/by-partlabel/samizdat-rootfs | 49 | umount /dev/disk/by-partlabel/samizdat-rootfs |
diff --git a/src/initrd/grok-block b/src/initrd/grok-block index d194486..1d20850 100755 --- a/src/initrd/grok-block +++ b/src/initrd/grok-block | |||
| @@ -146,19 +146,8 @@ grok_block() | |||
| 146 | ;; | 146 | ;; |
| 147 | esac | 147 | esac |
| 148 | case "$ID_PART_ENTRY_NAME" in | 148 | case "$ID_PART_ENTRY_NAME" in |
| 149 | samizdat-grub-incomplete|samizdat-plaintext-incomplete|samizdat-luks-encrypted-incomplete) return ;; | 149 | samizdat-*-incomplete|samizdat-plaintext|samizdat-keys|samizdat-grub) return ;; |
| 150 | samizdat-plaintext) | ||
| 151 | # . /verity.sh | ||
| 152 | # cp /verity.sh /run/initramfs/samizdat/ | ||
| 153 | # veritysetup --hash-offset="$verity_hash_offset" \ | ||
| 154 | # create samizverity \ | ||
| 155 | # "$DEVNAME" "$DEVNAME" "$verity_root_hash" | ||
| 156 | # bootdone veritysetup | ||
| 157 | return | ||
| 158 | ;; | ||
| 159 | samizdat-keys) ;; | ||
| 160 | samizdat-rootfs) ;; | 150 | samizdat-rootfs) ;; |
| 161 | samizdat-grub) return ;; | ||
| 162 | samizdat-luks-encrypted) | 151 | samizdat-luks-encrypted) |
| 163 | if ! [ -f /autobooted ] | 152 | if ! [ -f /autobooted ] |
| 164 | then | 153 | then |
| @@ -196,9 +185,6 @@ grok_block() | |||
| 196 | is_incomplete_samizdat_install "$DEVNAME" && | 185 | is_incomplete_samizdat_install "$DEVNAME" && |
| 197 | addmenu_destroy_hard_drive "$DEVNAME" | 186 | addmenu_destroy_hard_drive "$DEVNAME" |
| 198 | 187 | ||
| 199 | # TODO: Need option to boot the partitions we create | ||
| 200 | # TODO: And what if we create partitions and then reboot the machine mid-install? | ||
| 201 | |||
| 202 | elif [ "$ID_PART_ENTRY_NAME" = samizdat-rootfs ]; then | 188 | elif [ "$ID_PART_ENTRY_NAME" = samizdat-rootfs ]; then |
| 203 | bootdone samizdat-rootfs | 189 | bootdone samizdat-rootfs |
| 204 | elif [ "$DEVNAME" = /dev/nbd1 ]; then | 190 | elif [ "$DEVNAME" = /dev/nbd1 ]; then |
| @@ -206,56 +192,9 @@ grok_block() | |||
| 206 | umount "$mountpoint" | 192 | umount "$mountpoint" |
| 207 | rmdir "$mountpoint" | 193 | rmdir "$mountpoint" |
| 208 | bootdone samizdat-nbd-dev | 194 | bootdone samizdat-nbd-dev |
| 209 | |||
| 210 | else | 195 | else |
| 211 | umount=true | 196 | umount "$mountpoint" |
| 212 | # Device has an unencrypted filesystem on it. | 197 | rmdir "$mountpoint" |
| 213 | # So we mount it and look for loop-back overlays. | ||
| 214 | |||
| 215 | if [ -d "$mountpoint/samizdat.gpg" ]; then | ||
| 216 | # check the key somehow? | ||
| 217 | addmenu_choosekey "$DEVNAME" "$mountpoint/samizdat.gpg" | ||
| 218 | fi | ||
| 219 | |||
| 220 | N=1; while [ -e "$mountpoint/samizdat.$N" ] | ||
| 221 | do | ||
| 222 | if gpg_verify "$mountpoint/samizdat.$N"k; then | ||
| 223 | addmenu_chooseroot "$DEVNAME" "$mountpoint/samizdat.$N" | ||
| 224 | # this menu entry chooses the root fs, and should prompt and wait for the matching key | ||
| 225 | umount=false | ||
| 226 | fi | ||
| 227 | N=$((N+1)) | ||
| 228 | done | ||
| 229 | |||
| 230 | freeblocks=$(stat -f -c %f "$mountpoint") | ||
| 231 | blocksize=$(stat -f -c %S "$mountpoint") | ||
| 232 | freemegs=$((freeblocks * blocksize / 1024 / 1024)) | ||
| 233 | |||
| 234 | if [ "$freemegs" -ge 300 ]; then | ||
| 235 | |||
| 236 | umount=false | ||
| 237 | # bootwait samizdat-cdrom | ||
| 238 | # cdromblocks=$(stat -f -c %b /cdrom) | ||
| 239 | # cdromblocksize=$(stat -f -c %S /cdrom) | ||
| 240 | # cdrommegs=$((cdromblocks * cdromblocksize / 1024 / 1024)) | ||
| 241 | |||
| 242 | cdrommegs=700 # TODO: go back to checking the size | ||
| 243 | |||
| 244 | if [ "$freemegs" -ge "$((cdrommegs * 3))" ]; then | ||
| 245 | addmenu_makeroot "$DEVNAME" "${mountpoint}/samizdat.$N" "$((cdrommegs * 3))" 1 | ||
| 246 | elif [ "$freemegs" -ge "$((cdrommegs * 2))" ]; then | ||
| 247 | addmenu_makeroot "$DEVNAME" "${mountpoint}/samizdat.$N" "$((cdrommegs * 2))" 1 | ||
| 248 | elif [ "$freemegs" -ge "$cdrommegs" ]; then | ||
| 249 | addmenu_makeroot "$DEVNAME" "${mountpoint}/samizdat.$N" "$((freemegs / 2))" 0 | ||
| 250 | else | ||
| 251 | addmenu_makeroot "$DEVNAME" "${mountpoint}/samizdat.$N" 256 0 | ||
| 252 | fi | ||
| 253 | fi | ||
| 254 | |||
| 255 | if $umount; then | ||
| 256 | umount "$mountpoint" | ||
| 257 | rmdir "$mountpoint" | ||
| 258 | fi | ||
| 259 | fi | 198 | fi |
| 260 | } | 199 | } |
| 261 | 200 | ||