diff options
Diffstat (limited to 'src/initrd/grok-block')
| -rwxr-xr-x | src/initrd/grok-block | 40 |
1 files changed, 29 insertions, 11 deletions
diff --git a/src/initrd/grok-block b/src/initrd/grok-block index 86ff499..ee23b38 100755 --- a/src/initrd/grok-block +++ b/src/initrd/grok-block | |||
| @@ -167,18 +167,29 @@ grok_block() | |||
| 167 | # Avoid mouting this multiple times in case this script gets called multiple times, | 167 | # Avoid mouting this multiple times in case this script gets called multiple times, |
| 168 | # because while it's mounted, the dmsetup stuff will fail with device busy. | 168 | # because while it's mounted, the dmsetup stuff will fail with device busy. |
| 169 | /dev/nbd0) | 169 | /dev/nbd0) |
| 170 | if [ -e /bootwait/samizdat-nbd-dev ] | 170 | bootdone nbd0-dev |
| 171 | then | 171 | return ;; |
| 172 | return | 172 | /dev/nbd1) |
| 173 | else | 173 | bootwait nbd-script nbd0-dev |
| 174 | bootwait nbd-script | 174 | wait_for_files_ /sys/block/nbd0/pid /sys/block/nbd1/pid |
| 175 | wait_for_files_ /sys/block/nbd0/pid | ||
| 176 | fi | ||
| 177 | ;; | 175 | ;; |
| 178 | esac | 176 | esac |
| 179 | case "$ID_PART_ENTRY_NAME" in | 177 | case "$ID_PART_ENTRY_NAME" in |
| 180 | samizdat-grub-incomplete|samizdat-plaintext-incomplete|samizdat-luks-encrypted-incomplete) return ;; | 178 | samizdat-grub-incomplete|samizdat-plaintext-incomplete|samizdat-luks-encrypted-incomplete) return ;; |
| 181 | samizdat-grub|samizdat-luks-encrypted) return ;; | 179 | samizdat-plaintext) |
| 180 | . /verity.sh | ||
| 181 | cp /verity.sh /run/initramfs/samizdat/ | ||
| 182 | veritysetup --hash-offset="$verity_hash_offset" \ | ||
| 183 | create samizverity \ | ||
| 184 | "$DEVNAME" "$DEVNAME" "$verity_root_hash" | ||
| 185 | bootdone veritysetup | ||
| 186 | return | ||
| 187 | ;; | ||
| 188 | samizdat-grub) return ;; | ||
| 189 | samizdat-luks-encrypted) | ||
| 190 | menu-select boot-native "$(parent_device "$DEVNAME")" | ||
| 191 | return | ||
| 192 | ;; | ||
| 182 | esac | 193 | esac |
| 183 | 194 | ||
| 184 | if [ "$ID_FS_TYPE" = hfsplus ] && ! fsck.hfsplus -q "$DEVNAME"; then | 195 | if [ "$ID_FS_TYPE" = hfsplus ] && ! fsck.hfsplus -q "$DEVNAME"; then |
| @@ -191,7 +202,11 @@ grok_block() | |||
| 191 | fi | 202 | fi |
| 192 | 203 | ||
| 193 | if ! mountpoint -q "$mountpoint"; then | 204 | if ! mountpoint -q "$mountpoint"; then |
| 194 | retry_mount $mount_type -o ro "$DEVNAME" "$mountpoint" | 205 | if [ "$DEVNAME" = /dev/nbd1 ] |
| 206 | then OPTIONS='-o device=/dev/nbd0' | ||
| 207 | else OPTIONS= | ||
| 208 | fi | ||
| 209 | retry_mount $mount_type -r $OPTIONS "$DEVNAME" "$mountpoint" | ||
| 195 | fi | 210 | fi |
| 196 | 211 | ||
| 197 | if ! mountpoint -q "$mountpoint"; then | 212 | if ! mountpoint -q "$mountpoint"; then |
| @@ -206,10 +221,13 @@ grok_block() | |||
| 206 | elif [ "$ID_PART_ENTRY_NAME" = samizdat-plaintext ]; then | 221 | elif [ "$ID_PART_ENTRY_NAME" = samizdat-plaintext ]; then |
| 207 | if gpg_verify "$mountpoint"/disk.key && gpg_can_decrypt "$mountpoint"/disk.key; then | 222 | if gpg_verify "$mountpoint"/disk.key && gpg_can_decrypt "$mountpoint"/disk.key; then |
| 208 | addmenu_choose_native_root "$(parent_device "$DEVNAME")" | 223 | addmenu_choose_native_root "$(parent_device "$DEVNAME")" |
| 224 | umount "$mountpoint" | ||
| 225 | bootdone key-mounted | ||
| 226 | else | ||
| 227 | umount "$mountpoint" | ||
| 209 | fi | 228 | fi |
| 210 | umount "$mountpoint" | ||
| 211 | 229 | ||
| 212 | elif [ "$DEVNAME" = /dev/nbd0 ]; then | 230 | elif [ "$DEVNAME" = /dev/nbd1 ]; then |
| 213 | # This is our rootfs, over the network | 231 | # This is our rootfs, over the network |
| 214 | umount "$mountpoint" | 232 | umount "$mountpoint" |
| 215 | rmdir "$mountpoint" | 233 | rmdir "$mountpoint" |