From 461ee2c0ab97b1073bfd55896d70302ce17bb323 Mon Sep 17 00:00:00 2001 From: Andrew Cady Date: Thu, 7 May 2020 18:35:51 -0400 Subject: run xorriso incrementally The ISO image '/rootfs/samizdat.iso' will be created holding just the file 'rootfs/samizdat.btrfs'. A copy-on-write link named either ./samizdat.iso is made of the first stage ISO image. This is then modified by xorriso to create a stage2 ISO that also holds the user's keys and the bootloader. --- .gitignore | 1 + Makefile | 73 +++++++++++++++++++++++++++++++++++++++++++++++++++----------- 2 files changed, 62 insertions(+), 12 deletions(-) diff --git a/.gitignore b/.gitignore index 384a284..697ef25 100644 --- a/.gitignore +++ b/.gitignore @@ -41,3 +41,4 @@ stack.yaml.lock samizdat.iso TEST_CHILD.*.log krng-add-entropy +reused-child diff --git a/Makefile b/Makefile index ba16c02..c686735 100644 --- a/Makefile +++ b/Makefile @@ -138,10 +138,14 @@ fastboot: rootfs reuse_child := $(shell 2>/dev/null read child < reused-child && echo --reuse-child=$$child; true) -samizdat.iso: +samizdat.netinst.iso: sudo initrd.sh - sudo xorriso-usb.sh $(reuse_child) --bootloader --out samizdat.iso + sudo xorriso-usb.sh $(reuse_child) --bootloader --out $@ +reused-child: + sudo keygen.sh ${samizdat_child_dir}/child.$$$$ && \ + sudo store-child-permanently $$$$ && \ + echo $$$$ > $@ testclean: make -C kiki install @@ -151,17 +155,62 @@ testclean: cleantest: make testclean - make isotest-nonet + make isotest + +isotest: samizdat.iso + USE_ISO=y SLOW_BOOT=y NO_NET=y qemu.sh $^ + +isotest-netinst: samizdat.netinst.iso + USE_ISO=y SLOW_BOOT=y qemu.sh $^ + +gpg_iso_path=gnupghome +GPG_INPUT_DIR=${samizdat_child_dir}/child.$(shell cat reused-child)/root/.gnupg + +samizdat.iso: rootfs/samizdat.iso reused-child + sudo grub-efi.sh + ! grep 'vmlinuz.*nbdroot' -r ${samizdat_grub_efi_dir} + rm -f $@~tmp + cp --reflink $< $@~tmp + sudo xorrisofs -iso-level 3 -- \ + -indev $@~tmp \ + -outdev $@~tmp \ + -return_with FAILURE 32 \ + -volid SamizdatLive \ + -pathspecs on \ + -rm_r linux -- \ + -add linux="${samizdat_linux_dir}" -- \ + -rm_r "${gpg_iso_path}" -- \ + -add "${gpg_iso_path}=${GPG_INPUT_DIR}" -- \ + -rm_r grub -- \ + -add grub="${samizdat_grub_efi_dir}"/grub -- \ + -chown_r 0 / -- \ + -chgrp_r 0 / -- \ + -chmod_r go-rwx "${gpg_iso_path}" -- \ + -as mkisofs -graft-points \ + -b grub/i386-pc/eltorito.img \ + -no-emul-boot -boot-info-table \ + --embedded-boot "${samizdat_grub_efi_dir}"/embedded.img \ + --protective-msdos-label + mv $@~tmp $@ + +rootfs/samizdat.iso: rootfs/samizdat.btrfs + rm -f $@~tmp + touch $@~tmp + fallocate -n -l 10G $@~tmp + xorrisofs -iso-level 3 -- \ + -outdev $@~tmp \ + $${SILENT:+ -report_about mishap} \ + -return_with FAILURE 32 \ + -volid SamizdatLive \ + -pathspecs on \ + -follow link \ + -add /rootfs/samizdat.btrfs=/srv/nbd/samizdat.btrfs -- \ + -follow default + mv $@~tmp $@ + +rootfs/samizdat.btrfs: + make -C rootfs -isotest: install - sudo initrd.sh - sudo xorriso-usb.sh $(reuse_child) --bootloader --out samizdat.iso - USE_ISO=y SLOW_BOOT=y qemu.sh - -isotest-nonet: install - sudo initrd.sh - sudo xorriso-usb.sh $(reuse_child) --out samizdat-nonet.iso - USE_ISO=y SLOW_BOOT=y NO_NET=y qemu.sh samizdat-nonet.iso .PHONY: install install: -- cgit v1.2.3