summaryrefslogtreecommitdiff
path: root/src/initrd
diff options
context:
space:
mode:
Diffstat (limited to 'src/initrd')
-rw-r--r--src/initrd/btrfs-create.sh63
-rwxr-xr-xsrc/initrd/grok-block40
2 files changed, 79 insertions, 24 deletions
diff --git a/src/initrd/btrfs-create.sh b/src/initrd/btrfs-create.sh
index 39c89ca..cdf73ef 100644
--- a/src/initrd/btrfs-create.sh
+++ b/src/initrd/btrfs-create.sh
@@ -27,16 +27,41 @@ ceil4()
27 printf '%d\n' "$x" 27 printf '%d\n' "$x"
28} 28}
29 29
30kernel_commandline_has()
31{
32 local v="$1" c
33 read c < /proc/cmdline
34 for c in $c
35 do
36 case "$c" in
37 "$v"|"$v"=*) true; return;;
38 esac
39 done
40 false
41}
42
43netbooted()
44{
45 kernel_commandline_has BOOTIF
46}
47
30cdrom_has_rootfs() 48cdrom_has_rootfs()
31{ 49{
32 [ ! "$BOOTIF" ] || return 50 if netbooted
33 bootwait samizdat-cdrom 51 then
34 [ -d /cdrom/rootfs ] 52 false
53 else
54 bootwait samizdat-cdrom
55 [ -d /cdrom/rootfs ]
56 fi
35} 57}
36 58
37losetup_layers() 59losetup_layers()
38{ 60{
39 if cdrom_has_rootfs; then 61 if cdrom_has_rootfs; then
62 # TODO: This is some kind of shortcut or short circuit to find these
63 # files, that ought to be found through the grok-block system (i.e.,
64 # event-driven rather than polling).
40 local fs fs_rw 65 local fs fs_rw
41 for fs in /cdrom/rootfs/*.btrfs; do 66 for fs in /cdrom/rootfs/*.btrfs; do
42 fs_rw=/"${fs##*/}".rw 67 fs_rw=/"${fs##*/}".rw
@@ -45,8 +70,11 @@ losetup_layers()
45 done 70 done
46 else 71 else
47 bootwait samizdat-nbd-dev 72 bootwait samizdat-nbd-dev
48 dd if=/dev/zero of=/nbd0.rw bs=1M count=10 73 local dev
49 dm_snapshot /dev/nbd0 /nbd0.rw 74 for dev in nbd0 nbd1; do
75 dd if=/dev/zero of=/$dev.rw bs=1M count=10
76 dm_snapshot /dev/$dev /$dev.rw
77 done
50 return 78 return
51 fi 79 fi
52} 80}
@@ -210,15 +238,24 @@ filesystem_incomplete()
210 238
211partition_new_hard_drive_DESTROYING_EVERYTHING() 239partition_new_hard_drive_DESTROYING_EVERYTHING()
212{ 240{
213 local target="$1" 241 # TODO: get the actual size of the btrfs master and actually triple it. The empty
242 # space can be left available to allow the local machine to boot a
243 # locally-regenerated rootfs seed.
244 sz=3
245 u=GiB
246 actual_sz=$sz$u
247 tripled_sz=$((sz * 3))$u
248 pct=100% # TODO: use 50%
249
250 local target="$1" sz=6GiB
214 # [ "$(parted -sm "$target" print | grep -c :)" = 1 ] || return 251 # [ "$(parted -sm "$target" print | grep -c :)" = 1 ] || return
215 parted "$target" -sm \ 252 parted "$target" -sm \
216 unit B \ 253 unit B \
217 mklabel gpt \ 254 mklabel gpt \
218 mkpart samizdat-grub-incomplete 32KiB 8160KiB \ 255 mkpart samizdat-grub-incomplete 32KiB 8MiB \
219 set 1 bios_grub on \ 256 set 1 bios_grub on \
220 mkpart samizdat-plaintext-incomplete btrfs 8MiB 1GiB \ 257 mkpart samizdat-plaintext-incomplete btrfs 64MiB $actual_sz \
221 mkpart samizdat-luks-encrypted-incomplete 1GiB 100% \ 258 mkpart samizdat-luks-encrypted-incomplete $tripled_sz $pct \
222 && 259 &&
223 udevadm settle 260 udevadm settle
224} 261}
diff --git a/src/initrd/grok-block b/src/initrd/grok-block
index 86ff499..ee23b38 100755
--- a/src/initrd/grok-block
+++ b/src/initrd/grok-block
@@ -167,18 +167,29 @@ grok_block()
167 # Avoid mouting this multiple times in case this script gets called multiple times, 167 # Avoid mouting this multiple times in case this script gets called multiple times,
168 # because while it's mounted, the dmsetup stuff will fail with device busy. 168 # because while it's mounted, the dmsetup stuff will fail with device busy.
169 /dev/nbd0) 169 /dev/nbd0)
170 if [ -e /bootwait/samizdat-nbd-dev ] 170 bootdone nbd0-dev
171 then 171 return ;;
172 return 172 /dev/nbd1)
173 else 173 bootwait nbd-script nbd0-dev
174 bootwait nbd-script 174 wait_for_files_ /sys/block/nbd0/pid /sys/block/nbd1/pid
175 wait_for_files_ /sys/block/nbd0/pid
176 fi
177 ;; 175 ;;
178 esac 176 esac
179 case "$ID_PART_ENTRY_NAME" in 177 case "$ID_PART_ENTRY_NAME" in
180 samizdat-grub-incomplete|samizdat-plaintext-incomplete|samizdat-luks-encrypted-incomplete) return ;; 178 samizdat-grub-incomplete|samizdat-plaintext-incomplete|samizdat-luks-encrypted-incomplete) return ;;
181 samizdat-grub|samizdat-luks-encrypted) return ;; 179 samizdat-plaintext)
180 . /verity.sh
181 cp /verity.sh /run/initramfs/samizdat/
182 veritysetup --hash-offset="$verity_hash_offset" \
183 create samizverity \
184 "$DEVNAME" "$DEVNAME" "$verity_root_hash"
185 bootdone veritysetup
186 return
187 ;;
188 samizdat-grub) return ;;
189 samizdat-luks-encrypted)
190 menu-select boot-native "$(parent_device "$DEVNAME")"
191 return
192 ;;
182 esac 193 esac
183 194
184 if [ "$ID_FS_TYPE" = hfsplus ] && ! fsck.hfsplus -q "$DEVNAME"; then 195 if [ "$ID_FS_TYPE" = hfsplus ] && ! fsck.hfsplus -q "$DEVNAME"; then
@@ -191,7 +202,11 @@ grok_block()
191 fi 202 fi
192 203
193 if ! mountpoint -q "$mountpoint"; then 204 if ! mountpoint -q "$mountpoint"; then
194 retry_mount $mount_type -o ro "$DEVNAME" "$mountpoint" 205 if [ "$DEVNAME" = /dev/nbd1 ]
206 then OPTIONS='-o device=/dev/nbd0'
207 else OPTIONS=
208 fi
209 retry_mount $mount_type -r $OPTIONS "$DEVNAME" "$mountpoint"
195 fi 210 fi
196 211
197 if ! mountpoint -q "$mountpoint"; then 212 if ! mountpoint -q "$mountpoint"; then
@@ -206,10 +221,13 @@ grok_block()
206 elif [ "$ID_PART_ENTRY_NAME" = samizdat-plaintext ]; then 221 elif [ "$ID_PART_ENTRY_NAME" = samizdat-plaintext ]; then
207 if gpg_verify "$mountpoint"/disk.key && gpg_can_decrypt "$mountpoint"/disk.key; then 222 if gpg_verify "$mountpoint"/disk.key && gpg_can_decrypt "$mountpoint"/disk.key; then
208 addmenu_choose_native_root "$(parent_device "$DEVNAME")" 223 addmenu_choose_native_root "$(parent_device "$DEVNAME")"
224 umount "$mountpoint"
225 bootdone key-mounted
226 else
227 umount "$mountpoint"
209 fi 228 fi
210 umount "$mountpoint"
211 229
212 elif [ "$DEVNAME" = /dev/nbd0 ]; then 230 elif [ "$DEVNAME" = /dev/nbd1 ]; then
213 # This is our rootfs, over the network 231 # This is our rootfs, over the network
214 umount "$mountpoint" 232 umount "$mountpoint"
215 rmdir "$mountpoint" 233 rmdir "$mountpoint"