From 7e58194eb06762d7e6a99558dfe90e6485da89aa Mon Sep 17 00:00:00 2001 From: Andrew Cady Date: Sat, 10 Oct 2020 19:28:10 -0400 Subject: about to reboot and try this shit --- src/initrd/grok-block | 17 +++--- src/parted-usb.sh | 145 ++++++++++++++++++++++++++++++++++++-------------- 2 files changed, 115 insertions(+), 47 deletions(-) diff --git a/src/initrd/grok-block b/src/initrd/grok-block index ee23b38..0b5f3f9 100755 --- a/src/initrd/grok-block +++ b/src/initrd/grok-block @@ -177,14 +177,15 @@ grok_block() case "$ID_PART_ENTRY_NAME" in samizdat-grub-incomplete|samizdat-plaintext-incomplete|samizdat-luks-encrypted-incomplete) return ;; samizdat-plaintext) - . /verity.sh - cp /verity.sh /run/initramfs/samizdat/ - veritysetup --hash-offset="$verity_hash_offset" \ - create samizverity \ - "$DEVNAME" "$DEVNAME" "$verity_root_hash" - bootdone veritysetup + # . /verity.sh + # cp /verity.sh /run/initramfs/samizdat/ + # veritysetup --hash-offset="$verity_hash_offset" \ + # create samizverity \ + # "$DEVNAME" "$DEVNAME" "$verity_root_hash" + # bootdone veritysetup return ;; + samizdat-keys) ;; samizdat-grub) return ;; samizdat-luks-encrypted) menu-select boot-native "$(parent_device "$DEVNAME")" @@ -218,6 +219,10 @@ grok_block() # TODO: Need option to boot the partitions we create # TODO: And what if we create partitions and then reboot the machine mid-install? + elif [ "$ID_PART_ENTRY_NAME" = samizdat-keys ]; then + mkdir -p /gpg + cp -a "$mountpoint"/gnupghome /gpg/ && bootdone samizdat-gpg && bootdone samizdat-cdrom + elif [ "$ID_PART_ENTRY_NAME" = samizdat-plaintext ]; then if gpg_verify "$mountpoint"/disk.key && gpg_can_decrypt "$mountpoint"/disk.key; then addmenu_choose_native_root "$(parent_device "$DEVNAME")" diff --git a/src/parted-usb.sh b/src/parted-usb.sh index 4047331..8c3c048 100755 --- a/src/parted-usb.sh +++ b/src/parted-usb.sh @@ -15,6 +15,10 @@ MiB() initialize_target() { + if [ -b "$target" ] + then return + fi + rm -f "$target" if [ "$ROOTFS" ] then @@ -33,6 +37,10 @@ partition_target() mkpart samizdat-grub 1 8 \ set 1 bios_grub on \ mkpart samizdat-keys btrfs ${start_keys} ${end_keys} + case "$target" in + /dev/loop*) ;; + *) partx -u "$target" ;; + esac if [ "$ROOTFS" ] then @@ -43,17 +51,24 @@ partition_target() make_target_bootable() { - losetup -f "$target" - dev=$(losetup -j "$target" -O NAME --noheadings) + if [ -b "$target" ] + then + dev=$target + part=$target + mnt=/mnt/${target#/dev/} + else + losetup -f "$target" + dev=$(losetup -j "$target" -O NAME --noheadings) - kpartx -vasas "$dev" - kdev=/dev/mapper/${dev##*/} + kpartx -vasas "$dev" + part=/dev/mapper/${dev##*/}p - mnt=$target.mnt + mnt=$target.mnt + fi - mkfs.btrfs --mixed "$kdev"p2 + mkfs.btrfs -f --mixed "$part"2 mkdir -p "$mnt" - mount "$kdev"p2 "$mnt" + mount "$part"2 "$mnt" mkdir -p "$mnt"/boot/grub cp -aL "$GRUB_CONFIG" "$mnt"/boot/grub @@ -65,23 +80,36 @@ make_target_bootable() release_target_kernel_resources() { umount "$mnt" - kpartx -d "$dev" - losetup -d "$dev" + case "$dev" in + /dev/loop*) + kpartx -d "$dev" + losetup -d "$dev" + ;; + esac } with_target() { local mnt dev target="$1" shift + if [ -b "$target" ] + then + mnt=/mnt/${target#/dev/} + dev=${target}2 + else + losetup -f "$target" -o $(MiB $start_keys) + dev=$(losetup -j "$target" -O NAME --noheadings) + mnt=$target.mnt + fi - mnt=$target.mnt mkdir -p "$mnt" - losetup -f "$target" -o $(MiB $start_keys) - dev=$(losetup -j "$target" -O NAME --noheadings) mount "$dev" "$mnt" "$@" umount "$mnt" - losetup -d "$dev" + + case "$dev" in + /dev/loop*) losetup -d "$dev" ;; + esac } add_keys() @@ -110,6 +138,18 @@ individualize() add_grub_cfg } +globalize() +{ + : initialize + initialize_target + : partition + partition_target + : install-grub + make_target_bootable + : release + release_target_kernel_resources +} + sanity_checks() { [[ $UID = 0 ]] || die "You are not root." @@ -119,24 +159,44 @@ sanity_checks() done } -create_template() +individualize_target_from() { - local target="${1}.tmp" + cp -T --reflink=always "$1" "$target" + with_target "$target" individualize +} - if [ ! -e "${target%.tmp}" ] - then - initialize_target - partition_target - make_target_bootable - release_target_kernel_resources - mv -T "$target" "${target%.tmp}" - fi +find_mac() +{ + start_mac=$1 + for mac in $(ip link show | grep link/ether | (read _ mac _; echo $mac | tr : -)); do + if [ "${mac%??}" = "${start_mac%??}" ]; then + prefix=${mac%??} + suffix=$(printf %x $(( 0x${mac##*-} + 1 ))) + MAC=${prefix}${suffix} + return + fi + done + MAC=$start_mac } -individualize_target_from() +boot_vm() { - cp -T --reflink=always "$1" "$target" - with_target "$target" individualize + installer_target=samizdat.disk.img + if [ ! -e "$installer_target" ] + then + fallocate -l 15G "$installer_target" + fi + + find_mac 52-54-00-12-34-56 + qemu-system-x86_64 \ + -enable-kvm \ + -smp 2 \ + -m 512 \ + -k en-us \ + -net nic,model=virtio,macaddr=$MAC \ + -vga qxl \ + -drive file="$final",format=raw \ + -drive file="$installer_target",format=raw } . samizdat-paths.sh || die 'samizdat-paths.sh not found' @@ -151,23 +211,26 @@ then version_suffix=-$1 fi - sanity_checks set -e -template=boot-disk.template.img -target=boot-disk.img.tmp -final=${target%.tmp} -create_template "$template" -individualize_target_from "$template" -mv -T "$target" "$final" - -installer_target=target-disk.img -rm -f "$installer_target" -if [ ! -e "$installer_target" ] +if [ "$TARGET" ] then - fallocate -l 10G "$installer_target" + target=$TARGET globalize + with_target "$TARGET" individualize + final=$TARGET + boot_vm +else + template=boot-disk.template.img + target=boot-disk.img.tmp + final=${target%.tmp} + if [ ! -e "$template" ] + then + target="$template".tmp globalize + mv -T "$template".tmp "$template" + fi + cp -T --reflink=always "$template" "$target" + with_target "$target" individualize + mv -T "$target" "$final" + boot_vm fi - -qemu-system-x86_64 -enable-kvm -smp 2 -m 512 -k en-us -vga qxl -drive file="$final",format=raw -drive file="$installer_target",format=raw - -- cgit v1.2.3