From e98c4babea202d692a5dac8c05efc64a44e8aedc Mon Sep 17 00:00:00 2001 From: Andrew Cady Date: Tue, 19 Apr 2016 14:39:53 -0400 Subject: cause the grok-block hooks to run --- old-school/common.sh | 143 ++++++++ old-school/grok-block | 179 ++++++++++ old-school/halt.montecarlo | 39 +++ old-school/init | 60 ++++ old-school/init.functions | 345 ++++++++++++++++++ old-school/init.shutdown | 30 ++ old-school/lvm-create.sh | 393 +++++++++++++++++++++ old-school/lvm.conf | 773 +++++++++++++++++++++++++++++++++++++++++ old-school/menu-select | 112 ++++++ old-school/samizdat-cdrom-copy | 75 ++++ old-school/squashfs-size | 88 +++++ old-school/umountall.sh | 126 +++++++ old-school/vol_id | 2 + 13 files changed, 2365 insertions(+) create mode 100644 old-school/common.sh create mode 100755 old-school/grok-block create mode 100755 old-school/halt.montecarlo create mode 100755 old-school/init create mode 100644 old-school/init.functions create mode 100755 old-school/init.shutdown create mode 100644 old-school/lvm-create.sh create mode 100644 old-school/lvm.conf create mode 100755 old-school/menu-select create mode 100755 old-school/samizdat-cdrom-copy create mode 100755 old-school/squashfs-size create mode 100755 old-school/umountall.sh create mode 100755 old-school/vol_id (limited to 'old-school') diff --git a/old-school/common.sh b/old-school/common.sh new file mode 100644 index 0000000..c216d2a --- /dev/null +++ b/old-school/common.sh @@ -0,0 +1,143 @@ +#!/bin/sh +REQUIRED_MB=250 # minimum megabytes available to offer install +MENUFIFO=/menu.fifo +DEBUG=y +LOGBASE=/var/log + +debug_log() +{ + if [ -n "$DEBUG" ]; then + if [ -n "$1" ]; then + DEBUG_LOG=$LOGBASE/"$1".$$.log + else + DEBUG_LOG=$LOGBASE/$(basename $0).$$.log + fi + mkdir -p $LOGBASE + exec >>$DEBUG_LOG 2>&1 + set -x + fi +} +addmenu() +{ + cat <>$MENUFIFO # mind the tabs +setItem "$1" "dummy" "$2" "$3" +END +} +menutitle() +{ + printf 'setTitle "%s"\n' "$1" >>$MENUFIFO + printf 'setWelcomeText "%s"\n' "$2" >>$MENUFIFO +} +bootmenu() +{ + local do_trigger="$1" no_panic="$2" + /bin/openvt -f -c 7 -- dynmenu "$MENUFIFO" && + chvt 7 && + menutitle 'Samizdat\n\nAs the Internet develops there are\ntransitions in the management arrangements.\nThe time has come to take\na small step in one of those transitions.' 'Choose an installation target.' +# menutitle 'Samizdat\nfreedom from surveillance\nno trusted authorities' 'Choose an installation target.' + addmenu "ramdisk" "[ Boot to RAM without installing anything ]" "menu-select boot-ram" + if [ $? != 0 -a ! "$no_panic" ]; then + panic "error loading boot menu! the system won't be usable :(" + fi + if [ "$do_trigger" ]; then + udevadm trigger --subsystem-match=block --action=add + fi +} +find_squashfs_root() +{ + # TODO: "make" puts the correct location in $iso_squashfs_dir. Get + # information into this function! + + bootwait samizdat-cdrom + for dir in /cdrom/live /cdrom/liveos /cdrom/aptosid /cdrom/* + do + [ -d "$dir" ] || continue; + if [ -f "$dir"/filesystem.module ]; then + while read fs; do + [ -f "$dir"/"$fs" ] && echo "$dir" "$fs" + done < "$dir"/filesystem.module + return + fi + done + for fs in /cdrom/live/filesystem.squashfs /cdrom/live/grml-small.squashfs /cdrom/liveos/squashfs.img /cdrom/aptosid/aptosid.* /cdrom/*/*.squashfs + do + if [ -f "$fs" ]; then + echo "${fs%/*}" "${fs##*/}" + break + fi + done +} +xtrace() +{ + case "$-" in + *x*) "$@" ;; + *) set -x; "$@"; set +x ;; + esac +} +sleepcmd() { + local t=$1 + shift + echo "about to run '$*' (in $t)" + sleep $t + "$@" +} +sleep_forever_verbose() { + sleep 4294967295 & + local sleep=$! + warn "sleeping until you kill $sleep..." + wait $sleep +} +warn() { [ -z "$warnings" ] || echo "$@" >&2; } +panic() +{ + set +x + exec /dev/tty1 2>&1 + reset + echo "[p$$] initramfs /init: fatal error: $@" + echo "[p$$] will now exec emergency shell" + export PS1="[p$$ \\w]# " + chvt 1 + exec /bin/sh -i +} +bootwait() +{ + mkdir -p /bootwait + local i=$#; while [ $i -gt 0 ]; do + i=$((i-1)) + local f="$1"; shift; set -- "$@" "/bootwait/$f" + done + wait_for_files "$@" +} +bootdone() +{ + mkdir -p /bootwait + local i=$#; while [ $i -gt 0 ]; do + i=$((i-1)) + local f="$1"; shift; set -- "$@" "/bootwait/$f" + done + touch "$@" +} +my_openvt() +{ + /bin/openvt -c "$@" +} + +# This runs before way before NTP and on a LiveCD we have no +# reason to trust the system clock. +gpg2_nobatch() { GPG_TTY=$(tty) command gpg2 --ignore-time-conflict --ignore-valid-from "$@"; } +gpg2() { gpg2_nobatch --batch "$@"; } + +xcp() { if [ -f "$1" -a ! -f "$2" ]; then cp "$1" "$2"; fi; } + +mountsquashes() +{ + local name dirname basename + while read dirname basename && [ -d "$dirname" -a -f "$dirname/$basename" ]; do + name=${basename%.squashfs} + mkdir -p "/squashes/$name" || return 1 + xcp "$dirname"/filesystem.module /squashes/filesystem.module || return 1 + mountpoint -q "/squashes/$name" || + mount -o ro,loop "$dirname/$basename" "/squashes/$name" || return 1 + done +} + diff --git a/old-school/grok-block b/old-school/grok-block new file mode 100755 index 0000000..3f45bb2 --- /dev/null +++ b/old-school/grok-block @@ -0,0 +1,179 @@ +#!/bin/sh +. common.sh + +DEVNAME=$1 +case "$DEVNAME" in /dev/loop*|/dev/ram*|/dev/dm-*|/dev/md*) exit ;; esac +[ -b "$DEVNAME" ] || exit + +debug_log "grok-block.${DEVNAME##*/}" + +addmenu_choosekey() +{ + dev=$1 + dir=$2 + addmenu "$dev//$dir" \ + "[ Use the GPG key on $dev ]" \ + "menu-select boot-gpg $dev $dir" +} + +addmenu_repairhfs() +{ + local device="$1" + addmenu "$device//reboot" \ + "[ Reboot into Mac OS X in order to repair disk $device ]" \ + "eject /cdrom; sleep 2; reboot -f" + addmenu "$device//fsck" \ + "[ (DANGEROUS) Try to repair errors on $device with fsck.hfsplus ]" \ + "/bin/openvt -sw -- sh -c 'fsck.hfsplus $device && remenu'" +} + +addmenu_chooseroot() +{ + local device="$1" loopfile="$2" + + addmenu "$device//$loopfile" \ + "[ Boot the system on $device${loopfile:+ in file $(basename $loopfile)} ]" \ + "menu-select --fs=$ID_FS_TYPE boot-luks $device ${loopfile:-$device}" +} + +addmenu_makeroot() +{ + local device="$1" loopfile="$2" megs="$3" copy_cdrom="$4" + ( + addmenu "$device//$loopfile" \ + "[ Install Samizdat to $device (in file $(basename $loopfile)) ]" \ + "menu-select --fs=$ID_FS_TYPE boot-new $device $loopfile $megs $copy_cdrom" + ) & +} + +retry_mount() +{ + tries=20 + until mntout="$(mount "$@" 2>&1)" + do + tries=$(( tries - 1 )) + case "$mntout" in + *"Device or resource busy"*) + if [ $tries -le 0 ]; then + warn "mount $@ failed: $mntout" + return 1 + else + sleep 1 + continue + fi + ;; + *) + warn "mount $@ failed: $mntout" + break ;; + esac + done +} + +gpg_verify() +{ + bootwait samizdat-cdrom + gpg2 --lock-never --no-permission-warning --no-auto-check-trustdb --no-options --homedir /cdrom/samizdat/gpg/gnupghome --verify "$1" +} +is_lvm() +{ + for n in 0 1 2 3; do + [ "LVM2 001" = "$(dd if="$1" bs=1 skip=$((512*n+24)) count=8 2>/dev/null)" ] && return 0 + done + return 1 +} + +grok_block() +{ + local mountpoint="/mnt/${DEVNAME##*/}" + + mkdir -p "$mountpoint" + + case "$ID_FS_TYPE" in + ntfs) mount_type='-t ntfs-3g' ;; + "") mount_type= ;; + *) mount_type="-t $ID_FS_TYPE" ;; + esac + + if [ "$ID_FS_TYPE" = hfsplus ] && ! fsck.hfsplus -q "$DEVNAME"; then + (if fsck.hfsplus "$DEVNAME"; then + grok-block "$DEVNAME" + else + addmenu_repairhfs "$DEVNAME" + fi) & + return + fi + + if ! mountpoint -q "$mountpoint"; then + retry_mount $mount_type -o ro "$DEVNAME" "$mountpoint" + fi + + if mountpoint -q "$mountpoint"; then + umount=true + # Device has an unencrypted filesystem on it. + # So we mount it and look for loop-back overlays. + + if [ -d "$mountpoint/samizdat.gpg" ]; then + # check the key somehow? + addmenu_choosekey "$DEVNAME" "$mountpoint/samizdat.gpg" + fi + + N=1; while [ -e "$mountpoint/samizdat.$N" ] + do + if gpg_verify "$mountpoint/samizdat.$N"k; then + addmenu_chooseroot "$DEVNAME" "$mountpoint/samizdat.$N" + # this menu entry chooses the root fs, and should prompt and wait for the matching key + umount=false + fi + N=$((N+1)) + done + + freeblocks=$(stat -f -c %f "$mountpoint") + blocksize=$(stat -f -c %S "$mountpoint") + freemegs=$((freeblocks * blocksize / 1024 / 1024)) + + if [ "$freemegs" -ge 300 ]; then + + umount=false + bootwait samizdat-cdrom + cdromblocks=$(stat -f -c %b /cdrom) + cdromblocksize=$(stat -f -c %S /cdrom) + cdrommegs=$((cdromblocks * cdromblocksize / 1024 / 1024)) + + if [ "$freemegs" -ge "$((cdrommegs * 3))" ]; then + addmenu_makeroot "$DEVNAME" "${mountpoint}/samizdat.$N" "$((cdrommegs * 3))" 1 + elif [ "$freemegs" -ge "$((cdrommegs * 2))" ]; then + addmenu_makeroot "$DEVNAME" "${mountpoint}/samizdat.$N" "$((cdrommegs * 2))" 1 + elif [ "$freemegs" -ge "$cdrommegs" ]; then + addmenu_makeroot "$DEVNAME" "${mountpoint}/samizdat.$N" "$((freemegs / 2))" 0 + fi + fi + + if $umount; then + umount "$mountpoint" + rmdir "$mountpoint" + fi + else + rmdir "$mountpoint" + fi +} + +# Get me all them nice udev variables +eval "$(PATH=$PATH:/lib/udev vol_id "$DEVNAME" | + sed "s/'/'\\\\''/; s/=\(.*\)/='\1'/" +)" + +CDROM_ID_FS_UUID_ENC='73256269-4002-4e42-adbd-0e49ed1c7438' +CDROM_ID_FS_LABEL_ENC=$(sed 's/ /\\x20/g' /lib/samizdat/vol_id.txt) +if [ "$ID_FS_UUID_ENC" = "$CDROM_ID_FS_UUID_ENC" -o \ + "$ID_FS_LABEL_ENC" = "$CDROM_ID_FS_LABEL_ENC" ] +then + # Recognize and mount the Samizdat + if ! mountpoint -q /cdrom; then + mkdir -p /cdrom + (retry_mount -t iso9660 -r "$DEVNAME" /cdrom && bootdone samizdat-cdrom) & + fi +else + grok_block & +fi + +# vim:set et sw=2: diff --git a/old-school/halt.montecarlo b/old-school/halt.montecarlo new file mode 100755 index 0000000..67dac17 --- /dev/null +++ b/old-school/halt.montecarlo @@ -0,0 +1,39 @@ +#!/bin/bash + +cmd=${0##*/} +dashf= +for arg in "$@"; do + case "$arg" in -*f*) dashf=1 ;; esac + case "$arg" in -*p*) [ "$cmd" = halt ] && cmd=poweroff ;; esac +done + +[ "$dashf" ] || exec -a "$0" /sbin/halt.distrib "$@" + +read pids < /run/sendsigs.omit.d/samizdat +for p in $pids; do + if [ -e /proc/$p/root -a ! /proc/$p/root -ef / ]; then + initramfs=/proc/$p/root + break + fi +done + +panic() +{ + set -x + sync + exec -a "$0" /sbin/halt.distrib "$@" +} + +[ "$initramfs" ] || panic + +cp /sbin/init $initramfs/telinit + +# Apparently, linux does not allow a direct bind mount of a file on +# the initramfs. Therefore, copy the file from the initramfs and bind +# mount the copy. + +mount -o remount,exec /run +cp $initramfs/lib/samizdat/init.shutdown /run/ && mount --bind /run/init.shutdown /sbin/init || panic + +echo $cmd -f > $initramfs/halt +$initramfs/telinit u diff --git a/old-school/init b/old-school/init new file mode 100755 index 0000000..3b62c0a --- /dev/null +++ b/old-school/init @@ -0,0 +1,60 @@ +#!/bin/sh +PATH=$PATH:/usr/lib/klibc/bin +#if [ $$ = 1 ]; then +# "$0" "$@" +# exec sh -i +#fi +. init.functions +warnings=y + +debug_log init +mountvirt +klogd -c1 # no kernel messages + +mkdir -p "$LOGBASE" +sh -c "syslogd -O '$LOGBASE'/"'syslogd.$$.log'; +if [ "$DEBUG" != y ]; then + echo 0 > /proc/sys/kernel/printk +fi + +makedev +loadenv + +if [ -x /bin/kmod ]; then + ln -sf /bin/kmod /bin/depmod + /bin/depmod -a +else + depmod -a +fi + +PS1='[$$ \w]# ' my_openvt 8 -- sh -i + +mkfifo "$MENUFIFO" || panic "mkfifo '$MENUFIFO' failed" +bootmenu +mkdir -p /etc/udev/rules.d +cat </etc/udev/rules.d/z00_blockdev_mountroot.rules +ACTION=="add", SUBSYSTEM=="block", RUN+="/bin/grok-block \$env{DEVNAME}" +END + +start_udev +mountunionroot + +bootwait rw-overlay +# killeverything +# nuke /dev/.udev/queue/ +stop_udev +insertoverlay + +movemounts +gpg_agent_chroot +patchroot +clear >/dev/tty1 +chvt 1 +[ -e /do-delay-boot ] && bootwait 'launch-init-ready' +launch_init "$@" + +# unreachable since launch_init will panic on failure +panic 'inconceivable!' +exec >/dev/tty1 2>&1 <&1 +reset +exec sh -i diff --git a/old-school/init.functions b/old-school/init.functions new file mode 100644 index 0000000..3b5027b --- /dev/null +++ b/old-school/init.functions @@ -0,0 +1,345 @@ +#!/bin/sh +. common.sh +mountvirt() +{ + # TODO: simply put these dirs on the initrd itself + mkdir -m 0755 -p /dev /sys /proc /tmp /var /run + mkdir -m 0700 -p /root + + mount -t sysfs -o nodev,noexec,nosuid none /sys + mount -t proc -o nodev,noexec,nosuid none /proc + tmpfs_size="10M" +# [ -f /etc/udev/udev.conf ] && . /etc/udev/udev.conf + mount -t tmpfs -o size=$tmpfs_size,mode=0755 udev /dev + mount -t tmpfs -o size=64M,mode=0755 run /run + mkdir -m 0755 /dev/pts /run/lock + mount -t devpts devpts /dev/pts + ln -s /run /run/lock /var/ +} +makedev() +{ + # TODO: simply put these nodes on the initrd itself + mkdir -m 0755 -p /dev + mknod /dev/null c 1 3 + mknod /dev/zero c 1 5 + mknod /dev/tty c 5 0 + if [ "$FUCK_devconsole" ]; then # FUCK /dev/console + mknod /dev/console c 4 1 # tty1 is console; a saner alternative (TODO: fix shutdown to chvt) + else + mknod /dev/console c 5 1 + fi + for i in 0 1 2 3 4 5 6 7 8; do + mknod /dev/tty${i} c 4 ${i} + done + # TODO: wait for udev? pft. + for i in 0 1 2 3 4 5 6 7; do + mknod /dev/loop${i} b 7 ${i} + done +} +loadenv() +{ + # TODO: filter the wheat from the chaff here; most of this is unused. + # TODO: implement the various boot args + + # Load config files +# export DPKG_ARCH= +# . /conf/arch.conf +# export ROOT= +# . /conf/initramfs.conf +# for conf in conf/conf.d/*; do +# [ -f ${conf} ] && . ${conf} +# done + # Make modprobe quiet + export MODPROBE_OPTIONS="-qb" + # Export constants + export rootmnt=/root + # Export bootparam variables + export init=/sbin/init + export readonly=y + export blacklist= + + # Parse command line options + for x in $(cat /proc/cmdline); do + case $x in + init=*) init=${x#init=} ;; + root=*) + ROOT=${x#root=} + case $ROOT in + LABEL=*) ROOT="/dev/disk/by-label/${ROOT#LABEL=}" ;; + UUID=*) ROOT="/dev/disk/by-uuid/${ROOT#UUID=}" ;; + /dev/nfs) [ -z "${BOOT}" ] && BOOT=nfs ;; + esac + ;; + rootflags=*) ROOTFLAGS="-o ${x#rootflags=}" ;; + rootfstype=*) ROOTFSTYPE="${x#rootfstype=}" ;; + ro) readonly=y ;; + rw) readonly=n ;; + + nfsroot=*) NFSROOT="${x#nfsroot=}" ;; + ip=*) IPOPTS="${x#ip=}" ;; + boot=*) BOOT=${x#boot=} ;; + + resume=*) RESUME="${x#resume=}" ;; + noresume) noresume=y ;; + blacklist=*) blacklist=${x#blacklist=} ;; + + hostname=*) + hostname=${x#hostname=} + hostname "$hostname" + ;; + bootcd_device=*) bootcd_device=${x#bootcd_device=} + mkdir -p /cdrom && + mount -r -t hostfs -o "${bootcd_device#hostfs=}" hostfs /cdrom && + bootdone samizdat-cdrom + ;; + overlay_device=*) overlay_device=${x#overlay_device=} + mkdir -p /overlay && + mount -t hostfs -o "${overlay_device#hostfs=}" hostfs /overlay && + bootdone rw-overlay + ;; + uml_modules=*) uml_modules=${x#uml_modules=} + mount -t hostfs -o "${uml_modules#hostfs=}" hostfs /lib/modules ;; + esac + done + + if [ -z "${noresume}" ]; then + export resume=${RESUME} + else + export noresume + fi +} +mountunionroot() +{ + bootwait samizdat-cdrom squashfs-root + + ufs= + if grep -q aufs /proc/filesystems || modprobe aufs; then + ufs=aufs + elif grep -q unionfs /proc/filesystems || modprobe unionfs; then + ufs=unionfs + fi + + case $ufs in + unionfs) ro=ro;; + aufs) ro=rr;; + *) panic "mountunionroot: unionfs module not found";; + esac + + dirs=; + if [ -f /squashes/filesystem.module ]; then + while read img; do + d=/squashes/"${img%.squashfs}" + mountpoint -q /squashes/"${img%.squashfs}" || continue; + dirs="$d=$ro${dirs:+:$dirs}" + done < /squashes/filesystem.module + else + for d in /squashes/*; do + mountpoint -q "$d" || continue + dirs="$d=$ro${dirs:+:$dirs}" + done + fi + [ -n "$dirs" ] || + panic "no squashes. missing/broken images on cdrom?" + + if true; then +# overlay_tmp=$(mktemp -d /overlay.XXXXXX) && + overlay_tmp=/overlay.$$ && mkdir -p $overlay_tmp && + mount -t tmpfs tmpfs $overlay_tmp && + touch $overlay_tmp/samizdat-filesystem-is-new + dirs="$overlay_tmp:$dirs" || + { rmdir $overlay_tmp; + panic "mountunionroot: failure creating tmpfs overlay"; } + fi + + mount -t $ufs -o rw,dirs="$dirs" $ufs "$rootmnt" || + panic "mountunionroot: $ufs: mount (dirs=$dirs): error: $?" +} +insertoverlay() # TODO: copy-up and umount tmpfs. MASSIVELY IMPORTANT! +{ + if ! mountpoint -q /overlay; then + # rw-overlay was signalled without a mount on /overlay + # thus, boot with the current tmpfs overlay + mkdir -p /overlay + mount -o move $overlay_tmp /overlay + return 0 + fi + + ufs=$(sed -ne 's?^[^ ]* '"$rootmnt"' \(unionfs\|aufs\) .*?\1?p' /proc/mounts) + + case $ufs in + unionfs) + panic 'insertoverlay: TODO: implement unionfs support' + + mount -o remount,rw,add=/overlay "$rootmnt" || + panic "insertoverlay: remount unionfs (add=/overlay): error: $?" + + #mount -o remount,del=$overlay_tmp && # NO, WRONG, COPY-UP FIRST + #umount $overlay_tmp && rmdir $overlay_tmp + ;; + aufs) + mount -o remount,rw,prepend:/overlay=rw "$rootmnt" || + panic "insertoverlay: remount aufs (prepend:/overlay=rw): error: $?" + + mount -o remount,mod:"$overlay_tmp"=ro+wh "$rootmnt" || + panic "insertoverlay: couldn't set aufs branch read-only: $overlay_tmp" + + # copy everything the user reads (not just writes) to the overlay + # (this is appropriate for CD-ROM but not testing. TODO: enable) + #mount -o remount,coo=all "$rootmnt" + + mkdir -p "$rootmnt"/xino && mount -o move "$overlay_tmp" "$rootmnt"/xino || + panic "insertoverlay: couldn't move mount $overlay_tmp to $rootmnt/xino" + ;; + *) panic "insertoverlay: unrecognized filesystem ($ufs)";; + esac + + bootdone root-mounted +} +AppendIfNoSuchLine() +{ + local filename="$1" + shift + if grep -vqF "$1" < "$filename"; then + printf '%s\n' "$@" >> "$filename" + fi +} +gpg_agent_chroot() +{ + chroot "$rootmnt" sh -c \ + 'export PATH=/usr/local/sbin:/usr/local/bin:$PATH; + killall gpg-agent; + samizdat-gpg-agent; + killall -USR2 samizdat-pinentry;' +} +remove_squashfs_mistakes() +{ + # Workaround for bad samizdat-generated upstream squashfs: + rm -f "$rootmnt"/etc/ipsec.conf + rm -rf "$rootmnt"/etc/samizdat/samizdat-receive-hooks + rm -f "$rootmnt"/etc/adjtime +} +patchroot() +{ + test -e "$rootmnt"/samizdat-filesystem-is-new || return + echo Patching livecd root -- $(date) >> /dev/tty7 + rm -f /dev/console; mknod /dev/console c 4 1 + + remove_squashfs_mistakes + + if [ -e /etc/adjtime -a ! -e "$rootmnt"/etc/adjtime ]; then + cp /etc/adjtime "$rootmnt"/etc/adjtime + fi + + if [ -f "$rootmnt"/cdrom/samizdat/skel.tgz ]; then + chroot "$rootmnt" bin/tar -C / --no-same-owner -zxf /cdrom/samizdat/skel.tgz + fi + chroot "$rootmnt" hostname -F /etc/hostname + + chroot "$rootmnt" update-rc.d samizdat-pids start 15 S + + # We need debian-tor user so that hidden service directory can have the right owner + chroot "$rootmnt" adduser --quiet --system --disabled-password --home /var/lib/tor \ + --no-create-home --shell /bin/bash --group debian-tor + + # TODO: check errors here + chroot "$rootmnt" sh -c \ + 'export PATH=/usr/local/sbin:/usr/local/bin:"$PATH" GNUPGHOME=/gpg/gnupghome verbose=1; + samizdat-receive -v < /cdrom/samizdat/secrets.mime && samizdat-receive -v < /cdrom/samizdat/public.mime' + + for diversion in /etc/kernel/postinst.d/initramfs-tools /etc/init.d/live-boot /sbin/halt; do + chroot "$rootmnt" dpkg-divert --rename --package samizdat --add "$diversion" + done + cp /bin/halt.montecarlo "$rootmnt"/sbin/halt + + if ! [ -f "$rootmnt"/var/lib/dpkg/info/linux-image-"$(uname -r)".list ]; then + chroot "$rootmnt" sh -c \ + 'dpkg --fsys-tarfile /cdrom/samizdat/debs/linux-image-$(uname -r)_*.deb | tar -C / -x; depmod -a' + fi + + # disable some of GRML's many consoles. +# sed -i -e 's/^\([3456789]\|1[012]\):/#\1:/' "$rootmnt"/etc/inittab +# sed -i -e 's/^NUM_CONSOLES=12/NUM_CONSOLES=0/' "$rootmnt"/usr/bin/zsh-login + + # these GRML scripts implement a "sendsigs" which does not respect omit.d + sed -i -e 's/^\(l0:.*\)grml-halt$/\1rc 0/' "$rootmnt"/etc/inittab + sed -i -e 's/^\(l6:.*\)grml-reboot$/\1rc 6/' "$rootmnt"/etc/inittab + chroot "$rootmnt" update-rc.d sendsigs stop 20 0 6 + + echo Done patching livecd root -- $(date) >>/dev/tty7 + rm "$rootmnt"/samizdat-filesystem-is-new +} +movemounts() +{ + # Move mounted filesystems to the root filesystem + while read dev mp rest; do + case "$mp" in + "$rootmnt"|"$rootmnt"/*|/|/proc|/dev|/dev/pts|/sys) continue ;; + /mnt.samizdat.*) + #umount -l "$mp" + target="$rootmnt/media/${dev##*/}" + ;; + /overlay.*) umount -l $mp; continue ;; + *) target="$rootmnt$mp" ;; + esac + mkdir -p "$target" + mount -n -o move "$mp" "$target" + done "$rootmnt$CONSOLE" 2>&1 + panic "exec init failed (init=$init)" +# exec run-init -c "$CONSOLE" "$rootmnt" "$init" "$@" +# panic "exec run-init failed (init=$init)" +} +start_udev() +{ + echo > /proc/sys/kernel/hotplug + mkdir -p /dev/.udev/db/ /dev/.udev/queue/ +# mkdir -p "$LOGBASE"; sh -c "udevd --resolve-names=never --debug >$LOGBASE/udevd."'$$'".log 2>&1" & + udevd --resolve-names=never --daemon + udevadm trigger --action=add +# udevadm settle +} +stop_udev() +{ + for proc in /proc/[0-9]*; do + [ -x $proc/exe ] || continue + [ "$(readlink $proc/exe)" = /sbin/udevd ] && kill ${proc#/proc/} + done + # ignore any failed event because the init script will trigger again all events + nuke /dev/.udev/queue/ +} +killeverything() +{ + # TODO: exempt: interactive shell(s) (AND CHILDREN) (or: anything with + # a tty?), samizdat-agent, fsck(!!), ...? + +# exempt_cmdline="$(printf "sh\0-i\0")" + force= + while true; do + killme= + for proc in /proc/[0-9]*; do + [ $proc != /proc/1 -a $proc != /proc/$$ -a -x $proc/exe ] || continue +# [ "$(cat $proc/cmdline)" != "$exempt_cmdline" ] || continue + read pid tcomm state ppid pgrp sid tty_nr tty_pgrp rest < $proc/stat + [ $tty_nr = 0 ] || continue + killme="$killme ${proc#/proc/}" + done + if [ -n "$killme" ]; then + kill $force $killme + else + break + fi + force=-KILL + done +} diff --git a/old-school/init.shutdown b/old-school/init.shutdown new file mode 100755 index 0000000..6bfce84 --- /dev/null +++ b/old-school/init.shutdown @@ -0,0 +1,30 @@ +#!/bin/sh +read omitpids < /run/sendsigs.omit.d/samizdat +for pid in $omitpids; do + if [ -e /proc/$pid/root ]; then + initroot=/proc/$pid/root + break + fi +done + +warn() { echo "$*" >/dev/console; } +error() { umount /sbin/init; exec /sbin/init; } + +[ -e "$initroot" ] || error + +if [ $$ != 1 ]; then + exec $initroot/init "$@" +else + set -- + for pid in $omitpids; do + set -- "$@" -o $pid + done + if killall5 -15 "$@"; then + sleep 5 + killall5 -9 "$@" + fi + exec <$initroot/dev/console >$initroot/dev/console 2>$initroot/dev/console + exec chroot $initroot umountall.sh + + error +fi diff --git a/old-school/lvm-create.sh b/old-school/lvm-create.sh new file mode 100644 index 0000000..22016f5 --- /dev/null +++ b/old-school/lvm-create.sh @@ -0,0 +1,393 @@ +#!/bin/sh +: ${ROOT_MKFS_CMD:=mkfs.ext4 -q} +: ${ROOT_FS_TYPE:=ext4} + +losetup() { /sbin/losetup "$@"; } + +lvm() +{ + # get rid of warnings from lvm because we are holding open these fds + command lvm "$@" 3>&- 4>&- +} + +luks_secret() +{ + local parms=$-; # this junk keeps set -x from being too annoying + set +x + [ -n "$luks_secret" ] || luks_secret="$(head -c256 /dev/urandom)" + printf %s "$luks_secret" + case $parms in *x*) set -x; set -x ;; esac +} + +mount_squashfs_images() +{ + modprobe squashfs + find_squashfs_root | while read dirname basename; do + [ -n "$dirname" -a -n "$basename" ] || continue + local f="$dirname/$basename" + [ -f "$f" ] || return + local name=${basename%.squashfs} + mkdir -p /squashes/$name + mount -r -o loop "$f" /squashes/$name + done + bootdone squashfs-root +} + +lv_exists() +{ + [ -n "$1" ] && lvm lvs "$1" >/dev/null 2>&1 +} + +floor4() +{ + # Negatives round up, but aren't used. + echo $(($1 / 4 * 4)) +} + +ceil4() +{ + local x="$1" + [ $((x % 4)) -eq 0 ] || x=$((x + 4 - x % 4)) + printf '%d\n' "$x" +} + +vgfree_megs() +{ + local vg="$1" out + out=$(lvm vgs -o pv_free --noheadings --nosuffix --units m "$vg") || return + echo ${out%.*} +} + +init_samizdat_lvs() +{ + local megs_free cdrom_dev cdrom_sectors cdrom_megs root_megs + megs_free=$(vgfree_megs samizdat) || return + cdrom_dev="$(mountpoint_to_dev /cdrom)" || return + cdrom_sectors=$(blockdev --getsz "$cdrom_dev") || return + cdrom_megs=$(ceil4 $(( cdrom_sectors / 2048 ))) + root_megs=$(floor4 $(( megs_free - cdrom_megs ))) + + if [ $root_megs -le 0 ]; then # No room for cdrom mirror. Oh well, charge forward. + root_megs=$megs_free + fi + + lvm lvcreate -Z n -L ${root_megs}m -n root samizdat || return + $ROOT_MKFS_CMD /dev/mapper/samizdat-root || return +} + +mount_aufs_branches() +{ + local new="$1" + + mkdir /overlay + mount -t${ROOT_FS_TYPE} /dev/mapper/samizdat-root /overlay || return + + if [ "$new" ]; then + cp -a /gpg /overlay || return + touch /overlay/samizdat-filesystem-is-new + fi + bootdone rw-overlay + mirror_cdrom || return + mount_squashfs_images || return +} + +init_samizdat() +{ + local imgfile="$1" megs="$2" keyfile="$3" dev + + init_samizdat_vg "$imgfile" "$megs" "$keyfile" || return + init_samizdat_lvs || return + + mount_aufs_branches new +} + +open_samizdat() +{ + open_samizdat_vg "$@" || return + + lvs=$(lvm lvs --separator / samizdat -o vg_name,lv_name --noheadings) || return + lvm lvchange -ay $lvs || return + + mount_aufs_branches +} + +init_samizdat_lodev() +{ + local imgfile="$1" megs=$(ceil4 "$2") + truncate -s ${megs}M "$imgfile" || return + dev=$(losetup -f) && losetup "$dev" "$imgfile" || return + echo "$dev" +} + +open_samizdat_vg() +{ + local imgfile="$1" keyfile="$2" dev + local cryptname=samizdatcrypt + dev=$(losetup -f) && losetup "$dev" "$imgfile" || return + + gpg2 --verify "$keyfile" || return + # The first --decrypt merely strips the signature. The option is + # poorly named for that case. + gpg2 --decrypt "$keyfile" | gpg2 --decrypt | cryptsetup --key-file - luksOpen "$dev" "$cryptname" || return + + [ -b /dev/mapper/"$cryptname" ] || return + +} + +init_samizdat_vg() +{ + local imgfile="$1" megs="$2" keyfile="$3" dev + local cryptname=samizdatcrypt + + dev=$(init_samizdat_lodev "$imgfile" "$megs") || return + + [ ! -b /dev/mapper/"$cryptname" ] || return + + luks_secret >/dev/null + luks_secret | gpg2 --default-recipient-self --encrypt --armor | gpg2 --clearsign --output "$keyfile" || return + + luks_secret | cryptsetup luksFormat "$dev" - || return + cryptsetup luksDump "$dev" >&2 + luks_secret | cryptsetup --key-file - luksOpen "$dev" "$cryptname" || return + + [ -b /dev/mapper/"$cryptname" ] || return + + lvm pvcreate /dev/mapper/"$cryptname" || return + lvm vgcreate samizdat /dev/mapper/"$cryptname" +} + +grow_samizdat_vg_free() +{ + # Grow the samizdat VG sufficiently to ensure it has at least $want_free_megs free. + + local want_free_megs=$(ceil4 "$1") free_megs + free_megs=$(vgfree_megs samizdat) || return + + if [ "$free_megs" -lt "$want_free_megs" ]; then + grow_samizdat_vg $((want_free_megs - free_megs)) || return + fi +} + +majmin() +{ + local dev="$1" major minor + eval $(stat -c 'major=%t minor=%T' "$dev") || return + [ "$major" -a "$minor" ] || return + printf '%d:%d\n' 0x$major 0x$minor +} + +vg_to_pv() +{ + lvm vgs "$1" -o devices --noheadings | + ( + found= multidev= + while read dev; do + dev=${dev%(*} + if [ "$found" -a "$found" != "$dev" ]; then + exit 1 + fi + found=$dev + done + readlink -f "$found" + ) +} + +cryptdev_to_dev() +{ + local dev="$1" majmin + majmin=$(majmin "$dev") || return + set -- /sys/dev/block/$majmin/slaves/* + [ $# = 1 ] || return + + cryptsetup status "$dev" |while read k v; do if [ "$k" = device: ]; then echo $v; break; fi; done +} + +cryptdev_to_backing_file() +{ + local dev="$1" majmin result + majmin="$(majmin "$dev")" || return + set -- /sys/dev/block/$majmin/slaves/* + [ $# = 1 ] || return + read result < "$1"/loop/backing_file || return + printf '%s\n' "$result" +} + +samizdat_backing_file() +{ + local pv + pv=$(vg_to_pv samizdat) && [ "$pv" ] || return + cryptdev_to_backing_file "$pv" +} + +grow_samizdat_lv() +{ + # Increase the size of the specified LV by $megs MB, creating the LV and resizing the VG as necessary. + + local lv_name="$1" megs="$2" stat imgfile freemegs + imgfile=$(samizdat_backing_file) || return + + if lv_exists samizdat/"$lv_name"; then + grow_samizdat_vg_free "$megs" || return + lvm lvresize -r -L +${megs}m samizdat/"$lv_name" || return + else + grow_samizdat_vg_free "$megs" || return + lvm lvcreate -Z n -L ${megs}m -n "$lv_name" samizdat || return + fi +} + +lodev_to_file() +{ + local result majmin dev="$1" + majmin="$(majmin "$dev")" || return + read result < /sys/dev/block/$majmin/loop/backing_file || return + printf '%s' "$result" +} + +grow_samizdat_vg() +{ + # Increase the size of the samizdat VG by $megs MB, resizing the backing file as necessary. + + local megs="$1" cryptdev dev imgfile stat + cryptdev=$(vg_to_pv samizdat) + dev=$(cryptdev_to_dev "$cryptdev") || return + [ -b "$dev" ] || return + + if [ "$(stat -c '%t' "$dev")" = 7 ]; then # this is a loop device + + imgfile=$(lodev_to_file "$dev") || return + stat="$(stat -c 'local du=$((%B*%b)) sz=%s' "$imgfile")" || return + eval "$stat" + stat=$(stat -f -c 'local df=$((%f*%S))' "$imgfile") || return + eval "$stat" + + local min_free_space=30 + if [ $(( df - megs*1024*1024 - sz + du )) -le $((min_free_space * 1024 * 1024)) ]; then + echo 'grow_samizdat_vg: Not enough disk space!' >&2 + return -1 + fi + + truncate -cs +${megs}M "$imgfile" || return + losetup -c "$dev" || return + cryptsetup resize "$cryptdev" || return + lvm pvresize "$cryptdev" || return + + else + echo 'grow_samizdat_vg: Unimplemented!' >&2 + return 1 + + fi +} + +mountpoint_to_dev() +{ + local wantmp="$1" dev mp rest + mountpoint -q "$wantmp" || return + while read dev mp rest; do if [ "$mp" = "$wantmp" ]; then echo "$dev"; return; fi; done < /proc/mounts + return 1 +} + +get_cdrom_sizelimit() +{ + # returns bytes + local dev="$1" sectors + sectors=$(blockdev --getsz "$dev") || return + if dd count=2 if="$dev" bs=2048 skip=$((sectors/4 - 2)) of=/dev/null 2>/dev/null; then + return + else + echo $(((sectors-8)*512)) + fi +} + +mirror_cdrom() +{ + local md_num=55 dev mp rest cdrom_dev sectors + cdrom_dev="$(mountpoint_to_dev /cdrom)" || return + + local lv_name=samizdat/cdrom + local lv_dev=/dev/mapper/samizdat-cdrom + local md_name=/dev/md$md_num + + if [ -b $md_name ]; then + echo "RAID device already exists: '$md_name'; try removing (mdadm -S $md_name) and retry" >&2 + return 1 + fi + + if lv_exists $lv_name.tmp; then + lvm lvchange --available n $lv_name.tmp && lvm lvremove $lv_name.tmp || return + fi + + if lv_exists $lv_name; then + umount /cdrom || return + mount -r "$lv_dev" /cdrom + return + fi + + umount /cdrom || return + + sectors=$(blockdev --getsz "$cdrom_dev") || return + grow_samizdat_lv ${lv_name#samizdat/}.tmp $((sectors / 2 / 1024 + 1)) || return + + # In order to trick mdadm into accepting a read-only device, we need + # to create a (read-write) loopback device. + + # Furthermore, in order to deal with block device errors caused by + # TAO "run-out blocks" we may need to discard the last two 2048-byte + # sectors. + + local cdrom_loopdev sizelimit + cdrom_loopdev=$(losetup -f) || return + sizelimit=$(get_cdrom_sizelimit "$cdrom_dev") + + # Apparently loopdev sizelimit is not respected by linux md. Nor + # blockdev --getsz. Does it even work? Anyway, although this is used + # here redundantly, 'mdadm --size' is used as well. + /sbin/losetup ${sizelimit:+--sizelimit=$sizelimit} "$cdrom_loopdev" "$cdrom_dev" || return + + mdadm --build $md_name ${sizelimit:+--size=$((sizelimit / 1024))} \ + --level=1 --raid-devices=1 --force --write-mostly "$cdrom_loopdev" || return + mdadm -D $md_name >&2 + mdadm --add $md_name $lv_dev.tmp + mdadm -D $md_name >&2 + mdadm --grow $md_name -n 2 + mdadm -D $md_name >&2 + + mount -r $md_name /cdrom || { mount -r "$cdrom_dev" /cdrom; return 1; } + + chpst -P samizdat-cdrom-copy "$md_name" "$lv_name" "$lv_dev" "$cdrom_loopdev" "$cdrom_dev" & + echo "[$$] Launched RAID monitor with pid $!." >&2 +} + +init_gpg() +{ + bootwait samizdat-cdrom + export GNUPGHOME=/gpg/gnupghome + (umask 077; rsync --exclude '/luks-key*' --ignore-existing -rpP /cdrom/samizdat/gpg/ /gpg/) + + if samizdat-password-agent >/var/log/samizdat-password-agent.log 2>&1; then + clear + true + else + false + fi +} + +start_meter() +{ + local startmsg="$*" + (exec >&4 + clear + echo -n $startmsg + set +x + while sleep 2; do + echo -n . + done) & + meterpid=$! +} + +stop_meter() +{ + local endmsg="$*" + kill $meterpid + echo " $endmsg" >&4 +} + diff --git a/old-school/lvm.conf b/old-school/lvm.conf new file mode 100644 index 0000000..0c1289f --- /dev/null +++ b/old-school/lvm.conf @@ -0,0 +1,773 @@ +# This is an example configuration file for the LVM2 system. +# It contains the default settings that would be used if there was no +# /etc/lvm/lvm.conf file. +# +# Refer to 'man lvm.conf' for further information including the file layout. +# +# To put this file in a different directory and override /etc/lvm set +# the environment variable LVM_SYSTEM_DIR before running the tools. +# +# N.B. Take care that each setting only appears once if uncommenting +# example settings in this file. + + +# This section allows you to configure which block devices should +# be used by the LVM system. +devices { + + # Where do you want your volume groups to appear ? + dir = "/dev" + + # An array of directories that contain the device nodes you wish + # to use with LVM2. + scan = [ "/dev" ] + + # If set, the cache of block device nodes with all associated symlinks + # will be constructed out of the existing udev database content. + # This avoids using and opening any inapplicable non-block devices or + # subdirectories found in the device directory. This setting is applied + # to udev-managed device directory only, other directories will be scanned + # fully. LVM2 needs to be compiled with udev support for this setting to + # take effect. N.B. Any device node or symlink not managed by udev in + # udev directory will be ignored with this setting on. + obtain_device_list_from_udev = 1 + + # If several entries in the scanned directories correspond to the + # same block device and the tools need to display a name for device, + # all the pathnames are matched against each item in the following + # list of regular expressions in turn and the first match is used. + preferred_names = [ ] + + # Try to avoid using undescriptive /dev/dm-N names, if present. + # preferred_names = [ "^/dev/mpath/", "^/dev/mapper/mpath", "^/dev/[hs]d" ] + + # A filter that tells LVM2 to only use a restricted set of devices. + # The filter consists of an array of regular expressions. These + # expressions can be delimited by a character of your choice, and + # prefixed with either an 'a' (for accept) or 'r' (for reject). + # The first expression found to match a device name determines if + # the device will be accepted or rejected (ignored). Devices that + # don't match any patterns are accepted. + + # Be careful if there there are symbolic links or multiple filesystem + # entries for the same device as each name is checked separately against + # the list of patterns. The effect is that if the first pattern in the + # list to match a name is an 'a' pattern for any of the names, the device + # is accepted; otherwise if the first pattern in the list to match a name + # is an 'r' pattern for any of the names it is rejected; otherwise it is + # accepted. + + # Don't have more than one filter line active at once: only one gets used. + + # Run vgscan after you change this parameter to ensure that + # the cache file gets regenerated (see below). + # If it doesn't do what you expect, check the output of 'vgscan -vvvv'. + + + # By default we accept every block device: + filter = [ "a/.*/" ] + + # Exclude the cdrom drive + # filter = [ "r|/dev/cdrom|" ] + + # When testing I like to work with just loopback devices: + # filter = [ "a/loop/", "r/.*/" ] + + # Or maybe all loops and ide drives except hdc: + # filter =[ "a|loop|", "r|/dev/hdc|", "a|/dev/ide|", "r|.*|" ] + + # Use anchors if you want to be really specific + # filter = [ "a|^/dev/hda8$|", "r/.*/" ] + + # The results of the filtering are cached on disk to avoid + # rescanning dud devices (which can take a very long time). + # By default this cache is stored in the /etc/lvm/cache directory + # in a file called '.cache'. + # It is safe to delete the contents: the tools regenerate it. + # (The old setting 'cache' is still respected if neither of + # these new ones is present.) + cache_dir = "/run/lvm" + cache_file_prefix = "" + + # You can turn off writing this cache file by setting this to 0. + write_cache_state = 1 + + # Advanced settings. + + # List of pairs of additional acceptable block device types found + # in /proc/devices with maximum (non-zero) number of partitions. + # types = [ "fd", 16 ] + + # If sysfs is mounted (2.6 kernels) restrict device scanning to + # the block devices it believes are valid. + # 1 enables; 0 disables. + sysfs_scan = 1 + + # By default, LVM2 will ignore devices used as component paths + # of device-mapper multipath devices. + # 1 enables; 0 disables. + multipath_component_detection = 1 + + # By default, LVM2 will ignore devices used as components of + # software RAID (md) devices by looking for md superblocks. + # 1 enables; 0 disables. + md_component_detection = 1 + + # By default, if a PV is placed directly upon an md device, LVM2 + # will align its data blocks with the md device's stripe-width. + # 1 enables; 0 disables. + md_chunk_alignment = 1 + + # Default alignment of the start of a data area in MB. If set to 0, + # a value of 64KB will be used. Set to 1 for 1MiB, 2 for 2MiB, etc. + # default_data_alignment = 1 + + # By default, the start of a PV's data area will be a multiple of + # the 'minimum_io_size' or 'optimal_io_size' exposed in sysfs. + # - minimum_io_size - the smallest request the device can perform + # w/o incurring a read-modify-write penalty (e.g. MD's chunk size) + # - optimal_io_size - the device's preferred unit of receiving I/O + # (e.g. MD's stripe width) + # minimum_io_size is used if optimal_io_size is undefined (0). + # If md_chunk_alignment is enabled, that detects the optimal_io_size. + # This setting takes precedence over md_chunk_alignment. + # 1 enables; 0 disables. + data_alignment_detection = 1 + + # Alignment (in KB) of start of data area when creating a new PV. + # md_chunk_alignment and data_alignment_detection are disabled if set. + # Set to 0 for the default alignment (see: data_alignment_default) + # or page size, if larger. + data_alignment = 0 + + # By default, the start of the PV's aligned data area will be shifted by + # the 'alignment_offset' exposed in sysfs. This offset is often 0 but + # may be non-zero; e.g.: certain 4KB sector drives that compensate for + # windows partitioning will have an alignment_offset of 3584 bytes + # (sector 7 is the lowest aligned logical block, the 4KB sectors start + # at LBA -1, and consequently sector 63 is aligned on a 4KB boundary). + # But note that pvcreate --dataalignmentoffset will skip this detection. + # 1 enables; 0 disables. + data_alignment_offset_detection = 1 + + # If, while scanning the system for PVs, LVM2 encounters a device-mapper + # device that has its I/O suspended, it waits for it to become accessible. + # Set this to 1 to skip such devices. This should only be needed + # in recovery situations. + ignore_suspended_devices = 0 + + # During each LVM operation errors received from each device are counted. + # If the counter of a particular device exceeds the limit set here, no + # further I/O is sent to that device for the remainder of the respective + # operation. Setting the parameter to 0 disables the counters altogether. + disable_after_error_count = 0 + + # Allow use of pvcreate --uuid without requiring --restorefile. + require_restorefile_with_uuid = 1 + + # Minimum size (in KB) of block devices which can be used as PVs. + # In a clustered environment all nodes must use the same value. + # Any value smaller than 512KB is ignored. + + # Ignore devices smaller than 2MB such as floppy drives. + pv_min_size = 2048 + + # The original built-in setting was 512 up to and including version 2.02.84. + # pv_min_size = 512 + + # Issue discards to a logical volumes's underlying physical volume(s) when + # the logical volume is no longer using the physical volumes' space (e.g. + # lvremove, lvreduce, etc). Discards inform the storage that a region is + # no longer in use. Storage that supports discards advertise the protocol + # specific way discards should be issued by the kernel (TRIM, UNMAP, or + # WRITE SAME with UNMAP bit set). Not all storage will support or benefit + # from discards but SSDs and thinly provisioned LUNs generally do. If set + # to 1, discards will only be issued if both the storage and kernel provide + # support. + # 1 enables; 0 disables. + issue_discards = 0 +} + +# This section allows you to configure the way in which LVM selects +# free space for its Logical Volumes. +#allocation { +# When searching for free space to extend an LV, the "cling" +# allocation policy will choose space on the same PVs as the last +# segment of the existing LV. If there is insufficient space and a +# list of tags is defined here, it will check whether any of them are +# attached to the PVs concerned and then seek to match those PV tags +# between existing extents and new extents. +# Use the special tag "@*" as a wildcard to match any PV tag. +# +# Example: LVs are mirrored between two sites within a single VG. +# PVs are tagged with either @site1 or @site2 to indicate where +# they are situated. +# +# cling_tag_list = [ "@site1", "@site2" ] +# cling_tag_list = [ "@*" ] +# +# Changes made in version 2.02.85 extended the reach of the 'cling' +# policies to detect more situations where data can be grouped +# onto the same disks. Set this to 0 to revert to the previous +# algorithm. +# +# maximise_cling = 1 +# +# Set to 1 to guarantee that mirror logs will always be placed on +# different PVs from the mirror images. This was the default +# until version 2.02.85. +# +# mirror_logs_require_separate_pvs = 0 +# +# Set to 1 to guarantee that thin pool metadata will always +# be placed on different PVs from the pool data. +# +# thin_pool_metadata_require_separate_pvs = 0 +#} + +# This section that allows you to configure the nature of the +# information that LVM2 reports. +log { + + # Controls the messages sent to stdout or stderr. + # There are three levels of verbosity, 3 being the most verbose. + verbose = 0 + + # Should we send log messages through syslog? + # 1 is yes; 0 is no. + syslog = 1 + + # Should we log error and debug messages to a file? + # By default there is no log file. + #file = "/var/log/lvm2.log" + + # Should we overwrite the log file each time the program is run? + # By default we append. + overwrite = 0 + + # What level of log messages should we send to the log file and/or syslog? + # There are 6 syslog-like log levels currently in use - 2 to 7 inclusive. + # 7 is the most verbose (LOG_DEBUG). + level = 0 + + # Format of output messages + # Whether or not (1 or 0) to indent messages according to their severity + indent = 1 + + # Whether or not (1 or 0) to display the command name on each line output + command_names = 0 + + # A prefix to use before the message text (but after the command name, + # if selected). Default is two spaces, so you can see/grep the severity + # of each message. + prefix = " " + + # To make the messages look similar to the original LVM tools use: + # indent = 0 + # command_names = 1 + # prefix = " -- " + + # Set this if you want log messages during activation. + # Don't use this in low memory situations (can deadlock). + # activation = 0 +} + +# Configuration of metadata backups and archiving. In LVM2 when we +# talk about a 'backup' we mean making a copy of the metadata for the +# *current* system. The 'archive' contains old metadata configurations. +# Backups are stored in a human readeable text format. +backup { + + # Should we maintain a backup of the current metadata configuration ? + # Use 1 for Yes; 0 for No. + # Think very hard before turning this off! + backup = 1 + + # Where shall we keep it ? + # Remember to back up this directory regularly! + backup_dir = "/etc/lvm/backup" + + # Should we maintain an archive of old metadata configurations. + # Use 1 for Yes; 0 for No. + # On by default. Think very hard before turning this off. + archive = 1 + + # Where should archived files go ? + # Remember to back up this directory regularly! + archive_dir = "/etc/lvm/archive" + + # What is the minimum number of archive files you wish to keep ? + retain_min = 10 + + # What is the minimum time you wish to keep an archive file for ? + retain_days = 30 +} + +# Settings for the running LVM2 in shell (readline) mode. +shell { + + # Number of lines of history to store in ~/.lvm_history + history_size = 100 +} + + +# Miscellaneous global LVM2 settings +global { + + # The file creation mask for any files and directories created. + # Interpreted as octal if the first digit is zero. + umask = 077 + + # Allow other users to read the files + #umask = 022 + + # Enabling test mode means that no changes to the on disk metadata + # will be made. Equivalent to having the -t option on every + # command. Defaults to off. + test = 0 + + # Default value for --units argument + units = "h" + + # Since version 2.02.54, the tools distinguish between powers of + # 1024 bytes (e.g. KiB, MiB, GiB) and powers of 1000 bytes (e.g. + # KB, MB, GB). + # If you have scripts that depend on the old behaviour, set this to 0 + # temporarily until you update them. + si_unit_consistency = 1 + + # Whether or not to communicate with the kernel device-mapper. + # Set to 0 if you want to use the tools to manipulate LVM metadata + # without activating any logical volumes. + # If the device-mapper kernel driver is not present in your kernel + # setting this to 0 should suppress the error messages. + activation = 1 + + # If we can't communicate with device-mapper, should we try running + # the LVM1 tools? + # This option only applies to 2.4 kernels and is provided to help you + # switch between device-mapper kernels and LVM1 kernels. + # The LVM1 tools need to be installed with .lvm1 suffices + # e.g. vgscan.lvm1 and they will stop working after you start using + # the new lvm2 on-disk metadata format. + # The default value is set when the tools are built. + # fallback_to_lvm1 = 0 + + # The default metadata format that commands should use - "lvm1" or "lvm2". + # The command line override is -M1 or -M2. + # Defaults to "lvm2". + # format = "lvm2" + + # Location of proc filesystem + proc = "/proc" + + # Type of locking to use. Defaults to local file-based locking (1). + # Turn locking off by setting to 0 (dangerous: risks metadata corruption + # if LVM2 commands get run concurrently). + # Type 2 uses the external shared library locking_library. + # Type 3 uses built-in clustered locking. + # Type 4 uses read-only locking which forbids any operations that might + # change metadata. + locking_type = 1 + + # Set to 0 to fail when a lock request cannot be satisfied immediately. + wait_for_locks = 1 + + # If using external locking (type 2) and initialisation fails, + # with this set to 1 an attempt will be made to use the built-in + # clustered locking. + # If you are using a customised locking_library you should set this to 0. + fallback_to_clustered_locking = 1 + + # If an attempt to initialise type 2 or type 3 locking failed, perhaps + # because cluster components such as clvmd are not running, with this set + # to 1 an attempt will be made to use local file-based locking (type 1). + # If this succeeds, only commands against local volume groups will proceed. + # Volume Groups marked as clustered will be ignored. + fallback_to_local_locking = 1 + + # Local non-LV directory that holds file-based locks while commands are + # in progress. A directory like /tmp that may get wiped on reboot is OK. + locking_dir = "/run/lock/lvm" + + # Whenever there are competing read-only and read-write access requests for + # a volume group's metadata, instead of always granting the read-only + # requests immediately, delay them to allow the read-write requests to be + # serviced. Without this setting, write access may be stalled by a high + # volume of read-only requests. + # NB. This option only affects locking_type = 1 viz. local file-based + # locking. + prioritise_write_locks = 1 + + # Other entries can go here to allow you to load shared libraries + # e.g. if support for LVM1 metadata was compiled as a shared library use + # format_libraries = "liblvm2format1.so" + # Full pathnames can be given. + + # Search this directory first for shared libraries. + # library_dir = "/lib/lvm2" + + # The external locking library to load if locking_type is set to 2. + # locking_library = "liblvm2clusterlock.so" + + # Treat any internal errors as fatal errors, aborting the process that + # encountered the internal error. Please only enable for debugging. + abort_on_internal_errors = 0 + + # Check whether CRC is matching when parsed VG is used multiple times. + # This is useful to catch unexpected internal cached volume group + # structure modification. Please only enable for debugging. + detect_internal_vg_cache_corruption = 0 + + # If set to 1, no operations that change on-disk metadata will be permitted. + # Additionally, read-only commands that encounter metadata in need of repair + # will still be allowed to proceed exactly as if the repair had been + # performed (except for the unchanged vg_seqno). + # Inappropriate use could mess up your system, so seek advice first! + metadata_read_only = 0 + + # 'mirror_segtype_default' defines which segtype will be used when the + # shorthand '-m' option is used for mirroring. The possible options are: + # + # "mirror" - The original RAID1 implementation provided by LVM2/DM. It is + # characterized by a flexible log solution (core, disk, mirrored) + # and by the necessity to block I/O while reconfiguring in the + # event of a failure. Snapshots of this type of RAID1 can be + # problematic. + # + # "raid1" - This implementation leverages MD's RAID1 personality through + # device-mapper. It is characterized by a lack of log options. + # (A log is always allocated for every device and they are placed + # on the same device as the image - no separate devices are + # required.) This mirror implementation does not require I/O + # to be blocked in the kernel in the event of a failure. + # + # Specify the '--type ' option to override this default + # setting. + mirror_segtype_default = "mirror" + + # The default format for displaying LV names in lvdisplay was changed + # in version 2.02.89 to show the LV name and path separately. + # Previously this was always shown as /dev/vgname/lvname even when that + # was never a valid path in the /dev filesystem. + # Set to 1 to reinstate the previous format. + # + # lvdisplay_shows_full_device_path = 0 + + # Whether to use (trust) a running instance of lvmetad. If this is set to + # 0, all commands fall back to the usual scanning mechanisms. When set to 1 + # *and* when lvmetad is running (it is not auto-started), the volume group + # metadata and PV state flags are obtained from the lvmetad instance and no + # scanning is done by the individual commands. In a setup with lvmetad, + # lvmetad udev rules *must* be set up for LVM to work correctly. Without + # proper udev rules, all changes in block device configuration will be + # *ignored* until a manual 'vgscan' is performed. + use_lvmetad = 0 +} + +activation { + # Set to 1 to perform internal checks on the operations issued to + # libdevmapper. Useful for debugging problems with activation. + # Some of the checks may be expensive, so it's best to use this + # only when there seems to be a problem. + checks = 0 + + # Set to 0 to disable udev synchronisation (if compiled into the binaries). + # Processes will not wait for notification from udev. + # They will continue irrespective of any possible udev processing + # in the background. You should only use this if udev is not running + # or has rules that ignore the devices LVM2 creates. + # The command line argument --nodevsync takes precedence over this setting. + # If set to 1 when udev is not running, and there are LVM2 processes + # waiting for udev, run 'dmsetup udevcomplete_all' manually to wake them up. + udev_sync = 1 + + # Set to 0 to disable the udev rules installed by LVM2 (if built with + # --enable-udev_rules). LVM2 will then manage the /dev nodes and symlinks + # for active logical volumes directly itself. + # N.B. Manual intervention may be required if this setting is changed + # while any logical volumes are active. + udev_rules = 1 + + # Set to 1 for LVM2 to verify operations performed by udev. This turns on + # additional checks (and if necessary, repairs) on entries in the device + # directory after udev has completed processing its events. + # Useful for diagnosing problems with LVM2/udev interactions. + verify_udev_operations = 1 + + # If set to 1 and if deactivation of an LV fails, perhaps because + # a process run from a quick udev rule temporarily opened the device, + # retry the operation for a few seconds before failing. + retry_deactivation = 1 + + # How to fill in missing stripes if activating an incomplete volume. + # Using "error" will make inaccessible parts of the device return + # I/O errors on access. You can instead use a device path, in which + # case, that device will be used to in place of missing stripes. + # But note that using anything other than "error" with mirrored + # or snapshotted volumes is likely to result in data corruption. + missing_stripe_filler = "error" + + # The linear target is an optimised version of the striped target + # that only handles a single stripe. Set this to 0 to disable this + # optimisation and always use the striped target. + use_linear_target = 1 + + # How much stack (in KB) to reserve for use while devices suspended + # Prior to version 2.02.89 this used to be set to 256KB + reserved_stack = 64 + + # How much memory (in KB) to reserve for use while devices suspended + reserved_memory = 8192 + + # Nice value used while devices suspended + process_priority = -18 + + # If volume_list is defined, each LV is only activated if there is a + # match against the list. + # "vgname" and "vgname/lvname" are matched exactly. + # "@tag" matches any tag set in the LV or VG. + # "@*" matches if any tag defined on the host is also set in the LV or VG + # + # volume_list = [ "vg1", "vg2/lvol1", "@tag1", "@*" ] + + # If read_only_volume_list is defined, each LV that is to be activated + # is checked against the list, and if it matches, it as activated + # in read-only mode. (This overrides '--permission rw' stored in the + # metadata.) + # "vgname" and "vgname/lvname" are matched exactly. + # "@tag" matches any tag set in the LV or VG. + # "@*" matches if any tag defined on the host is also set in the LV or VG + # + # read_only_volume_list = [ "vg1", "vg2/lvol1", "@tag1", "@*" ] + + # Size (in KB) of each copy operation when mirroring + mirror_region_size = 512 + + # Setting to use when there is no readahead value stored in the metadata. + # + # "none" - Disable readahead. + # "auto" - Use default value chosen by kernel. + readahead = "auto" + + # 'raid_fault_policy' defines how a device failure in a RAID logical + # volume is handled. This includes logical volumes that have the following + # segment types: raid1, raid4, raid5*, and raid6*. + # + # In the event of a failure, the following policies will determine what + # actions are performed during the automated response to failures (when + # dmeventd is monitoring the RAID logical volume) and when 'lvconvert' is + # called manually with the options '--repair' and '--use-policies'. + # + # "warn" - Use the system log to warn the user that a device in the RAID + # logical volume has failed. It is left to the user to run + # 'lvconvert --repair' manually to remove or replace the failed + # device. As long as the number of failed devices does not + # exceed the redundancy of the logical volume (1 device for + # raid4/5, 2 for raid6, etc) the logical volume will remain + # usable. + # + # "allocate" - Attempt to use any extra physical volumes in the volume + # group as spares and replace faulty devices. + # + raid_fault_policy = "warn" + + # 'mirror_image_fault_policy' and 'mirror_log_fault_policy' define + # how a device failure affecting a mirror (of "mirror" segment type) is + # handled. A mirror is composed of mirror images (copies) and a log. + # A disk log ensures that a mirror does not need to be re-synced + # (all copies made the same) every time a machine reboots or crashes. + # + # In the event of a failure, the specified policy will be used to determine + # what happens. This applies to automatic repairs (when the mirror is being + # monitored by dmeventd) and to manual lvconvert --repair when + # --use-policies is given. + # + # "remove" - Simply remove the faulty device and run without it. If + # the log device fails, the mirror would convert to using + # an in-memory log. This means the mirror will not + # remember its sync status across crashes/reboots and + # the entire mirror will be re-synced. If a + # mirror image fails, the mirror will convert to a + # non-mirrored device if there is only one remaining good + # copy. + # + # "allocate" - Remove the faulty device and try to allocate space on + # a new device to be a replacement for the failed device. + # Using this policy for the log is fast and maintains the + # ability to remember sync state through crashes/reboots. + # Using this policy for a mirror device is slow, as it + # requires the mirror to resynchronize the devices, but it + # will preserve the mirror characteristic of the device. + # This policy acts like "remove" if no suitable device and + # space can be allocated for the replacement. + # + # "allocate_anywhere" - Not yet implemented. Useful to place the log device + # temporarily on same physical volume as one of the mirror + # images. This policy is not recommended for mirror devices + # since it would break the redundant nature of the mirror. This + # policy acts like "remove" if no suitable device and space can + # be allocated for the replacement. + + mirror_log_fault_policy = "allocate" + mirror_image_fault_policy = "remove" + + # 'snapshot_autoextend_threshold' and 'snapshot_autoextend_percent' define + # how to handle automatic snapshot extension. The former defines when the + # snapshot should be extended: when its space usage exceeds this many + # percent. The latter defines how much extra space should be allocated for + # the snapshot, in percent of its current size. + # + # For example, if you set snapshot_autoextend_threshold to 70 and + # snapshot_autoextend_percent to 20, whenever a snapshot exceeds 70% usage, + # it will be extended by another 20%. For a 1G snapshot, using up 700M will + # trigger a resize to 1.2G. When the usage exceeds 840M, the snapshot will + # be extended to 1.44G, and so on. + # + # Setting snapshot_autoextend_threshold to 100 disables automatic + # extensions. The minimum value is 50 (A setting below 50 will be treated + # as 50). + + snapshot_autoextend_threshold = 100 + snapshot_autoextend_percent = 20 + + # 'thin_pool_autoextend_threshold' and 'thin_pool_autoextend_percent' define + # how to handle automatic pool extension. The former defines when the + # pool should be extended: when its space usage exceeds this many + # percent. The latter defines how much extra space should be allocated for + # the pool, in percent of its current size. + # + # For example, if you set thin_pool_autoextend_threshold to 70 and + # thin_pool_autoextend_percent to 20, whenever a pool exceeds 70% usage, + # it will be extended by another 20%. For a 1G pool, using up 700M will + # trigger a resize to 1.2G. When the usage exceeds 840M, the pool will + # be extended to 1.44G, and so on. + # + # Setting thin_pool_autoextend_threshold to 100 disables automatic + # extensions. The minimum value is 50 (A setting below 50 will be treated + # as 50). + + thin_pool_autoextend_threshold = 100 + thin_pool_autoextend_percent = 20 + + # Full path of the utility called to check that a thin metadata device + # is in a state that allows it to be used. + # Each time a thin pool needs to be activated, this utility is executed. + # The activation will only proceed if the utility has an exit status of 0. + # Set to "" to skip this check. (Not recommended.) + # The thin tools are available as part of the device-mapper-persistent-data + # package from https://github.com/jthornber/thin-provisioning-tools. + # + thin_check_executable = "/sbin/thin_check -q" + + # While activating devices, I/O to devices being (re)configured is + # suspended, and as a precaution against deadlocks, LVM2 needs to pin + # any memory it is using so it is not paged out. Groups of pages that + # are known not to be accessed during activation need not be pinned + # into memory. Each string listed in this setting is compared against + # each line in /proc/self/maps, and the pages corresponding to any + # lines that match are not pinned. On some systems locale-archive was + # found to make up over 80% of the memory used by the process. + # mlock_filter = [ "locale/locale-archive", "gconv/gconv-modules.cache" ] + + # Set to 1 to revert to the default behaviour prior to version 2.02.62 + # which used mlockall() to pin the whole process's memory while activating + # devices. + use_mlockall = 0 + + # Monitoring is enabled by default when activating logical volumes. + # Set to 0 to disable monitoring or use the --ignoremonitoring option. + monitoring = 0 + + # When pvmove or lvconvert must wait for the kernel to finish + # synchronising or merging data, they check and report progress + # at intervals of this number of seconds. The default is 15 seconds. + # If this is set to 0 and there is only one thing to wait for, there + # are no progress reports, but the process is awoken immediately the + # operation is complete. + polling_interval = 15 +} + + +#################### +# Advanced section # +#################### + +# Metadata settings +# +# metadata { + # Default number of copies of metadata to hold on each PV. 0, 1 or 2. + # You might want to override it from the command line with 0 + # when running pvcreate on new PVs which are to be added to large VGs. + + # pvmetadatacopies = 1 + + # Default number of copies of metadata to maintain for each VG. + # If set to a non-zero value, LVM automatically chooses which of + # the available metadata areas to use to achieve the requested + # number of copies of the VG metadata. If you set a value larger + # than the the total number of metadata areas available then + # metadata is stored in them all. + # The default value of 0 ("unmanaged") disables this automatic + # management and allows you to control which metadata areas + # are used at the individual PV level using 'pvchange + # --metadataignore y/n'. + + # vgmetadatacopies = 0 + + # Approximate default size of on-disk metadata areas in sectors. + # You should increase this if you have large volume groups or + # you want to retain a large on-disk history of your metadata changes. + + # pvmetadatasize = 255 + + # List of directories holding live copies of text format metadata. + # These directories must not be on logical volumes! + # It's possible to use LVM2 with a couple of directories here, + # preferably on different (non-LV) filesystems, and with no other + # on-disk metadata (pvmetadatacopies = 0). Or this can be in + # addition to on-disk metadata areas. + # The feature was originally added to simplify testing and is not + # supported under low memory situations - the machine could lock up. + # + # Never edit any files in these directories by hand unless you + # you are absolutely sure you know what you are doing! Use + # the supplied toolset to make changes (e.g. vgcfgrestore). + + # dirs = [ "/etc/lvm/metadata", "/mnt/disk2/lvm/metadata2" ] +#} + +# Event daemon +# +dmeventd { + # mirror_library is the library used when monitoring a mirror device. + # + # "libdevmapper-event-lvm2mirror.so" attempts to recover from + # failures. It removes failed devices from a volume group and + # reconfigures a mirror as necessary. If no mirror library is + # provided, mirrors are not monitored through dmeventd. + + mirror_library = "libdevmapper-event-lvm2mirror.so" + + # snapshot_library is the library used when monitoring a snapshot device. + # + # "libdevmapper-event-lvm2snapshot.so" monitors the filling of + # snapshots and emits a warning through syslog when the use of + # the snapshot exceeds 80%. The warning is repeated when 85%, 90% and + # 95% of the snapshot is filled. + + snapshot_library = "libdevmapper-event-lvm2snapshot.so" + + # thin_library is the library used when monitoring a thin device. + # + # "libdevmapper-event-lvm2thin.so" monitors the filling of + # pool and emits a warning through syslog when the use of + # the pool exceeds 80%. The warning is repeated when 85%, 90% and + # 95% of the pool is filled. + + thin_library = "libdevmapper-event-lvm2thin.so" + + # Full path of the dmeventd binary. + # + # executable = "/sbin/dmeventd" +} diff --git a/old-school/menu-select b/old-school/menu-select new file mode 100755 index 0000000..0cc0c67 --- /dev/null +++ b/old-school/menu-select @@ -0,0 +1,112 @@ +#!/bin/sh +# usage: +# $0 boot-ram - use memory-only overlay +# $0 boot-new [dev name] [loop file] [megabytes] - create new luks-encrypted overlay +# $0 boot-overwrite [dev name] [loop file] [megabytes] - overwrite with new luks overlay +# $0 boot-luks [dev name] [loop file] - boot existing luks-encrypted overlay +# $0 boot-gpg [key id] [gnupg homedir] [???] - boot any device signed with the key + +. lvm-create.sh +. common.sh +exec 4>&1 +debug_log + +error() +{ + local sleep=3 + + clear >&4 + echo "error -- ${*:-:(}" >&4 + + if [ $sleep -gt 0 ]; then + echo "will try again in $sleep seconds..." >&4 + sleep $sleep + fi + bootmenu do_trigger no_panic + exit +} + +badopts= +fs= +while [ $# -ge 1 ]; do + case $1 in + --fs=*) fs="${1#--fs=}"; shift; continue ;; + --*) echo "error: unknown option $1"; badopts=true; shift; continue ;; + esac + break +done +[ -z "$badopts" ] || error 'usage error' + +[ $# -ge 2 -o "$1" = 'boot-ram' ] || error 'usage error' + +remountrw() +{ + local fs="$1" dev="$2" loopfile="$3" + if [ "$fs" = hfsplus ]; then + mountpoint="/mnt/${dev##*/}" + umount "$dev" || error + fsck.hfsplus -q "$dev" || error + mount -o force "$dev" "$mountpoint" || error + else + mount -o remount,rw "$dev" || error + fi +} + +hwclock_to_system() +{ + local fs="$1" UTC=UTC + case "$fs" in ntfs|vfat) UTC=LOCAL ;; esac + printf '0.0 0 0.0\n0\n%s' $UTC > /etc/adjtime + hwclock --hctosys +} + +case "$1" in + boot-ram) + modprobe squashfs || true + find_squashfs_root | mountsquashes || error + mkdir /overlay || error + mount -t tmpfs tmpfs /overlay || error + mkdir /overlay/gpg || error + ln -s /overlay/gpg /gpg + + init_gpg || error + bootdone squashfs-root rw-overlay + ;; + boot-overwrite|boot-new|boot-luks) + dev="$2" + loopfile="$3" + megs="$4" + + [ "$1" != 'boot-new' -o ! -e "$loopfile" ] || error + + remountrw "$fs" "$dev" "$loopfile" || error + + hwclock_to_system "$fs" + + if [ "$1" = 'boot-overwrite' ]; then + rm "$loopfile" "$loopfile"k + fi + + init_gpg || error + + if [ "$1" = 'boot-luks' ]; then + open_samizdat "$loopfile" "$loopfile"k || error + exit + fi + + start_meter "Allocating ${megs}MB in '$loopfile' on $dev..." + + if init_samizdat "$loopfile" "$megs" "$loopfile"k; then + stop_meter done. + else + stop_meter error! + rm "$loopfile" "$loopfile"k + error + fi + ;; + *) + error "Unimplemented boot command: $*" + ;; +esac + +# vim:ts=2 sw=2 et diff --git a/old-school/samizdat-cdrom-copy b/old-school/samizdat-cdrom-copy new file mode 100755 index 0000000..d4920b9 --- /dev/null +++ b/old-school/samizdat-cdrom-copy @@ -0,0 +1,75 @@ +#!/bin/sh +md_name=$1 +lv_name=$2 +lv_dev=$3 +cdrom_loopdev=$4 +cdrom_dev=$5 + +. lvm-create.sh + +mdadm_wait_remove() +{ + # We should perhaps use mdadm --monitor's RebuildFinished event. + + local dev="$1" disk="$2" tries + if ! mdadm --wait "$dev"; then + tries=1000 + while ! mdadm --detail --test "$dev"; do + [ $tries -gt 0 ] || return 1 + sleep 1 + tries=$((tries-1)) + done + fi + + mdadm "$dev" --fail "$disk" || return 1 + tries=100 + while ! mdadm "$dev" --remove "$disk"; do + [ $tries -gt 0 ] || return 1 + sleep 1 + tries=$((tries-1)) + done + return 0 +} + + +Done() +{ + mdadm --grow "$md_name" -n 1 --force + lvm lvrename "$lv_name".tmp "${lv_name#*/}" + losetup -d "$cdrom_loopdev" + [ -e /etc/mtab ] || ln -sf /proc/mounts /etc/mtab + eject "$cdrom_dev" + echo "[$$] Done." +} + +exec >>/var/log/samizdat-cdrom-copy.log 2>&1 +echo "[$$] Waiting for $cdrom_loopdev ($cdrom_dev) to be removed from $md_name." + +if mdadm_wait_remove "$md_name" "$cdrom_loopdev"; then + Done; +else + echo "[$$] Warning: mdadm_wait_remove() returned $?. Doing manual copy with sg_dd (using continue-on-error)." + mdadm -D "$md_name" + mdadm "$md_name" --fail "$lv_dev".tmp + mdadm -D "$md_name" + mdadm "$md_name" --remove "$lv_dev".tmp + mdadm -D "$md_name" + mdadm /dev/md55 --grow -n1 --force + mdadm -D "$md_name" + + sizelimit=$(get_cdrom_sizelimit "$cdrom_dev") + + if sg_dd bs=2048 ${sizelimit:+count=$((sizelimit/2048))} iflag=coe,coe,coe if="$cdrom_dev" of="$lv_dev".tmp retries=42; then + echo "[$$] sg_dd succeeded." + mdadm "$md_name" --grow -n 2 --assume-clean --add "$lv_dev".tmp + mdadm -D "$md_name" + if mdadm_wait_remove "$md_name" "$cdrom_loopdev"; then + Done; + else + echo "[$$] Error: mdadm_wait_remove() returned $? after sg_dd. Cannot eject CDROM!" + fi + else + echo "[$$] Error: sg_dd returned $?. Cannot eject CDROM!" + fi +fi + diff --git a/old-school/squashfs-size b/old-school/squashfs-size new file mode 100755 index 0000000..74b67d7 --- /dev/null +++ b/old-school/squashfs-size @@ -0,0 +1,88 @@ +#!/bin/sh + +squashfs_size_ratio() +{ + local fn="$1" + #FSIZE="$(stat -c "%s" "$fn")" + word5() { echo $5; } + FSIZE="$(word5 `ls -l "$fn"`)" + echo $(( $FSIZE * 3367 / 1000 )) +} + +squashfs_size_magicdb() +{ + + get() + { + local len=$1 + local off=$2 + local fn="$3" + #local OUT=( $(od -t d$len -N$len -j $off "$fn") ) + #echo "${OUT[1]}" + od -t u$len -N$len -j $off "$fn" | head -n1 | sed 's/.* //' + } + +# getReversedEndian() +# { +# local len=$1 +# local off=$2 +# local fn="$3" +# #local B=( $(od -t x$len -N$len -j $off "$fn") ) +# #B="${B[1]}" +# local B="$(od -t x$len -N$len -j $off "$fn" | head -n1 | cut -d' ' -f2)" +# local D= +# local C=$(( $len * 2 )) +# while [ $C -gt 0 ] +# do +# C=$(( $C - 2 )) +# D="$D${B:$C:2}" +# done +# D="0x$D" +# echo $D +# } + getReversedEndian() + { + local len=$1 + local off=$2 + local fn="$3" + local D= + local C=$len + while [ $C -gt 0 ] + do + C=$(( $C - 1 )) + D="$(od -t x1 -N1 -j $(($off+$C)) "$fn" | head -n1 | cut -d' ' -f2)$D" + done + D=$((0x$D)) + echo $D + } + + + local fn="$1" + + local M=$(get 4 0 "$fn") + local N=$(getReversedEndian 4 0 "$fn") + if [ $M -eq 1936814952 ] + then + # Proper endian. + local get=get + elif [ $N -eq 1936814952 ] + then + # Reversed endian. + local get=getReversedEndian + else + error not squashfs + fi + + local T=$($get 2 28 "$fn") + if [ $T -lt 3 ] + then + local BC=$($get 4 8 "$fn") + else + local BC=$($get 8 63 "$fn") + fi + + echo $BC +} + + +squashfs_size_ratio "$1" diff --git a/old-school/umountall.sh b/old-school/umountall.sh new file mode 100755 index 0000000..bf89838 --- /dev/null +++ b/old-school/umountall.sh @@ -0,0 +1,126 @@ +#!/bin/sh +OPEN_SHELL_BEFORE_SHUTDOWN= + +movemount() { + if mountpoint -q "$1"; then + umount /root/"$1" + else + mkdir -p "$1" + mount --move /root/"$1" "$1" + fi +} + +retry_n_delay() { + local n="$1" delay="$2" + shift 2 + while [ "$n" -gt 0 ]; do "$@" && break; sleep $delay; n=$((n-1)); done +} + +umount_all_novirtual() +{ + # EQUIVALENT: umount -a -t norootfs,nosysfs,noproc,notmpfs,nodevpts,nodevtmpfs + # busyboxy umount does not support -t, therefore: + tac /proc/mounts | { + errors=0 + while read dev mp type opts _; do + case $type in + rootfs|sysfs|proc|tmpfs|devpts|devtmpfs) ;; + *) umount "$mp" || errors=$((errors+1)) ;; + esac + done + return $errors + } +} + +losetup_delete_all() +{ + local f dev + for f in /sys/dev/block/7:*/loop; do + dev=${f#/sys/dev/block/7:} + dev=/dev/loop${dev%%/*} + losetup -d $dev + done +} + +mdadm_stop_all() +{ + for md in /dev/md* /dev/md/*; do + test -b "$md" && mdadm --stop "$md" + done +} + +lvm_deactivate() { lvm lvchange -v -an samizdat 11>&-; } + +killemdead() { + force= pids="$(pidof "$@")" + while [ "$pids" ]; do + kill $force $pids + living= + for p in $pids; do + if [ -e /proc/$p ]; then + living=1 + break + fi + done + [ ! "$living" ] && break + force=-9 + done +} + +specials= movemounts= umounts= +while read dev mp type opts _; do # N.B. order is reversed in variables +case $mp in + /root/dev|/root/proc) + specials="$mp $specials" ;; + /root/sys|/root/cdrom|/root/mnt/*|/root/gpg|/root/overlay|/root/xino|/root/squashes/*) + movemounts="$mp $movemounts" ;; + /root/*) + umounts="$mp $umounts" ;; +esac +done < /proc/mounts + +# Unmount mounts under /root that we didn't put there +while true; do + error=0; success=0 + for m in $umounts; do + if umount $m; then + success=$((success+1)) + else + error=$((error+1)) + fi + done + [ $error = 0 ] && break + [ $success = 0 ] && break +done + +# Move back mounts that we moved +for m in $movemounts; do + movemount "${m#/root}" # TODO: error handling +done + +killemdead gpg-agent samizdat-pinentry + +umount /root/dev +umount /root/proc +ln -sf /proc/mounts /etc/mtab + +umount_all_novirtual +mdadm_stop_all +losetup_delete_all +lvm_deactivate +cryptsetup remove samizdatcrypt +losetup_delete_all +umount_all_novirtual + +if [ "$OPEN_SHELL_BEFORE_SHUTDOWN" ]; then + read cmd < /halt + echo + echo "Remove cdrom and press ctrl-d to run '$cmd'." + /bin/sh -i +fi + +read cmd < /halt && $cmd +sleep 1 + +echo "Error! Starting emergency shell with pid 1." +exec /bin/sh -i diff --git a/old-school/vol_id b/old-school/vol_id new file mode 100755 index 0000000..5cd24a1 --- /dev/null +++ b/old-school/vol_id @@ -0,0 +1,2 @@ +#!/bin/sh +exec blkid -p -o udev "$@" -- cgit v1.2.3