From 0535cb9565891eb15de2dddcbf85828c8503dac0 Mon Sep 17 00:00:00 2001 From: Andrew Cady Date: Thu, 22 Jun 2023 00:01:50 -0400 Subject: Removal of functionality that depended on gpg This material wasn't removed in the original commit removing gpg, because it seemed to have documentary value. This commit serves as the documentation index. Some of this functionality should be reimplemented. --- Makefile | 48 --------------------------------- src/initrd/btrfs-create.sh | 13 +-------- src/initrd/grok-block | 67 +++------------------------------------------- 3 files changed, 4 insertions(+), 124 deletions(-) diff --git a/Makefile b/Makefile index a376a64..f7b88c7 100644 --- a/Makefile +++ b/Makefile @@ -227,54 +227,6 @@ apt = $(shell which apt || which apt-get) apt-get-update-stamp: @if $(stale); then set -x; sudo $(apt) update && touch $@; fi -samizdat.iso: patched.iso - cp --reflink $< $@ - -patched.iso: gold.iso rootfs/samizdat.patch.btrfs - rm -f $@~tmp - cp --reflink $< $@~tmp - sudo xorrisofs -iso-level 3 -- \ - -indev $@~tmp \ - -outdev $@~tmp \ - -return_with FAILURE 32 \ - -pathspecs on \ - -follow link \ - -add /rootfs/z00.btrfs=rootfs/samizdat.patch.btrfs -- \ - -follow default \ - -as mkisofs -graft-points \ - -b grub/i386-pc/eltorito.img \ - -no-emul-boot -boot-info-table \ - --embedded-boot "${samizdat_grub_efi_dir}"/embedded.img \ - --protective-msdos-label - mv $@~tmp $@ - -gold.iso: rootfs/seed.iso reused-child - sudo grub-efi.sh - ! grep 'vmlinuz.*nbdroot' -r ${samizdat_grub_efi_dir} - exit 1; initrd.sh - rm -f $@~tmp - cp --reflink $< $@~tmp - sudo xorrisofs -iso-level 3 -- \ - -indev $@~tmp \ - -outdev $@~tmp \ - -return_with FAILURE 32 \ - -pathspecs on \ - -rm_r linux -- \ - -add linux="${samizdat_linux_dir}" -- \ - -rm_r "${gpg_iso_path}" -- \ - -add "${gpg_iso_path}=${GPG_INPUT_DIR}" -- \ - -rm_r grub -- \ - -add grub="${samizdat_grub_efi_dir}"/grub -- \ - -chown_r 0 / -- \ - -chgrp_r 0 / -- \ - -chmod_r go-rwx "${gpg_iso_path}" -- \ - -as mkisofs -graft-points \ - -b grub/i386-pc/eltorito.img \ - -no-emul-boot -boot-info-table \ - --embedded-boot "${samizdat_grub_efi_dir}"/embedded.img \ - --protective-msdos-label - mv $@~tmp $@ - rootfs/seed.iso: $(addprefix rootfs/samizdat.seed.btrf, s \ $(if $(VERITY), s.verity s.verity.log)) rm -f $@~tmp diff --git a/src/initrd/btrfs-create.sh b/src/initrd/btrfs-create.sh index efd8728..5ed0f89 100644 --- a/src/initrd/btrfs-create.sh +++ b/src/initrd/btrfs-create.sh @@ -43,18 +43,7 @@ cdrom_has_rootfs() losetup_layers() { - if cdrom_has_rootfs - then - # TODO: This is some kind of shortcut or short circuit to find these - # files, that ought to be found through the grok-block system (i.e., - # event-driven rather than polling). - local fs fs_rw - for fs in /cdrom/rootfs/*.btrfs; do - fs_rw=/"${fs##*/}".rw - dd if=/dev/zero of="$fs_rw" bs=1M count=10 - losetup_snapshot "$fs" "$fs_rw" || return - done - elif [ -e /dev/disk/by-partlabel/samizdat-rootfs ] + if [ -e /dev/disk/by-partlabel/samizdat-rootfs ] then # TODO: prevent raciness umount /dev/disk/by-partlabel/samizdat-rootfs diff --git a/src/initrd/grok-block b/src/initrd/grok-block index d194486..1d20850 100755 --- a/src/initrd/grok-block +++ b/src/initrd/grok-block @@ -146,19 +146,8 @@ grok_block() ;; esac case "$ID_PART_ENTRY_NAME" in - samizdat-grub-incomplete|samizdat-plaintext-incomplete|samizdat-luks-encrypted-incomplete) return ;; - samizdat-plaintext) - # . /verity.sh - # cp /verity.sh /run/initramfs/samizdat/ - # veritysetup --hash-offset="$verity_hash_offset" \ - # create samizverity \ - # "$DEVNAME" "$DEVNAME" "$verity_root_hash" - # bootdone veritysetup - return - ;; - samizdat-keys) ;; + samizdat-*-incomplete|samizdat-plaintext|samizdat-keys|samizdat-grub) return ;; samizdat-rootfs) ;; - samizdat-grub) return ;; samizdat-luks-encrypted) if ! [ -f /autobooted ] then @@ -196,9 +185,6 @@ grok_block() is_incomplete_samizdat_install "$DEVNAME" && addmenu_destroy_hard_drive "$DEVNAME" - # TODO: Need option to boot the partitions we create - # TODO: And what if we create partitions and then reboot the machine mid-install? - elif [ "$ID_PART_ENTRY_NAME" = samizdat-rootfs ]; then bootdone samizdat-rootfs elif [ "$DEVNAME" = /dev/nbd1 ]; then @@ -206,56 +192,9 @@ grok_block() umount "$mountpoint" rmdir "$mountpoint" bootdone samizdat-nbd-dev - else - umount=true - # Device has an unencrypted filesystem on it. - # So we mount it and look for loop-back overlays. - - if [ -d "$mountpoint/samizdat.gpg" ]; then - # check the key somehow? - addmenu_choosekey "$DEVNAME" "$mountpoint/samizdat.gpg" - fi - - N=1; while [ -e "$mountpoint/samizdat.$N" ] - do - if gpg_verify "$mountpoint/samizdat.$N"k; then - addmenu_chooseroot "$DEVNAME" "$mountpoint/samizdat.$N" - # this menu entry chooses the root fs, and should prompt and wait for the matching key - umount=false - fi - N=$((N+1)) - done - - freeblocks=$(stat -f -c %f "$mountpoint") - blocksize=$(stat -f -c %S "$mountpoint") - freemegs=$((freeblocks * blocksize / 1024 / 1024)) - - if [ "$freemegs" -ge 300 ]; then - - umount=false - # bootwait samizdat-cdrom - # cdromblocks=$(stat -f -c %b /cdrom) - # cdromblocksize=$(stat -f -c %S /cdrom) - # cdrommegs=$((cdromblocks * cdromblocksize / 1024 / 1024)) - - cdrommegs=700 # TODO: go back to checking the size - - if [ "$freemegs" -ge "$((cdrommegs * 3))" ]; then - addmenu_makeroot "$DEVNAME" "${mountpoint}/samizdat.$N" "$((cdrommegs * 3))" 1 - elif [ "$freemegs" -ge "$((cdrommegs * 2))" ]; then - addmenu_makeroot "$DEVNAME" "${mountpoint}/samizdat.$N" "$((cdrommegs * 2))" 1 - elif [ "$freemegs" -ge "$cdrommegs" ]; then - addmenu_makeroot "$DEVNAME" "${mountpoint}/samizdat.$N" "$((freemegs / 2))" 0 - else - addmenu_makeroot "$DEVNAME" "${mountpoint}/samizdat.$N" 256 0 - fi - fi - - if $umount; then - umount "$mountpoint" - rmdir "$mountpoint" - fi + umount "$mountpoint" + rmdir "$mountpoint" fi } -- cgit v1.2.3