From 153d299a41b9be4e15dab1ca29bb93a74bd2445d Mon Sep 17 00:00:00 2001 From: Andrew Cady Date: Fri, 29 Apr 2016 14:36:26 -0400 Subject: fix paths (in progress) --- src/btrfs-functions.sh | 161 +++++++++ src/btrfs-receive-root.sh | 55 +++ src/btrfs-send-root.sh | 45 +++ src/grub-efi.sh | 50 +++ src/initrd.sh | 36 ++ src/initrd/common.sh | 143 ++++++++ src/initrd/grok-block | 182 ++++++++++ src/initrd/halt.montecarlo | 39 +++ src/initrd/init | 60 ++++ src/initrd/init.functions | 345 ++++++++++++++++++ src/initrd/init.shutdown | 30 ++ src/initrd/loop-layer.sh | 15 + src/initrd/lvm-create.sh | 299 ++++++++++++++++ src/initrd/lvm.conf | 773 +++++++++++++++++++++++++++++++++++++++++ src/initrd/mdadm-dup.sh | 217 ++++++++++++ src/initrd/menu-select | 123 +++++++ src/initrd/samizdat-cdrom-copy | 75 ++++ src/initrd/samizdat-eject.sh | 92 +++++ src/initrd/squashfs-size | 88 +++++ src/initrd/umountall.sh | 126 +++++++ src/initrd/vol_id | 2 + src/keygen.sh | 122 +++++++ src/patchroot.sh | 43 +++ src/qemu.sh | 34 ++ src/samizdat-paths.sh | 5 + src/var.sh | 75 ++++ src/xorriso-layer.sh | 38 ++ src/xorriso-usb.sh | 182 ++++++++++ src/xorriso.sh | 66 ++++ src/xorriso.test-efi.sh | 65 ++++ 30 files changed, 3586 insertions(+) create mode 100644 src/btrfs-functions.sh create mode 100644 src/btrfs-receive-root.sh create mode 100644 src/btrfs-send-root.sh create mode 100755 src/grub-efi.sh create mode 100755 src/initrd.sh create mode 100644 src/initrd/common.sh create mode 100755 src/initrd/grok-block create mode 100755 src/initrd/halt.montecarlo create mode 100755 src/initrd/init create mode 100644 src/initrd/init.functions create mode 100755 src/initrd/init.shutdown create mode 100644 src/initrd/loop-layer.sh create mode 100644 src/initrd/lvm-create.sh create mode 100644 src/initrd/lvm.conf create mode 100644 src/initrd/mdadm-dup.sh create mode 100755 src/initrd/menu-select create mode 100755 src/initrd/samizdat-cdrom-copy create mode 100755 src/initrd/samizdat-eject.sh create mode 100755 src/initrd/squashfs-size create mode 100755 src/initrd/umountall.sh create mode 100755 src/initrd/vol_id create mode 100755 src/keygen.sh create mode 100755 src/patchroot.sh create mode 100755 src/qemu.sh create mode 100644 src/samizdat-paths.sh create mode 100644 src/var.sh create mode 100755 src/xorriso-layer.sh create mode 100644 src/xorriso-usb.sh create mode 100755 src/xorriso.sh create mode 100755 src/xorriso.test-efi.sh (limited to 'src') diff --git a/src/btrfs-functions.sh b/src/btrfs-functions.sh new file mode 100644 index 0000000..b83b94d --- /dev/null +++ b/src/btrfs-functions.sh @@ -0,0 +1,161 @@ +push() +{ + $(ARGS_NE mnt src dst_dir) + + now=$(date +%F.%H%M%S) || die + snap_dir=$mnt/snapshot.$now + prev_dir=$mnt/snapshot.prev + + local BTRFS_RECEIVE_DESTINATION_PATH="$dst_dir" + push_helper true "$snap_dir" "$prev_dir" "$src" local_btrfs_receiver +} + +push_simple() +{ + $(ARGS_NE mnt src dst_dir) + local BTRFS_RECEIVE_DESTINATION_PATH="$dst_dir" + push_helper false "$mnt" "$src" local_btrfs_receiver +} + +sex() +{ + (set -x; "$@") +} + +local_btrfs_receiver() +{ + btrfs receive "$BTRFS_RECEIVE_DESTINATION_PATH" +} + +shellescape() +{ + if [ "$BASH_VERSION" ]; then + printf %q "$1" + else + bash -c 'printf %q "$1"' bash "$1" + fi +} + +remote_btrfs_receiver() +{ + ssh "$BTRFS_RECEIVE_DESTINATION_HOST" -- "btrfs receive $(shellescape "$BTRFS_RECEIVE_DESTINATION_PATH")" +} + +push_helper() +{ + $(ARGS keep_as_prev snap_dir prev_dir src dst_pipe) + $(NONEMPTY keep_as_prev snap_dir src dst_pipe) + + local full_dest rw_dest + + btrfs subvolume snapshot -r "$src" "$snap_dir" || die + + if [ "$prev_dir" -a -d "$prev_dir" ]; then + btrfs send -p "$prev_dir" "$snap_dir" + else + btrfs send "$snap_dir" + fi | "$dst_pipe" || die + + if [ "$dst_pipe" = local_btrfs_receiver ]; then + local dst="$BTRFS_RECEIVE_DESTINATION_PATH" + full_dest=$dst/$(basename "$snap_dir") + rw_dest=$full_dest.rw + btrfs subvolume snapshot "$full_dest" "$rw_dest" || die + btrfs_replace_default_subvolume_with "$rw_dest" + fi + + if $keep_as_prev && [ "$prev_dir" ] + then + # keep the pushed snapshot in order to reuse it on subsequent pushes. + with_dir "$prev_dir" btrfs subvolume delete || die + sex mv "$snap_dir" "$prev_dir" || die + else + btrfs subvolume delete "$snap_dir" + fi +} + +btrfs_mountpoint() +{ + $(ARGS_NE dir) + btrfs filesystem show -m "$dir" >/dev/null 2>&1 +} + +btrfs_get_mountpoint() +{ + $(ARGS_NE dir) + while [ "$dir" -a "$dir" != '.' ]; do + if btrfs_mountpoint "$dir" + then printf '%s\n' "$dir" + return + fi + dir=$(dirname "$dir") + done + false +} + +btrfs_show_default_path() +{ + $(ARGS_NE mp) + local path + mp=$(btrfs_get_mountpoint "$mp") || die # TODO: fix caller? + btrfs_mountpoint "$mp" || die "not a mountpoint: $mp" + path=$(btrfs subvolume get-default "$mp"/|sed -n -e 's/.* path //p') + if [ "$path" ]; then + printf '%s\n' "$mp/$path" + else + printf '%s\n' "$mp" + fi +} + +btrfs_show_default_id() +{ + $(ARGS_NE mp) + local id + mp=$(btrfs_get_mountpoint "$mp") || die # TODO: fix caller? + btrfs_mountpoint "$mp" || die "not a mountpoint: $mp" + id=$(btrfs subvolume get-default "$mp"/|sed -n -e 's/^ID \([^ ]*\) .*/\1/p') + [ "$id" ] || return + echo $id +} + +btrfs_replace_default_subvolume_with() +{ + $(ARGS_NE new_default) + local old_default old_default_id new_default_id + old_default_id=$(btrfs_show_default_id "$new_default") || die + new_default_id=$(btrfs_show_subvolume_id "$new_default") || die + + [ "$new_default_id" = "$old_default_id" ] && return + + if [ "$old_default_id" != 5 ]; then + old_default=$(btrfs_show_default_path "$new_default") || die + else + old_default= + fi + + btrfs subvolume set-default "$new_default_id" "$new_default" || die + + if [ "$old_default" ]; then + btrfs subvolume delete "$old_default" + sex mv "$new_default" "$old_default" + fi +} + +btrfs_show_subvolume_id() +{ + $(ARGS_NE path) + local result + result=$(btrfs subvolume show "$path" | sed -n -e 's/^[ \t]*Subvolume ID:[ \t]*//p; s/.*is toplevel subvolume/5/p') + if [ "$result" ] + then printf '%s\n' "$result" + else false + fi +} + +with_dir() +{ + $(ARGS_NE d) + shift + [ -d "$d" ] || return 0 + "$@" "$d" +} diff --git a/src/btrfs-receive-root.sh b/src/btrfs-receive-root.sh new file mode 100644 index 0000000..f553c2c --- /dev/null +++ b/src/btrfs-receive-root.sh @@ -0,0 +1,55 @@ +#!/bin/sh + +. sami/btrfs-functions.sh +. sami/var.sh + +disable_stdout() { exec 3>&1; exec >&2; } +enable_stdout() { exec >&3; } + +with_stdout() { enable_stdout; "$@"; disable_stdout; } + +create_layer_filesystem() +{ + [ ! -e "$layer_file" ] || return + ! mountpoint "$mountpoint" || return + mkdir -p "$mountpoint" && + sex dd if=/dev/zero of="$layer_file" bs=1M count="$layer_size" && + sex mount -o subvol=/,compress "$seed_file" "$mountpoint" && + layer_dev=$(losetup -f --show "$layer_file") && + sex btrfs device add "$layer_dev" "$mountpoint" && + mount -o rw,remount "$mountpoint" +} + +finish() +{ + local subv_id + sex mv "$mountpoint"/ROOT "$mountpoint"/ROOT.old || return + sex btrfs subvolume snapshot "$mountpoint"/"$receive_subv" "$mountpoint"/ROOT || return + subv_id=$(btrfs_show_subvolume_id "$mountpoint"/ROOT) || return + sex btrfs subvolume set-default "$subv_id" "$mountpoint" || return + sex btrfs subvolume delete "$mountpoint"/ROOT.old || return + umount "$mountpoint" || return + sex btrfstune -S1 "$layer_file" || return + losetup -d "$layer_dev" +} + +set -e +disable_stdout + +receive_dest=$1 +receive_subv=$2 + +[ "$receive_subv" ] +[ "$receive_dest" ] + +mountpoint=$(realpath -m --relative-base=. "$receive_dest") + +seed_file=sami/debian-live-8.4.0-amd64-standard.btrfs +layer_file_FINAL=sami/debian-live-8.4.0-amd64-standard.layer.$receive_subv.btrfs +layer_file=$layer_file_FINAL.part +layer_size=1000 + +create_layer_filesystem +with_stdout sex btrfs receive "$mountpoint" +finish +mv "$layer_file" "$layer_file_FINAL" diff --git a/src/btrfs-send-root.sh b/src/btrfs-send-root.sh new file mode 100644 index 0000000..8a3a513 --- /dev/null +++ b/src/btrfs-send-root.sh @@ -0,0 +1,45 @@ +#!/bin/sh +. samizdat-paths.sh +. var.sh +. btrfs-functions.sh + +rootfs_uuid () +{ + btrfs filesystem show / | sed -ne 's/.*uuid: //p' +} + +remote_btrfs_receiver() +{ +# ssh "$BTRFS_RECEIVE_DESTINATION_HOST" -- "sudo btrfs receive $(shellescape "$BTRFS_RECEIVE_DESTINATION_PATH")" + ssh "$BTRFS_RECEIVE_DESTINATION_HOST" -- \ + "sudo sh sami/btrfs-receive-root.sh $(shellescape "$BTRFS_RECEIVE_DESTINATION_PATH") $(shellescape "$BTRFS_RECEIVE_SUBVOLUME_NAME")" +} + +dummy_receiver() +{ + true +} + +push_remote() +{ + $(ARGS_NE mnt src ssh_dst) + + now=$(date +%F.%H%M%S) || die + snap_dir=$mnt/snapshot.$now + prev_dir=$mnt/SEED + + case "$ssh_dst" in + *:*) ;; + *) return 1;; + esac + local BTRFS_RECEIVE_DESTINATION_PATH="${ssh_dst#*:}" + local BTRFS_RECEIVE_DESTINATION_HOST="${ssh_dst%%:*}" + local BTRFS_RECEIVE_SUBVOLUME_NAME="${snap_dir#$mnt/}" + push_helper false "$snap_dir" "$prev_dir" "$src" remote_btrfs_receiver +} + +ssh_dst=d@fifty.local:sami/test_dest + +mkdir -p /mnt/rootfs || die +mountpoint -q /mnt/rootfs || mount -o subvol=/ UUID=$(rootfs_uuid) /mnt/rootfs || die +push_remote /mnt/rootfs / "$ssh_dst" diff --git a/src/grub-efi.sh b/src/grub-efi.sh new file mode 100755 index 0000000..e2d50f6 --- /dev/null +++ b/src/grub-efi.sh @@ -0,0 +1,50 @@ +#!/bin/sh +. samizdat-paths.sh + +grub_config() +{ + cat </dev/null || true +mkdir -p "${destdir}"/grub/i386-pc/ +cp -r /usr/lib/grub/i386-pc/* "${destdir}"/grub/i386-pc/ +rm "${destdir}"/grub/i386-pc/*.img || true + +grub_config > "${destdir}"/load_cfg +set -x +grub-mkimage -O i386-pc -d /usr/lib/grub/i386-pc/ -o "${destdir}"/core.img -c "${destdir}"/load_cfg --prefix=/grub iso9660 biosdisk +cat /usr/lib/grub/i386-pc/cdboot.img "${destdir}"/core.img > "${destdir}"/grub/i386-pc/eltorito.img +cat /usr/lib/grub/i386-pc/boot.img "${destdir}"/core.img > "${destdir}"/embedded.img + +rm -r "$real_destdir" 2>/dev/null || true +mv -T "$destdir" "$real_destdir" diff --git a/src/initrd.sh b/src/initrd.sh new file mode 100755 index 0000000..8cc8ea1 --- /dev/null +++ b/src/initrd.sh @@ -0,0 +1,36 @@ +#!/bin/sh + +initrd=${samizdat_isolinux_dir}/linux/initrd.img +vmlinuz=${samizdat_isolinux_dir}/linux/vmlinuz + +version=$(uname -r) +version=4.5.0-0.bpo.1-amd64 +conf_dir=initramfs-tools + +apt_dependencies=initrd-dependencies.txt + +find_source_dirs() { + set -- find "$conf_dir" ./old-school "$@" + "$@" +} + +force_rebuild() +{ + touch "$conf_dir" + return 1 +} + +rebuild() +{ + [ ! -f "$apt_dependencies" ] || sudo apt-get install -q=10 --no-upgrade -y $(cat "$apt_dependencies") + + set -ex + cp -f /boot/vmlinuz-${version} "$vmlinuz" + /usr/sbin/mkinitramfs -d "$conf_dir" -o "$initrd" ${version} || force_rebuild +} + +if [ ! -e "$initrd" -o ! -e "$vmlinuz" ]; then + rebuild +elif [ "$(find_source_dirs -newer "$initrd" -print -quit)" ]; then + rebuild +fi diff --git a/src/initrd/common.sh b/src/initrd/common.sh new file mode 100644 index 0000000..4aa8528 --- /dev/null +++ b/src/initrd/common.sh @@ -0,0 +1,143 @@ +#!/bin/sh +REQUIRED_MB=250 # minimum megabytes available to offer install +MENUFIFO=/menu.fifo +DEBUG=y +LOGBASE=/var/log + +debug_log() +{ + if [ -n "$DEBUG" ]; then + if [ -n "$1" ]; then + DEBUG_LOG=$LOGBASE/"$1".$$.log + else + DEBUG_LOG=$LOGBASE/$(basename $0).$$.log + fi + mkdir -p $LOGBASE + exec >>$DEBUG_LOG 2>&1 + set -x + fi +} +addmenu() +{ + cat <>$MENUFIFO # mind the tabs +setItem "$1" "dummy" "$2" "$3" +END +} +menutitle() +{ + printf 'setTitle "%s"\n' "$1" >>$MENUFIFO + printf 'setWelcomeText "%s"\n' "$2" >>$MENUFIFO +} +bootmenu() +{ + local do_trigger="$1" no_panic="$2" + OpenVT -f -c 7 -- dynmenu "$MENUFIFO" && + chvt 7 && + menutitle 'Samizdat\n\nAs the Internet develops there are\ntransitions in the management arrangements.\nThe time has come to take\na small step in one of those transitions.' 'Choose an installation target.' +# menutitle 'Samizdat\nfreedom from surveillance\nno trusted authorities' 'Choose an installation target.' + addmenu "ramdisk" "[ Boot to RAM without installing anything ]" "menu-select boot-ram" + if [ $? != 0 -a ! "$no_panic" ]; then + panic "error loading boot menu! the system won't be usable :(" + fi + if [ "$do_trigger" ]; then + udevadm trigger --subsystem-match=block --action=add + fi +} +find_squashfs_root() +{ + # TODO: "make" puts the correct location in $iso_squashfs_dir. Get + # information into this function! + + bootwait samizdat-cdrom + for dir in /cdrom/live /cdrom/liveos /cdrom/aptosid /cdrom/* + do + [ -d "$dir" ] || continue; + if [ -f "$dir"/filesystem.module ]; then + while read fs; do + [ -f "$dir"/"$fs" ] && echo "$dir" "$fs" + done < "$dir"/filesystem.module + return + fi + done + for fs in /cdrom/live/filesystem.squashfs /cdrom/live/grml-small.squashfs /cdrom/liveos/squashfs.img /cdrom/aptosid/aptosid.* /cdrom/*/*.squashfs + do + if [ -f "$fs" ]; then + echo "${fs%/*}" "${fs##*/}" + break + fi + done +} +xtrace() +{ + case "$-" in + *x*) "$@" ;; + *) set -x; "$@"; set +x ;; + esac +} +sleepcmd() { + local t=$1 + shift + echo "about to run '$*' (in $t)" + sleep $t + "$@" +} +sleep_forever_verbose() { + sleep 4294967295 & + local sleep=$! + warn "sleeping until you kill $sleep..." + wait $sleep +} +warn() { [ -z "$warnings" ] || echo "$@" >&2; } +panic() +{ + set +x + exec /dev/tty1 2>&1 + reset + echo "[p$$] initramfs /init: fatal error: $@" + echo "[p$$] will now exec emergency shell" + export PS1="[p$$ \\w]# " + chvt 1 + exec /bin/sh -i +} +bootwait() +{ + mkdir -p /bootwait + local i=$#; while [ $i -gt 0 ]; do + i=$((i-1)) + local f="$1"; shift; set -- "$@" "/bootwait/$f" + done + wait_for_files "$@" +} +bootdone() +{ + mkdir -p /bootwait + local i=$#; while [ $i -gt 0 ]; do + i=$((i-1)) + local f="$1"; shift; set -- "$@" "/bootwait/$f" + done + touch "$@" +} +my_openvt() +{ + /bin/openvt -c "$@" +} + +# This runs before way before NTP and on a LiveCD we have no +# reason to trust the system clock. +gpg2_nobatch() { GPG_TTY=$(tty) command gpg2 --ignore-time-conflict --ignore-valid-from "$@"; } +gpg2() { gpg2_nobatch --batch "$@"; } + +xcp() { if [ -f "$1" -a ! -f "$2" ]; then cp "$1" "$2"; fi; } + +mountsquashes() +{ + local name dirname basename + while read dirname basename && [ -d "$dirname" -a -f "$dirname/$basename" ]; do + name=${basename%.squashfs} + mkdir -p "/squashes/$name" || return 1 + xcp "$dirname"/filesystem.module /squashes/filesystem.module || return 1 + mountpoint -q "/squashes/$name" || + mount -o ro,loop "$dirname/$basename" "/squashes/$name" || return 1 + done +} + diff --git a/src/initrd/grok-block b/src/initrd/grok-block new file mode 100755 index 0000000..75d5120 --- /dev/null +++ b/src/initrd/grok-block @@ -0,0 +1,182 @@ +#!/bin/sh +. common.sh + +DEVNAME=$1 +case "$DEVNAME" in /dev/loop*|/dev/ram*|/dev/dm-*|/dev/md*|/dev/fd*) exit ;; esac +[ -b "$DEVNAME" ] || exit + +debug_log "grok-block.${DEVNAME##*/}" + +addmenu_choosekey() +{ + dev=$1 + dir=$2 + addmenu "$dev//$dir" \ + "[ Use the GPG key on $dev ]" \ + "menu-select boot-gpg $dev $dir" +} + +addmenu_repairhfs() +{ + local device="$1" + addmenu "$device//reboot" \ + "[ Reboot into Mac OS X in order to repair disk $device ]" \ + "eject /cdrom; sleep 2; reboot -f" + addmenu "$device//fsck" \ + "[ (DANGEROUS) Try to repair errors on $device with fsck.hfsplus ]" \ + "/bin/openvt -sw -- sh -c 'fsck.hfsplus $device && remenu'" +} + +addmenu_chooseroot() +{ + local device="$1" loopfile="$2" + + addmenu "$device//$loopfile" \ + "[ Boot the system on $device${loopfile:+ in file $(basename $loopfile)} ]" \ + "menu-select --fs=$ID_FS_TYPE boot-luks $device ${loopfile:-$device}" +} + +addmenu_makeroot() +{ + local device="$1" loopfile="$2" megs="$3" copy_cdrom="$4" + ( + addmenu "$device//$loopfile" \ + "[ Install Samizdat to $device (in file $(basename $loopfile)) ]" \ + "menu-select --fs=$ID_FS_TYPE boot-new $device $loopfile $megs $copy_cdrom" + ) & +} + +retry_mount() +{ + tries=20 + until mntout="$(mount "$@" 2>&1)" + do + tries=$(( tries - 1 )) + case "$mntout" in + *"Device or resource busy"*) + if [ $tries -le 0 ]; then + warn "mount $@ failed: $mntout" + return 1 + else + sleep 1 + continue + fi + ;; + *) + warn "mount $@ failed: $mntout" + break ;; + esac + done +} + +gpg_verify() +{ + bootwait samizdat-cdrom + gpg2 --lock-never --no-permission-warning --no-auto-check-trustdb --no-options --homedir /cdrom/gnupghome --verify "$1" +} +is_lvm() +{ + for n in 0 1 2 3; do + [ "LVM2 001" = "$(dd if="$1" bs=1 skip=$((512*n+24)) count=8 2>/dev/null)" ] && return 0 + done + return 1 +} + +grok_block() +{ + local mountpoint="/mnt/${DEVNAME##*/}" + + mkdir -p "$mountpoint" + + case "$ID_FS_TYPE" in + ntfs) mount_type='-t ntfs-3g' ;; + "") mount_type= ;; + *) mount_type="-t $ID_FS_TYPE" ;; + esac + + if [ "$ID_FS_TYPE" = hfsplus ] && ! fsck.hfsplus -q "$DEVNAME"; then + (if fsck.hfsplus "$DEVNAME"; then + grok-block "$DEVNAME" + else + addmenu_repairhfs "$DEVNAME" + fi) & + return + fi + + if ! mountpoint -q "$mountpoint"; then + retry_mount $mount_type -o ro "$DEVNAME" "$mountpoint" + fi + + if mountpoint -q "$mountpoint"; then + umount=true + # Device has an unencrypted filesystem on it. + # So we mount it and look for loop-back overlays. + + if [ -d "$mountpoint/samizdat.gpg" ]; then + # check the key somehow? + addmenu_choosekey "$DEVNAME" "$mountpoint/samizdat.gpg" + fi + + N=1; while [ -e "$mountpoint/samizdat.$N" ] + do + if gpg_verify "$mountpoint/samizdat.$N"k; then + addmenu_chooseroot "$DEVNAME" "$mountpoint/samizdat.$N" + # this menu entry chooses the root fs, and should prompt and wait for the matching key + umount=false + fi + N=$((N+1)) + done + + freeblocks=$(stat -f -c %f "$mountpoint") + blocksize=$(stat -f -c %S "$mountpoint") + freemegs=$((freeblocks * blocksize / 1024 / 1024)) + + if [ "$freemegs" -ge 300 ]; then + + umount=false + bootwait samizdat-cdrom + cdromblocks=$(stat -f -c %b /cdrom) + cdromblocksize=$(stat -f -c %S /cdrom) + cdrommegs=$((cdromblocks * cdromblocksize / 1024 / 1024)) + + if [ "$freemegs" -ge "$((cdrommegs * 3))" ]; then + addmenu_makeroot "$DEVNAME" "${mountpoint}/samizdat.$N" "$((cdrommegs * 3))" 1 + elif [ "$freemegs" -ge "$((cdrommegs * 2))" ]; then + addmenu_makeroot "$DEVNAME" "${mountpoint}/samizdat.$N" "$((cdrommegs * 2))" 1 + elif [ "$freemegs" -ge "$cdrommegs" ]; then + addmenu_makeroot "$DEVNAME" "${mountpoint}/samizdat.$N" "$((freemegs / 2))" 0 + else + addmenu_makeroot "$DEVNAME" "${mountpoint}/samizdat.$N" 256 0 + fi + fi + + if $umount; then + umount "$mountpoint" + rmdir "$mountpoint" + fi + else + rmdir "$mountpoint" + fi +} + +# Get me all them nice udev variables +eval "$(PATH=$PATH:/lib/udev vol_id "$DEVNAME" | + sed "s/'/'\\\\''/; s/=\(.*\)/='\1'/" +)" + +CDROM_ID_FS_UUID_ENC='73256269-4002-4e42-adbd-0e49ed1c7438' +CDROM_ID_FS_LABEL_ENC=$(sed 's/ /\\x20/g' /lib/samizdat/vol_id.txt) +if [ "$ID_FS_UUID_ENC" = "$CDROM_ID_FS_UUID_ENC" -o \ + "$ID_FS_LABEL_ENC" = "$CDROM_ID_FS_LABEL_ENC" ] +then + # Recognize and mount the Samizdat + if ! mountpoint -q /cdrom; then + mkdir -p /cdrom + . mdadm-dup.sh + dup_mount_cdrom "$DEVNAME" /cdrom && bootdone samizdat-cdrom + fi +else + grok_block & +fi + +# vim:set et sw=2: diff --git a/src/initrd/halt.montecarlo b/src/initrd/halt.montecarlo new file mode 100755 index 0000000..67dac17 --- /dev/null +++ b/src/initrd/halt.montecarlo @@ -0,0 +1,39 @@ +#!/bin/bash + +cmd=${0##*/} +dashf= +for arg in "$@"; do + case "$arg" in -*f*) dashf=1 ;; esac + case "$arg" in -*p*) [ "$cmd" = halt ] && cmd=poweroff ;; esac +done + +[ "$dashf" ] || exec -a "$0" /sbin/halt.distrib "$@" + +read pids < /run/sendsigs.omit.d/samizdat +for p in $pids; do + if [ -e /proc/$p/root -a ! /proc/$p/root -ef / ]; then + initramfs=/proc/$p/root + break + fi +done + +panic() +{ + set -x + sync + exec -a "$0" /sbin/halt.distrib "$@" +} + +[ "$initramfs" ] || panic + +cp /sbin/init $initramfs/telinit + +# Apparently, linux does not allow a direct bind mount of a file on +# the initramfs. Therefore, copy the file from the initramfs and bind +# mount the copy. + +mount -o remount,exec /run +cp $initramfs/lib/samizdat/init.shutdown /run/ && mount --bind /run/init.shutdown /sbin/init || panic + +echo $cmd -f > $initramfs/halt +$initramfs/telinit u diff --git a/src/initrd/init b/src/initrd/init new file mode 100755 index 0000000..3b62c0a --- /dev/null +++ b/src/initrd/init @@ -0,0 +1,60 @@ +#!/bin/sh +PATH=$PATH:/usr/lib/klibc/bin +#if [ $$ = 1 ]; then +# "$0" "$@" +# exec sh -i +#fi +. init.functions +warnings=y + +debug_log init +mountvirt +klogd -c1 # no kernel messages + +mkdir -p "$LOGBASE" +sh -c "syslogd -O '$LOGBASE'/"'syslogd.$$.log'; +if [ "$DEBUG" != y ]; then + echo 0 > /proc/sys/kernel/printk +fi + +makedev +loadenv + +if [ -x /bin/kmod ]; then + ln -sf /bin/kmod /bin/depmod + /bin/depmod -a +else + depmod -a +fi + +PS1='[$$ \w]# ' my_openvt 8 -- sh -i + +mkfifo "$MENUFIFO" || panic "mkfifo '$MENUFIFO' failed" +bootmenu +mkdir -p /etc/udev/rules.d +cat </etc/udev/rules.d/z00_blockdev_mountroot.rules +ACTION=="add", SUBSYSTEM=="block", RUN+="/bin/grok-block \$env{DEVNAME}" +END + +start_udev +mountunionroot + +bootwait rw-overlay +# killeverything +# nuke /dev/.udev/queue/ +stop_udev +insertoverlay + +movemounts +gpg_agent_chroot +patchroot +clear >/dev/tty1 +chvt 1 +[ -e /do-delay-boot ] && bootwait 'launch-init-ready' +launch_init "$@" + +# unreachable since launch_init will panic on failure +panic 'inconceivable!' +exec >/dev/tty1 2>&1 <&1 +reset +exec sh -i diff --git a/src/initrd/init.functions b/src/initrd/init.functions new file mode 100644 index 0000000..7209b04 --- /dev/null +++ b/src/initrd/init.functions @@ -0,0 +1,345 @@ +#!/bin/sh +. common.sh +mountvirt() +{ + # TODO: simply put these dirs on the initrd itself + mkdir -m 0755 -p /dev /sys /proc /tmp /var /run + mkdir -m 0700 -p /root + + mount -t sysfs -o nodev,noexec,nosuid none /sys + mount -t proc -o nodev,noexec,nosuid none /proc + tmpfs_size="10M" +# [ -f /etc/udev/udev.conf ] && . /etc/udev/udev.conf + mount -t tmpfs -o size=$tmpfs_size,mode=0755 udev /dev + mount -t tmpfs -o size=64M,mode=0755 run /run + mkdir -m 0755 /dev/pts /run/lock + mount -t devpts devpts /dev/pts + ln -s /run /run/lock /var/ +} +makedev() +{ + # TODO: simply put these nodes on the initrd itself + mkdir -m 0755 -p /dev + mknod /dev/null c 1 3 + mknod /dev/zero c 1 5 + mknod /dev/tty c 5 0 + if [ "$FUCK_devconsole" ]; then # FUCK /dev/console + mknod /dev/console c 4 1 # tty1 is console; a saner alternative (TODO: fix shutdown to chvt) + else + mknod /dev/console c 5 1 + fi + for i in 0 1 2 3 4 5 6 7 8; do + mknod /dev/tty${i} c 4 ${i} + done + # TODO: wait for udev? pft. + for i in 0 1 2 3 4 5 6 7; do + mknod /dev/loop${i} b 7 ${i} + done +} +loadenv() +{ + # TODO: filter the wheat from the chaff here; most of this is unused. + # TODO: implement the various boot args + + # Load config files +# export DPKG_ARCH= +# . /conf/arch.conf +# export ROOT= +# . /conf/initramfs.conf +# for conf in conf/conf.d/*; do +# [ -f ${conf} ] && . ${conf} +# done + # Make modprobe quiet + export MODPROBE_OPTIONS="-qb" + # Export constants + export rootmnt=/root + # Export bootparam variables + export init=/sbin/init + export readonly=y + export blacklist= + + # Parse command line options + for x in $(cat /proc/cmdline); do + case $x in + init=*) init=${x#init=} ;; + root=*) + ROOT=${x#root=} + case $ROOT in + LABEL=*) ROOT="/dev/disk/by-label/${ROOT#LABEL=}" ;; + UUID=*) ROOT="/dev/disk/by-uuid/${ROOT#UUID=}" ;; + /dev/nfs) [ -z "${BOOT}" ] && BOOT=nfs ;; + esac + ;; + rootflags=*) ROOTFLAGS="-o ${x#rootflags=}" ;; + rootfstype=*) ROOTFSTYPE="${x#rootfstype=}" ;; + ro) readonly=y ;; + rw) readonly=n ;; + + nfsroot=*) NFSROOT="${x#nfsroot=}" ;; + ip=*) IPOPTS="${x#ip=}" ;; + boot=*) BOOT=${x#boot=} ;; + + resume=*) RESUME="${x#resume=}" ;; + noresume) noresume=y ;; + blacklist=*) blacklist=${x#blacklist=} ;; + + hostname=*) + hostname=${x#hostname=} + hostname "$hostname" + ;; + bootcd_device=*) bootcd_device=${x#bootcd_device=} + mkdir -p /cdrom && + mount -r -t hostfs -o "${bootcd_device#hostfs=}" hostfs /cdrom && + bootdone samizdat-cdrom + ;; + overlay_device=*) overlay_device=${x#overlay_device=} + mkdir -p /overlay && + mount -t hostfs -o "${overlay_device#hostfs=}" hostfs /overlay && + bootdone rw-overlay + ;; + uml_modules=*) uml_modules=${x#uml_modules=} + mount -t hostfs -o "${uml_modules#hostfs=}" hostfs /lib/modules ;; + esac + done + + if [ -z "${noresume}" ]; then + export resume=${RESUME} + else + export noresume + fi +} +mountunionroot() +{ + bootwait samizdat-cdrom squashfs-root + + ufs= + if grep -q aufs /proc/filesystems || modprobe aufs; then + ufs=aufs + elif grep -q unionfs /proc/filesystems || modprobe unionfs; then + ufs=unionfs + fi + + case $ufs in + unionfs) ro=ro;; + aufs) ro=rr;; + *) panic "mountunionroot: unionfs module not found";; + esac + + dirs=; + if [ -f /squashes/filesystem.module ]; then + while read img; do + d=/squashes/"${img%.squashfs}" + mountpoint -q /squashes/"${img%.squashfs}" || continue; + dirs="$d=$ro${dirs:+:$dirs}" + done < /squashes/filesystem.module + else + for d in /squashes/*; do + mountpoint -q "$d" || continue + dirs="$d=$ro${dirs:+:$dirs}" + done + fi + [ -n "$dirs" ] || + panic "no squashes. missing/broken images on cdrom?" + + if true; then +# overlay_tmp=$(mktemp -d /overlay.XXXXXX) && + overlay_tmp=/overlay.$$ && mkdir -p $overlay_tmp && + mount -t tmpfs tmpfs $overlay_tmp && + touch $overlay_tmp/samizdat-filesystem-is-new + dirs="$overlay_tmp:$dirs" || + { rmdir $overlay_tmp; + panic "mountunionroot: failure creating tmpfs overlay"; } + fi + + mount -t $ufs -o rw,dirs="$dirs" $ufs "$rootmnt" || + panic "mountunionroot: $ufs: mount (dirs=$dirs): error: $?" +} +insertoverlay() # TODO: copy-up and umount tmpfs. MASSIVELY IMPORTANT! +{ + if ! mountpoint -q /overlay; then + # rw-overlay was signalled without a mount on /overlay + # thus, boot with the current tmpfs overlay + mkdir -p /overlay + mount -o move $overlay_tmp /overlay + return 0 + fi + + ufs=$(sed -ne 's?^[^ ]* '"$rootmnt"' \(unionfs\|aufs\) .*?\1?p' /proc/mounts) + + case $ufs in + unionfs) + panic 'insertoverlay: TODO: implement unionfs support' + + mount -o remount,rw,add=/overlay "$rootmnt" || + panic "insertoverlay: remount unionfs (add=/overlay): error: $?" + + #mount -o remount,del=$overlay_tmp && # NO, WRONG, COPY-UP FIRST + #umount $overlay_tmp && rmdir $overlay_tmp + ;; + aufs) + mount -o remount,rw,prepend:/overlay=rw "$rootmnt" || + panic "insertoverlay: remount aufs (prepend:/overlay=rw): error: $?" + + mount -o remount,mod:"$overlay_tmp"=ro+wh "$rootmnt" || + panic "insertoverlay: couldn't set aufs branch read-only: $overlay_tmp" + + # copy everything the user reads (not just writes) to the overlay + # (this is appropriate for CD-ROM but not testing. TODO: enable) + #mount -o remount,coo=all "$rootmnt" + + mkdir -p "$rootmnt"/xino && mount -o move "$overlay_tmp" "$rootmnt"/xino || + panic "insertoverlay: couldn't move mount $overlay_tmp to $rootmnt/xino" + ;; + *) panic "insertoverlay: unrecognized filesystem ($ufs)";; + esac + + bootdone root-mounted +} +AppendIfNoSuchLine() +{ + local filename="$1" + shift + if grep -vqF "$1" < "$filename"; then + printf '%s\n' "$@" >> "$filename" + fi +} +gpg_agent_chroot() +{ + chroot "$rootmnt" sh -c \ + 'export PATH=/usr/local/sbin:/usr/local/bin:$PATH; + killall gpg-agent; + samizdat-gpg-agent; + killall -USR2 samizdat-pinentry;' +} +remove_squashfs_mistakes() +{ + # Workaround for bad samizdat-generated upstream squashfs: + rm -f "$rootmnt"/etc/ipsec.conf + rm -rf "$rootmnt"/etc/samizdat/samizdat-receive-hooks + rm -f "$rootmnt"/etc/adjtime +} +patchroot_UNUSED() +{ + test -e "$rootmnt"/samizdat-filesystem-is-new || return + echo Patching livecd root -- $(date) >> /dev/tty7 + rm -f /dev/console; mknod /dev/console c 4 1 + + remove_squashfs_mistakes + + if [ -e /etc/adjtime -a ! -e "$rootmnt"/etc/adjtime ]; then + cp /etc/adjtime "$rootmnt"/etc/adjtime + fi + + if [ -f "$rootmnt"/cdrom/samizdat/skel.tgz ]; then + chroot "$rootmnt" bin/tar -C / --no-same-owner -zxf /cdrom/samizdat/skel.tgz + fi + chroot "$rootmnt" hostname -F /etc/hostname + + chroot "$rootmnt" update-rc.d samizdat-pids start 15 S + + # We need debian-tor user so that hidden service directory can have the right owner + chroot "$rootmnt" adduser --quiet --system --disabled-password --home /var/lib/tor \ + --no-create-home --shell /bin/bash --group debian-tor + + # TODO: check errors here + chroot "$rootmnt" sh -c \ + 'export PATH=/usr/local/sbin:/usr/local/bin:"$PATH" GNUPGHOME=/gpg/gnupghome verbose=1; + samizdat-receive -v < /cdrom/samizdat/secrets.mime && samizdat-receive -v < /cdrom/samizdat/public.mime' + + for diversion in /etc/kernel/postinst.d/initramfs-tools /etc/init.d/live-boot /sbin/halt; do + chroot "$rootmnt" dpkg-divert --rename --package samizdat --add "$diversion" + done + cp /bin/halt.montecarlo "$rootmnt"/sbin/halt + + if ! [ -f "$rootmnt"/var/lib/dpkg/info/linux-image-"$(uname -r)".list ]; then + chroot "$rootmnt" sh -c \ + 'dpkg --fsys-tarfile /cdrom/samizdat/debs/linux-image-$(uname -r)_*.deb | tar -C / -x; depmod -a' + fi + + # disable some of GRML's many consoles. +# sed -i -e 's/^\([3456789]\|1[012]\):/#\1:/' "$rootmnt"/etc/inittab +# sed -i -e 's/^NUM_CONSOLES=12/NUM_CONSOLES=0/' "$rootmnt"/usr/bin/zsh-login + + # these GRML scripts implement a "sendsigs" which does not respect omit.d + sed -i -e 's/^\(l0:.*\)grml-halt$/\1rc 0/' "$rootmnt"/etc/inittab + sed -i -e 's/^\(l6:.*\)grml-reboot$/\1rc 6/' "$rootmnt"/etc/inittab + chroot "$rootmnt" update-rc.d sendsigs stop 20 0 6 + + echo Done patching livecd root -- $(date) >>/dev/tty7 + rm "$rootmnt"/samizdat-filesystem-is-new +} +movemounts() +{ + # Move mounted filesystems to the root filesystem + while read dev mp rest; do + case "$mp" in + "$rootmnt"|"$rootmnt"/*|/|/proc|/dev|/dev/pts|/sys) continue ;; + /mnt.samizdat.*) + #umount -l "$mp" + target="$rootmnt/media/${dev##*/}" + ;; + /overlay.*) umount -l $mp; continue ;; + *) target="$rootmnt$mp" ;; + esac + mkdir -p "$target" + mount -n -o move "$mp" "$target" + done "$rootmnt$CONSOLE" 2>&1 + panic "exec init failed (init=$init)" +# exec run-init -c "$CONSOLE" "$rootmnt" "$init" "$@" +# panic "exec run-init failed (init=$init)" +} +start_udev() +{ + echo > /proc/sys/kernel/hotplug + mkdir -p /dev/.udev/db/ /dev/.udev/queue/ +# mkdir -p "$LOGBASE"; sh -c "udevd --resolve-names=never --debug >$LOGBASE/udevd."'$$'".log 2>&1" & + udevd --resolve-names=never --daemon + udevadm trigger --action=add +# udevadm settle +} +stop_udev() +{ + for proc in /proc/[0-9]*; do + [ -x $proc/exe ] || continue + [ "$(readlink $proc/exe)" = /sbin/udevd ] && kill ${proc#/proc/} + done + # ignore any failed event because the init script will trigger again all events + nuke /dev/.udev/queue/ +} +killeverything() +{ + # TODO: exempt: interactive shell(s) (AND CHILDREN) (or: anything with + # a tty?), samizdat-agent, fsck(!!), ...? + +# exempt_cmdline="$(printf "sh\0-i\0")" + force= + while true; do + killme= + for proc in /proc/[0-9]*; do + [ $proc != /proc/1 -a $proc != /proc/$$ -a -x $proc/exe ] || continue +# [ "$(cat $proc/cmdline)" != "$exempt_cmdline" ] || continue + read pid tcomm state ppid pgrp sid tty_nr tty_pgrp rest < $proc/stat + [ $tty_nr = 0 ] || continue + killme="$killme ${proc#/proc/}" + done + if [ -n "$killme" ]; then + kill $force $killme + else + break + fi + force=-KILL + done +} diff --git a/src/initrd/init.shutdown b/src/initrd/init.shutdown new file mode 100755 index 0000000..6bfce84 --- /dev/null +++ b/src/initrd/init.shutdown @@ -0,0 +1,30 @@ +#!/bin/sh +read omitpids < /run/sendsigs.omit.d/samizdat +for pid in $omitpids; do + if [ -e /proc/$pid/root ]; then + initroot=/proc/$pid/root + break + fi +done + +warn() { echo "$*" >/dev/console; } +error() { umount /sbin/init; exec /sbin/init; } + +[ -e "$initroot" ] || error + +if [ $$ != 1 ]; then + exec $initroot/init "$@" +else + set -- + for pid in $omitpids; do + set -- "$@" -o $pid + done + if killall5 -15 "$@"; then + sleep 5 + killall5 -9 "$@" + fi + exec <$initroot/dev/console >$initroot/dev/console 2>$initroot/dev/console + exec chroot $initroot umountall.sh + + error +fi diff --git a/src/initrd/loop-layer.sh b/src/initrd/loop-layer.sh new file mode 100644 index 0000000..7e08e12 --- /dev/null +++ b/src/initrd/loop-layer.sh @@ -0,0 +1,15 @@ +losetup_snapshot() +{ + local ro_dev rw_dev new_dev_name size persist chunksize + ro_file=$1 + rw_file=$2 + + ro_dev=$(LoSetup -r -f --show "$ro_file") || return + rw_dev=$(LoSetup -f --show "$rw_file") || return + new_dev_name=${ro_dev##*/} + size=$(blockdev --getsz "$ro_dev") || return + persist=p + chunksize=16 + dmsetup create "$new_dev_name" --table "0 $size snapshot $ro_dev $rw_dev $persist $chunksize" || return + echo /dev/mapper/"$new_dev_name" +} diff --git a/src/initrd/lvm-create.sh b/src/initrd/lvm-create.sh new file mode 100644 index 0000000..d4a8bdf --- /dev/null +++ b/src/initrd/lvm-create.sh @@ -0,0 +1,299 @@ +#!/bin/sh + +losetup() { /sbin/losetup "$@"; } + +luks_secret() +{ + local parms=$-; # this junk keeps set -x from being too annoying + set +x + [ -n "$luks_secret" ] || luks_secret="$(head -c256 /dev/urandom)" + printf %s "$luks_secret" + case $parms in *x*) set -x; set -x ;; esac +} + +floor4() +{ + # Negatives round up, but aren't used. + echo $(($1 / 4 * 4)) +} + +ceil4() +{ + local x="$1" + [ $((x % 4)) -eq 0 ] || x=$((x + 4 - x % 4)) + printf '%d\n' "$x" +} + +. loop-layer.sh + +losetup_layers() +{ + bootwait samizdat-cdrom + local fs fs_rw + for fs in /cdrom/rootfs/*.btrfs; do + fs_rw=/"${fs##*/}".rw + dd if=/dev/zero of="$fs_rw" bs=1M count=10 + losetup_snapshot "$fs" "$fs_rw" || return + done +} + +init_samizdat() +{ + local blockdev="$1" imgfile="$2" uuid + + losetup_layers || return + modprobe btrfs || return + btrfs device scan || return + + uuid=$(choose_uuid) || return + [ "$uuid" ] || return + + mount -t btrfs UUID="$uuid" /root || return + + btrfs device add "$blockdev" /root || return + mount -o rw,remount /root || return + samizdat_movemounts "$imgfile" || return + + initialize_root_filesystem || return + + bootdone root-mounted +} + +samizdat_movemounts() +{ + local imgfile="$1" mountpoint + + if [ "$imgfile" ]; then + mountpoint=$(mountpoint_of "$imgfile") || return + mkdir /root/outerfs + mount -o move "$mountpoint" /root/outerfs + fi + mkdir /root/cdrom + mount -o move /cdrom /root/cdrom + mkdir -p /run/initramfs/samizdat/log + cp /var/log/* /run/initramfs/samizdat/log + true +} + +mountpoint_of() +{ + local f="$1" + while ! mountpoint -q "$f"; do + f=$(dirname "$f") + [ "$f" != '.' ] || return 1 + done + printf '%s\n' "$f" +} + +initialize_root_filesystem() +{ + rm -r /root/root + btrfs subvolume create /root/root || return + mv /gpg/gnupghome /root/root/.gnupg || return + + rmdir /root/srv + btrfs subvolume create /root/srv + rm -r /root/var/cache/apt/archives + btrfs subvolume create /root/var/cache/apt/archives || return + + rmdir /root/home + btrfs subvolume create /root/home || return + + [ -x /root/sbin/mdadm ] || cp /sbin/mdadm /root/sbin/ + # Copy these over unconditionally, because they ought to remain in sync with + # the initrd. + cp /bin/mdadm-dup.sh /root/sbin/ + cp /bin/samizdat-eject.sh /root/sbin/ + + sed -i -e 's/^root:x:/root::/' /root/etc/passwd + cp /patchroot/* /root/root/ + + true +} + +# Get the uuid of the filesystem with the most devices, +# excluding filesystems that don't incorporate loop devices. +# This is used to choose the latest seed -- which should have +# the most layers. +choose_uuid() +{ + local seen_loop= seen_uuid= seen_devs= + btrfs filesystem show | + while read line; do + case "$line" in + Label*) + seen_uuid=${line##*uuid: } + seen_devs= + seen_loop= + ;; + *Total\ devices*) + seen_devs=${line#*Total devices } + seen_devs=${seen_devs%% *} + ;; + *path\ /dev/mapper/*) + seen_loop=t;; + esac + [ "$seen_loop" ] && echo "$seen_devs $seen_uuid" + done | + uniq | sort -nr | head -n1 | (read _ x; echo $x) +} + +filesystem_incomplete() +{ + local n + n=$(btrfs filesystem show "$1" | sed -ne 's/.*Total devices \([^ ]*\) .*/\1/p') + [ "$n" != 1 ] +} + +open_samizdat() +{ + local imgfile="$1" keyfile="$2" + open_samizdat_blockdev "$imgfile" "$keyfile" || return + local blockdev=/dev/mapper/samizdatcrypt fs + + # For this part, we don't necessarily need the cdrom. + # Unfortunately the init_gpg code is still getting the GPG key there. + if filesystem_incomplete "$blockdev"; then + losetup_layers + fi + modprobe btrfs || return + btrfs device scan || return + mount -t btrfs "$blockdev" /root || return + samizdat_movemounts "$imgfile" + LoSetup -D + bootdone root-mounted +} + +init_samizdat_lodev() +{ + local imgfile="$1" megs=$(ceil4 "$2") dev + truncate -s ${megs}M "$imgfile" || return + dev=$(losetup -f) && losetup "$dev" "$imgfile" || return + echo "$dev" +} + +open_samizdat_blockdev() +{ + local imgfile="$1" keyfile="$2" dev + local cryptname=samizdatcrypt + dev=$(losetup -f) && losetup "$dev" "$imgfile" || return + + gpg2 --verify "$keyfile" || return + # The first --decrypt merely strips the signature. The option is + # poorly named for that case. + gpg2 --decrypt "$keyfile" | gpg2 --decrypt | cryptsetup --key-file - luksOpen "$dev" "$cryptname" || return + + [ -b /dev/mapper/"$cryptname" ] || return + +} + +init_samizdat_blockdev() +{ + local imgfile="$1" megs="$2" keyfile="$3" dev + local cryptname=samizdatcrypt + + dev=$(init_samizdat_lodev "$imgfile" "$megs") || return + + [ ! -b /dev/mapper/"$cryptname" ] || return + + luks_secret >/dev/null + luks_secret | gpg2 --default-recipient-self --encrypt --armor | gpg2 --clearsign --output "$keyfile" || return + + luks_secret | cryptsetup luksFormat "$dev" - || return + cryptsetup luksDump "$dev" >&2 + luks_secret | cryptsetup --key-file - luksOpen "$dev" "$cryptname" || return + + [ -b /dev/mapper/"$cryptname" ] || return +} + +majmin() +{ + local dev="$1" major minor + eval $(stat -c 'major=%t minor=%T' "$dev") || return + [ "$major" -a "$minor" ] || return + printf '%d:%d\n' 0x$major 0x$minor +} + +cryptdev_to_dev() +{ + local dev="$1" majmin + majmin=$(majmin "$dev") || return + set -- /sys/dev/block/$majmin/slaves/* + [ $# = 1 ] || return + + cryptsetup status "$dev" |while read k v; do if [ "$k" = device: ]; then echo $v; break; fi; done +} + +cryptdev_to_backing_file() +{ + local dev="$1" majmin result + majmin="$(majmin "$dev")" || return + set -- /sys/dev/block/$majmin/slaves/* + [ $# = 1 ] || return + read result < "$1"/loop/backing_file || return + printf '%s\n' "$result" +} + +lodev_to_file() +{ + local result majmin dev="$1" + majmin="$(majmin "$dev")" || return + read result < /sys/dev/block/$majmin/loop/backing_file || return + printf '%s' "$result" +} + +mountpoint_to_dev() +{ + local wantmp="$1" dev mp rest + mountpoint -q "$wantmp" || return + while read dev mp rest; do if [ "$mp" = "$wantmp" ]; then echo "$dev"; return; fi; done < /proc/mounts + return 1 +} + +get_cdrom_sizelimit() +{ + # returns bytes + local dev="$1" sectors + sectors=$(blockdev --getsz "$dev") || return + if dd count=2 if="$dev" bs=2048 skip=$((sectors/4 - 2)) of=/dev/null 2>/dev/null; then + return + else + echo $(((sectors-8)*512)) + fi +} + +init_gpg() +{ + bootwait samizdat-cdrom + export GNUPGHOME=/gpg/gnupghome + mkdir -p "$GNUPGHOME" + (umask 077; rsync --exclude '/luks-key*' --ignore-existing -rpP /cdrom/gnupghome/ "$GNUPGHOME") + + if samizdat-password-agent >/var/log/samizdat-password-agent.log 2>&1; then + clear + true + else + false + fi +} + +start_meter() +{ + local startmsg="$*" + (exec >&4 + clear + echo -n $startmsg + set +x + while sleep 2; do + echo -n . + done) & + meterpid=$! +} + +stop_meter() +{ + local endmsg="$*" + kill $meterpid + echo " $endmsg" >&4 +} + diff --git a/src/initrd/lvm.conf b/src/initrd/lvm.conf new file mode 100644 index 0000000..0c1289f --- /dev/null +++ b/src/initrd/lvm.conf @@ -0,0 +1,773 @@ +# This is an example configuration file for the LVM2 system. +# It contains the default settings that would be used if there was no +# /etc/lvm/lvm.conf file. +# +# Refer to 'man lvm.conf' for further information including the file layout. +# +# To put this file in a different directory and override /etc/lvm set +# the environment variable LVM_SYSTEM_DIR before running the tools. +# +# N.B. Take care that each setting only appears once if uncommenting +# example settings in this file. + + +# This section allows you to configure which block devices should +# be used by the LVM system. +devices { + + # Where do you want your volume groups to appear ? + dir = "/dev" + + # An array of directories that contain the device nodes you wish + # to use with LVM2. + scan = [ "/dev" ] + + # If set, the cache of block device nodes with all associated symlinks + # will be constructed out of the existing udev database content. + # This avoids using and opening any inapplicable non-block devices or + # subdirectories found in the device directory. This setting is applied + # to udev-managed device directory only, other directories will be scanned + # fully. LVM2 needs to be compiled with udev support for this setting to + # take effect. N.B. Any device node or symlink not managed by udev in + # udev directory will be ignored with this setting on. + obtain_device_list_from_udev = 1 + + # If several entries in the scanned directories correspond to the + # same block device and the tools need to display a name for device, + # all the pathnames are matched against each item in the following + # list of regular expressions in turn and the first match is used. + preferred_names = [ ] + + # Try to avoid using undescriptive /dev/dm-N names, if present. + # preferred_names = [ "^/dev/mpath/", "^/dev/mapper/mpath", "^/dev/[hs]d" ] + + # A filter that tells LVM2 to only use a restricted set of devices. + # The filter consists of an array of regular expressions. These + # expressions can be delimited by a character of your choice, and + # prefixed with either an 'a' (for accept) or 'r' (for reject). + # The first expression found to match a device name determines if + # the device will be accepted or rejected (ignored). Devices that + # don't match any patterns are accepted. + + # Be careful if there there are symbolic links or multiple filesystem + # entries for the same device as each name is checked separately against + # the list of patterns. The effect is that if the first pattern in the + # list to match a name is an 'a' pattern for any of the names, the device + # is accepted; otherwise if the first pattern in the list to match a name + # is an 'r' pattern for any of the names it is rejected; otherwise it is + # accepted. + + # Don't have more than one filter line active at once: only one gets used. + + # Run vgscan after you change this parameter to ensure that + # the cache file gets regenerated (see below). + # If it doesn't do what you expect, check the output of 'vgscan -vvvv'. + + + # By default we accept every block device: + filter = [ "a/.*/" ] + + # Exclude the cdrom drive + # filter = [ "r|/dev/cdrom|" ] + + # When testing I like to work with just loopback devices: + # filter = [ "a/loop/", "r/.*/" ] + + # Or maybe all loops and ide drives except hdc: + # filter =[ "a|loop|", "r|/dev/hdc|", "a|/dev/ide|", "r|.*|" ] + + # Use anchors if you want to be really specific + # filter = [ "a|^/dev/hda8$|", "r/.*/" ] + + # The results of the filtering are cached on disk to avoid + # rescanning dud devices (which can take a very long time). + # By default this cache is stored in the /etc/lvm/cache directory + # in a file called '.cache'. + # It is safe to delete the contents: the tools regenerate it. + # (The old setting 'cache' is still respected if neither of + # these new ones is present.) + cache_dir = "/run/lvm" + cache_file_prefix = "" + + # You can turn off writing this cache file by setting this to 0. + write_cache_state = 1 + + # Advanced settings. + + # List of pairs of additional acceptable block device types found + # in /proc/devices with maximum (non-zero) number of partitions. + # types = [ "fd", 16 ] + + # If sysfs is mounted (2.6 kernels) restrict device scanning to + # the block devices it believes are valid. + # 1 enables; 0 disables. + sysfs_scan = 1 + + # By default, LVM2 will ignore devices used as component paths + # of device-mapper multipath devices. + # 1 enables; 0 disables. + multipath_component_detection = 1 + + # By default, LVM2 will ignore devices used as components of + # software RAID (md) devices by looking for md superblocks. + # 1 enables; 0 disables. + md_component_detection = 1 + + # By default, if a PV is placed directly upon an md device, LVM2 + # will align its data blocks with the md device's stripe-width. + # 1 enables; 0 disables. + md_chunk_alignment = 1 + + # Default alignment of the start of a data area in MB. If set to 0, + # a value of 64KB will be used. Set to 1 for 1MiB, 2 for 2MiB, etc. + # default_data_alignment = 1 + + # By default, the start of a PV's data area will be a multiple of + # the 'minimum_io_size' or 'optimal_io_size' exposed in sysfs. + # - minimum_io_size - the smallest request the device can perform + # w/o incurring a read-modify-write penalty (e.g. MD's chunk size) + # - optimal_io_size - the device's preferred unit of receiving I/O + # (e.g. MD's stripe width) + # minimum_io_size is used if optimal_io_size is undefined (0). + # If md_chunk_alignment is enabled, that detects the optimal_io_size. + # This setting takes precedence over md_chunk_alignment. + # 1 enables; 0 disables. + data_alignment_detection = 1 + + # Alignment (in KB) of start of data area when creating a new PV. + # md_chunk_alignment and data_alignment_detection are disabled if set. + # Set to 0 for the default alignment (see: data_alignment_default) + # or page size, if larger. + data_alignment = 0 + + # By default, the start of the PV's aligned data area will be shifted by + # the 'alignment_offset' exposed in sysfs. This offset is often 0 but + # may be non-zero; e.g.: certain 4KB sector drives that compensate for + # windows partitioning will have an alignment_offset of 3584 bytes + # (sector 7 is the lowest aligned logical block, the 4KB sectors start + # at LBA -1, and consequently sector 63 is aligned on a 4KB boundary). + # But note that pvcreate --dataalignmentoffset will skip this detection. + # 1 enables; 0 disables. + data_alignment_offset_detection = 1 + + # If, while scanning the system for PVs, LVM2 encounters a device-mapper + # device that has its I/O suspended, it waits for it to become accessible. + # Set this to 1 to skip such devices. This should only be needed + # in recovery situations. + ignore_suspended_devices = 0 + + # During each LVM operation errors received from each device are counted. + # If the counter of a particular device exceeds the limit set here, no + # further I/O is sent to that device for the remainder of the respective + # operation. Setting the parameter to 0 disables the counters altogether. + disable_after_error_count = 0 + + # Allow use of pvcreate --uuid without requiring --restorefile. + require_restorefile_with_uuid = 1 + + # Minimum size (in KB) of block devices which can be used as PVs. + # In a clustered environment all nodes must use the same value. + # Any value smaller than 512KB is ignored. + + # Ignore devices smaller than 2MB such as floppy drives. + pv_min_size = 2048 + + # The original built-in setting was 512 up to and including version 2.02.84. + # pv_min_size = 512 + + # Issue discards to a logical volumes's underlying physical volume(s) when + # the logical volume is no longer using the physical volumes' space (e.g. + # lvremove, lvreduce, etc). Discards inform the storage that a region is + # no longer in use. Storage that supports discards advertise the protocol + # specific way discards should be issued by the kernel (TRIM, UNMAP, or + # WRITE SAME with UNMAP bit set). Not all storage will support or benefit + # from discards but SSDs and thinly provisioned LUNs generally do. If set + # to 1, discards will only be issued if both the storage and kernel provide + # support. + # 1 enables; 0 disables. + issue_discards = 0 +} + +# This section allows you to configure the way in which LVM selects +# free space for its Logical Volumes. +#allocation { +# When searching for free space to extend an LV, the "cling" +# allocation policy will choose space on the same PVs as the last +# segment of the existing LV. If there is insufficient space and a +# list of tags is defined here, it will check whether any of them are +# attached to the PVs concerned and then seek to match those PV tags +# between existing extents and new extents. +# Use the special tag "@*" as a wildcard to match any PV tag. +# +# Example: LVs are mirrored between two sites within a single VG. +# PVs are tagged with either @site1 or @site2 to indicate where +# they are situated. +# +# cling_tag_list = [ "@site1", "@site2" ] +# cling_tag_list = [ "@*" ] +# +# Changes made in version 2.02.85 extended the reach of the 'cling' +# policies to detect more situations where data can be grouped +# onto the same disks. Set this to 0 to revert to the previous +# algorithm. +# +# maximise_cling = 1 +# +# Set to 1 to guarantee that mirror logs will always be placed on +# different PVs from the mirror images. This was the default +# until version 2.02.85. +# +# mirror_logs_require_separate_pvs = 0 +# +# Set to 1 to guarantee that thin pool metadata will always +# be placed on different PVs from the pool data. +# +# thin_pool_metadata_require_separate_pvs = 0 +#} + +# This section that allows you to configure the nature of the +# information that LVM2 reports. +log { + + # Controls the messages sent to stdout or stderr. + # There are three levels of verbosity, 3 being the most verbose. + verbose = 0 + + # Should we send log messages through syslog? + # 1 is yes; 0 is no. + syslog = 1 + + # Should we log error and debug messages to a file? + # By default there is no log file. + #file = "/var/log/lvm2.log" + + # Should we overwrite the log file each time the program is run? + # By default we append. + overwrite = 0 + + # What level of log messages should we send to the log file and/or syslog? + # There are 6 syslog-like log levels currently in use - 2 to 7 inclusive. + # 7 is the most verbose (LOG_DEBUG). + level = 0 + + # Format of output messages + # Whether or not (1 or 0) to indent messages according to their severity + indent = 1 + + # Whether or not (1 or 0) to display the command name on each line output + command_names = 0 + + # A prefix to use before the message text (but after the command name, + # if selected). Default is two spaces, so you can see/grep the severity + # of each message. + prefix = " " + + # To make the messages look similar to the original LVM tools use: + # indent = 0 + # command_names = 1 + # prefix = " -- " + + # Set this if you want log messages during activation. + # Don't use this in low memory situations (can deadlock). + # activation = 0 +} + +# Configuration of metadata backups and archiving. In LVM2 when we +# talk about a 'backup' we mean making a copy of the metadata for the +# *current* system. The 'archive' contains old metadata configurations. +# Backups are stored in a human readeable text format. +backup { + + # Should we maintain a backup of the current metadata configuration ? + # Use 1 for Yes; 0 for No. + # Think very hard before turning this off! + backup = 1 + + # Where shall we keep it ? + # Remember to back up this directory regularly! + backup_dir = "/etc/lvm/backup" + + # Should we maintain an archive of old metadata configurations. + # Use 1 for Yes; 0 for No. + # On by default. Think very hard before turning this off. + archive = 1 + + # Where should archived files go ? + # Remember to back up this directory regularly! + archive_dir = "/etc/lvm/archive" + + # What is the minimum number of archive files you wish to keep ? + retain_min = 10 + + # What is the minimum time you wish to keep an archive file for ? + retain_days = 30 +} + +# Settings for the running LVM2 in shell (readline) mode. +shell { + + # Number of lines of history to store in ~/.lvm_history + history_size = 100 +} + + +# Miscellaneous global LVM2 settings +global { + + # The file creation mask for any files and directories created. + # Interpreted as octal if the first digit is zero. + umask = 077 + + # Allow other users to read the files + #umask = 022 + + # Enabling test mode means that no changes to the on disk metadata + # will be made. Equivalent to having the -t option on every + # command. Defaults to off. + test = 0 + + # Default value for --units argument + units = "h" + + # Since version 2.02.54, the tools distinguish between powers of + # 1024 bytes (e.g. KiB, MiB, GiB) and powers of 1000 bytes (e.g. + # KB, MB, GB). + # If you have scripts that depend on the old behaviour, set this to 0 + # temporarily until you update them. + si_unit_consistency = 1 + + # Whether or not to communicate with the kernel device-mapper. + # Set to 0 if you want to use the tools to manipulate LVM metadata + # without activating any logical volumes. + # If the device-mapper kernel driver is not present in your kernel + # setting this to 0 should suppress the error messages. + activation = 1 + + # If we can't communicate with device-mapper, should we try running + # the LVM1 tools? + # This option only applies to 2.4 kernels and is provided to help you + # switch between device-mapper kernels and LVM1 kernels. + # The LVM1 tools need to be installed with .lvm1 suffices + # e.g. vgscan.lvm1 and they will stop working after you start using + # the new lvm2 on-disk metadata format. + # The default value is set when the tools are built. + # fallback_to_lvm1 = 0 + + # The default metadata format that commands should use - "lvm1" or "lvm2". + # The command line override is -M1 or -M2. + # Defaults to "lvm2". + # format = "lvm2" + + # Location of proc filesystem + proc = "/proc" + + # Type of locking to use. Defaults to local file-based locking (1). + # Turn locking off by setting to 0 (dangerous: risks metadata corruption + # if LVM2 commands get run concurrently). + # Type 2 uses the external shared library locking_library. + # Type 3 uses built-in clustered locking. + # Type 4 uses read-only locking which forbids any operations that might + # change metadata. + locking_type = 1 + + # Set to 0 to fail when a lock request cannot be satisfied immediately. + wait_for_locks = 1 + + # If using external locking (type 2) and initialisation fails, + # with this set to 1 an attempt will be made to use the built-in + # clustered locking. + # If you are using a customised locking_library you should set this to 0. + fallback_to_clustered_locking = 1 + + # If an attempt to initialise type 2 or type 3 locking failed, perhaps + # because cluster components such as clvmd are not running, with this set + # to 1 an attempt will be made to use local file-based locking (type 1). + # If this succeeds, only commands against local volume groups will proceed. + # Volume Groups marked as clustered will be ignored. + fallback_to_local_locking = 1 + + # Local non-LV directory that holds file-based locks while commands are + # in progress. A directory like /tmp that may get wiped on reboot is OK. + locking_dir = "/run/lock/lvm" + + # Whenever there are competing read-only and read-write access requests for + # a volume group's metadata, instead of always granting the read-only + # requests immediately, delay them to allow the read-write requests to be + # serviced. Without this setting, write access may be stalled by a high + # volume of read-only requests. + # NB. This option only affects locking_type = 1 viz. local file-based + # locking. + prioritise_write_locks = 1 + + # Other entries can go here to allow you to load shared libraries + # e.g. if support for LVM1 metadata was compiled as a shared library use + # format_libraries = "liblvm2format1.so" + # Full pathnames can be given. + + # Search this directory first for shared libraries. + # library_dir = "/lib/lvm2" + + # The external locking library to load if locking_type is set to 2. + # locking_library = "liblvm2clusterlock.so" + + # Treat any internal errors as fatal errors, aborting the process that + # encountered the internal error. Please only enable for debugging. + abort_on_internal_errors = 0 + + # Check whether CRC is matching when parsed VG is used multiple times. + # This is useful to catch unexpected internal cached volume group + # structure modification. Please only enable for debugging. + detect_internal_vg_cache_corruption = 0 + + # If set to 1, no operations that change on-disk metadata will be permitted. + # Additionally, read-only commands that encounter metadata in need of repair + # will still be allowed to proceed exactly as if the repair had been + # performed (except for the unchanged vg_seqno). + # Inappropriate use could mess up your system, so seek advice first! + metadata_read_only = 0 + + # 'mirror_segtype_default' defines which segtype will be used when the + # shorthand '-m' option is used for mirroring. The possible options are: + # + # "mirror" - The original RAID1 implementation provided by LVM2/DM. It is + # characterized by a flexible log solution (core, disk, mirrored) + # and by the necessity to block I/O while reconfiguring in the + # event of a failure. Snapshots of this type of RAID1 can be + # problematic. + # + # "raid1" - This implementation leverages MD's RAID1 personality through + # device-mapper. It is characterized by a lack of log options. + # (A log is always allocated for every device and they are placed + # on the same device as the image - no separate devices are + # required.) This mirror implementation does not require I/O + # to be blocked in the kernel in the event of a failure. + # + # Specify the '--type ' option to override this default + # setting. + mirror_segtype_default = "mirror" + + # The default format for displaying LV names in lvdisplay was changed + # in version 2.02.89 to show the LV name and path separately. + # Previously this was always shown as /dev/vgname/lvname even when that + # was never a valid path in the /dev filesystem. + # Set to 1 to reinstate the previous format. + # + # lvdisplay_shows_full_device_path = 0 + + # Whether to use (trust) a running instance of lvmetad. If this is set to + # 0, all commands fall back to the usual scanning mechanisms. When set to 1 + # *and* when lvmetad is running (it is not auto-started), the volume group + # metadata and PV state flags are obtained from the lvmetad instance and no + # scanning is done by the individual commands. In a setup with lvmetad, + # lvmetad udev rules *must* be set up for LVM to work correctly. Without + # proper udev rules, all changes in block device configuration will be + # *ignored* until a manual 'vgscan' is performed. + use_lvmetad = 0 +} + +activation { + # Set to 1 to perform internal checks on the operations issued to + # libdevmapper. Useful for debugging problems with activation. + # Some of the checks may be expensive, so it's best to use this + # only when there seems to be a problem. + checks = 0 + + # Set to 0 to disable udev synchronisation (if compiled into the binaries). + # Processes will not wait for notification from udev. + # They will continue irrespective of any possible udev processing + # in the background. You should only use this if udev is not running + # or has rules that ignore the devices LVM2 creates. + # The command line argument --nodevsync takes precedence over this setting. + # If set to 1 when udev is not running, and there are LVM2 processes + # waiting for udev, run 'dmsetup udevcomplete_all' manually to wake them up. + udev_sync = 1 + + # Set to 0 to disable the udev rules installed by LVM2 (if built with + # --enable-udev_rules). LVM2 will then manage the /dev nodes and symlinks + # for active logical volumes directly itself. + # N.B. Manual intervention may be required if this setting is changed + # while any logical volumes are active. + udev_rules = 1 + + # Set to 1 for LVM2 to verify operations performed by udev. This turns on + # additional checks (and if necessary, repairs) on entries in the device + # directory after udev has completed processing its events. + # Useful for diagnosing problems with LVM2/udev interactions. + verify_udev_operations = 1 + + # If set to 1 and if deactivation of an LV fails, perhaps because + # a process run from a quick udev rule temporarily opened the device, + # retry the operation for a few seconds before failing. + retry_deactivation = 1 + + # How to fill in missing stripes if activating an incomplete volume. + # Using "error" will make inaccessible parts of the device return + # I/O errors on access. You can instead use a device path, in which + # case, that device will be used to in place of missing stripes. + # But note that using anything other than "error" with mirrored + # or snapshotted volumes is likely to result in data corruption. + missing_stripe_filler = "error" + + # The linear target is an optimised version of the striped target + # that only handles a single stripe. Set this to 0 to disable this + # optimisation and always use the striped target. + use_linear_target = 1 + + # How much stack (in KB) to reserve for use while devices suspended + # Prior to version 2.02.89 this used to be set to 256KB + reserved_stack = 64 + + # How much memory (in KB) to reserve for use while devices suspended + reserved_memory = 8192 + + # Nice value used while devices suspended + process_priority = -18 + + # If volume_list is defined, each LV is only activated if there is a + # match against the list. + # "vgname" and "vgname/lvname" are matched exactly. + # "@tag" matches any tag set in the LV or VG. + # "@*" matches if any tag defined on the host is also set in the LV or VG + # + # volume_list = [ "vg1", "vg2/lvol1", "@tag1", "@*" ] + + # If read_only_volume_list is defined, each LV that is to be activated + # is checked against the list, and if it matches, it as activated + # in read-only mode. (This overrides '--permission rw' stored in the + # metadata.) + # "vgname" and "vgname/lvname" are matched exactly. + # "@tag" matches any tag set in the LV or VG. + # "@*" matches if any tag defined on the host is also set in the LV or VG + # + # read_only_volume_list = [ "vg1", "vg2/lvol1", "@tag1", "@*" ] + + # Size (in KB) of each copy operation when mirroring + mirror_region_size = 512 + + # Setting to use when there is no readahead value stored in the metadata. + # + # "none" - Disable readahead. + # "auto" - Use default value chosen by kernel. + readahead = "auto" + + # 'raid_fault_policy' defines how a device failure in a RAID logical + # volume is handled. This includes logical volumes that have the following + # segment types: raid1, raid4, raid5*, and raid6*. + # + # In the event of a failure, the following policies will determine what + # actions are performed during the automated response to failures (when + # dmeventd is monitoring the RAID logical volume) and when 'lvconvert' is + # called manually with the options '--repair' and '--use-policies'. + # + # "warn" - Use the system log to warn the user that a device in the RAID + # logical volume has failed. It is left to the user to run + # 'lvconvert --repair' manually to remove or replace the failed + # device. As long as the number of failed devices does not + # exceed the redundancy of the logical volume (1 device for + # raid4/5, 2 for raid6, etc) the logical volume will remain + # usable. + # + # "allocate" - Attempt to use any extra physical volumes in the volume + # group as spares and replace faulty devices. + # + raid_fault_policy = "warn" + + # 'mirror_image_fault_policy' and 'mirror_log_fault_policy' define + # how a device failure affecting a mirror (of "mirror" segment type) is + # handled. A mirror is composed of mirror images (copies) and a log. + # A disk log ensures that a mirror does not need to be re-synced + # (all copies made the same) every time a machine reboots or crashes. + # + # In the event of a failure, the specified policy will be used to determine + # what happens. This applies to automatic repairs (when the mirror is being + # monitored by dmeventd) and to manual lvconvert --repair when + # --use-policies is given. + # + # "remove" - Simply remove the faulty device and run without it. If + # the log device fails, the mirror would convert to using + # an in-memory log. This means the mirror will not + # remember its sync status across crashes/reboots and + # the entire mirror will be re-synced. If a + # mirror image fails, the mirror will convert to a + # non-mirrored device if there is only one remaining good + # copy. + # + # "allocate" - Remove the faulty device and try to allocate space on + # a new device to be a replacement for the failed device. + # Using this policy for the log is fast and maintains the + # ability to remember sync state through crashes/reboots. + # Using this policy for a mirror device is slow, as it + # requires the mirror to resynchronize the devices, but it + # will preserve the mirror characteristic of the device. + # This policy acts like "remove" if no suitable device and + # space can be allocated for the replacement. + # + # "allocate_anywhere" - Not yet implemented. Useful to place the log device + # temporarily on same physical volume as one of the mirror + # images. This policy is not recommended for mirror devices + # since it would break the redundant nature of the mirror. This + # policy acts like "remove" if no suitable device and space can + # be allocated for the replacement. + + mirror_log_fault_policy = "allocate" + mirror_image_fault_policy = "remove" + + # 'snapshot_autoextend_threshold' and 'snapshot_autoextend_percent' define + # how to handle automatic snapshot extension. The former defines when the + # snapshot should be extended: when its space usage exceeds this many + # percent. The latter defines how much extra space should be allocated for + # the snapshot, in percent of its current size. + # + # For example, if you set snapshot_autoextend_threshold to 70 and + # snapshot_autoextend_percent to 20, whenever a snapshot exceeds 70% usage, + # it will be extended by another 20%. For a 1G snapshot, using up 700M will + # trigger a resize to 1.2G. When the usage exceeds 840M, the snapshot will + # be extended to 1.44G, and so on. + # + # Setting snapshot_autoextend_threshold to 100 disables automatic + # extensions. The minimum value is 50 (A setting below 50 will be treated + # as 50). + + snapshot_autoextend_threshold = 100 + snapshot_autoextend_percent = 20 + + # 'thin_pool_autoextend_threshold' and 'thin_pool_autoextend_percent' define + # how to handle automatic pool extension. The former defines when the + # pool should be extended: when its space usage exceeds this many + # percent. The latter defines how much extra space should be allocated for + # the pool, in percent of its current size. + # + # For example, if you set thin_pool_autoextend_threshold to 70 and + # thin_pool_autoextend_percent to 20, whenever a pool exceeds 70% usage, + # it will be extended by another 20%. For a 1G pool, using up 700M will + # trigger a resize to 1.2G. When the usage exceeds 840M, the pool will + # be extended to 1.44G, and so on. + # + # Setting thin_pool_autoextend_threshold to 100 disables automatic + # extensions. The minimum value is 50 (A setting below 50 will be treated + # as 50). + + thin_pool_autoextend_threshold = 100 + thin_pool_autoextend_percent = 20 + + # Full path of the utility called to check that a thin metadata device + # is in a state that allows it to be used. + # Each time a thin pool needs to be activated, this utility is executed. + # The activation will only proceed if the utility has an exit status of 0. + # Set to "" to skip this check. (Not recommended.) + # The thin tools are available as part of the device-mapper-persistent-data + # package from https://github.com/jthornber/thin-provisioning-tools. + # + thin_check_executable = "/sbin/thin_check -q" + + # While activating devices, I/O to devices being (re)configured is + # suspended, and as a precaution against deadlocks, LVM2 needs to pin + # any memory it is using so it is not paged out. Groups of pages that + # are known not to be accessed during activation need not be pinned + # into memory. Each string listed in this setting is compared against + # each line in /proc/self/maps, and the pages corresponding to any + # lines that match are not pinned. On some systems locale-archive was + # found to make up over 80% of the memory used by the process. + # mlock_filter = [ "locale/locale-archive", "gconv/gconv-modules.cache" ] + + # Set to 1 to revert to the default behaviour prior to version 2.02.62 + # which used mlockall() to pin the whole process's memory while activating + # devices. + use_mlockall = 0 + + # Monitoring is enabled by default when activating logical volumes. + # Set to 0 to disable monitoring or use the --ignoremonitoring option. + monitoring = 0 + + # When pvmove or lvconvert must wait for the kernel to finish + # synchronising or merging data, they check and report progress + # at intervals of this number of seconds. The default is 15 seconds. + # If this is set to 0 and there is only one thing to wait for, there + # are no progress reports, but the process is awoken immediately the + # operation is complete. + polling_interval = 15 +} + + +#################### +# Advanced section # +#################### + +# Metadata settings +# +# metadata { + # Default number of copies of metadata to hold on each PV. 0, 1 or 2. + # You might want to override it from the command line with 0 + # when running pvcreate on new PVs which are to be added to large VGs. + + # pvmetadatacopies = 1 + + # Default number of copies of metadata to maintain for each VG. + # If set to a non-zero value, LVM automatically chooses which of + # the available metadata areas to use to achieve the requested + # number of copies of the VG metadata. If you set a value larger + # than the the total number of metadata areas available then + # metadata is stored in them all. + # The default value of 0 ("unmanaged") disables this automatic + # management and allows you to control which metadata areas + # are used at the individual PV level using 'pvchange + # --metadataignore y/n'. + + # vgmetadatacopies = 0 + + # Approximate default size of on-disk metadata areas in sectors. + # You should increase this if you have large volume groups or + # you want to retain a large on-disk history of your metadata changes. + + # pvmetadatasize = 255 + + # List of directories holding live copies of text format metadata. + # These directories must not be on logical volumes! + # It's possible to use LVM2 with a couple of directories here, + # preferably on different (non-LV) filesystems, and with no other + # on-disk metadata (pvmetadatacopies = 0). Or this can be in + # addition to on-disk metadata areas. + # The feature was originally added to simplify testing and is not + # supported under low memory situations - the machine could lock up. + # + # Never edit any files in these directories by hand unless you + # you are absolutely sure you know what you are doing! Use + # the supplied toolset to make changes (e.g. vgcfgrestore). + + # dirs = [ "/etc/lvm/metadata", "/mnt/disk2/lvm/metadata2" ] +#} + +# Event daemon +# +dmeventd { + # mirror_library is the library used when monitoring a mirror device. + # + # "libdevmapper-event-lvm2mirror.so" attempts to recover from + # failures. It removes failed devices from a volume group and + # reconfigures a mirror as necessary. If no mirror library is + # provided, mirrors are not monitored through dmeventd. + + mirror_library = "libdevmapper-event-lvm2mirror.so" + + # snapshot_library is the library used when monitoring a snapshot device. + # + # "libdevmapper-event-lvm2snapshot.so" monitors the filling of + # snapshots and emits a warning through syslog when the use of + # the snapshot exceeds 80%. The warning is repeated when 85%, 90% and + # 95% of the snapshot is filled. + + snapshot_library = "libdevmapper-event-lvm2snapshot.so" + + # thin_library is the library used when monitoring a thin device. + # + # "libdevmapper-event-lvm2thin.so" monitors the filling of + # pool and emits a warning through syslog when the use of + # the pool exceeds 80%. The warning is repeated when 85%, 90% and + # 95% of the pool is filled. + + thin_library = "libdevmapper-event-lvm2thin.so" + + # Full path of the dmeventd binary. + # + # executable = "/sbin/dmeventd" +} diff --git a/src/initrd/mdadm-dup.sh b/src/initrd/mdadm-dup.sh new file mode 100644 index 0000000..70163a5 --- /dev/null +++ b/src/initrd/mdadm-dup.sh @@ -0,0 +1,217 @@ +LoSetup() +{ + local losetup_binary="$(which LoSetup)" + if [ "$losetup_binary" ]; then + "$losetup_binary" "$@" + else + losetup "$@" + fi +} + +dm_snapshot() +{ + # TODO: eliminate duplication; this function exists elsewhere in a less generalized form + local ro_file rw_file cutoff_size + ro_file=$1 + rw_file=$2 + cutoff_size=$3 + + local ro_dev rw_dev size new_dev_name persist chunksize + + if [ -b "$ro_file" ]; + then ro_dev=$ro_file + else ro_dev=$(LoSetup -r -f --show "$ro_file") || return + fi + + if [ -b "$rw_file" ]; + then rw_dev=$rw_file + else rw_dev=$(LoSetup -f --show "$rw_file") || return + fi + + if [ "$cutoff_size" -a "$cutoff_size" -gt 0 ]; then + size=$cutoff_size + else + size=$(blockdev --getsz "$ro_dev") || return + fi + + new_dev_name=${ro_dev##*/} + persist=p + chunksize=16 + dmsetup create "$new_dev_name" --table "0 $size snapshot $ro_dev $rw_dev $persist $chunksize" || return + wait_for_dm_device /dev/mapper/"$new_dev_name" + echo /dev/mapper/"$new_dev_name" +} + +dm_snapshot_teardown() +{ + local dev="$1" + case "$dev" in + /dev/dm-*) + dmsetup table "$dev" | ( + read _ _ snapshot ro_dev rw_dev _ crypt_dev _ + case "$snapshot" in + snapshot) + dmsetup remove "$dev" || exit 1 + # errors ignored because the loop dev can be configured to be + # automatically removed upon disuse + losetup -d /dev/block/"$rw_dev" || true + eject /dev/block/"$ro_dev" || true + ;; + crypt) + cryptsetup remove "$dev" || exit 1 + losetup -d /dev/block/"$crypt_dev" || true + ;; + esac + ) || return + ;; + *) return 1 ;; + esac +} + +wait_for_dm_device() +{ + # TODO: improve + while ! [ -e "$1" ]; do + sleep 1 + done +} + +dup_mount_cdrom() +{ + local cdrom_dev="$1" mountpoint="$2" + + local sectors md_dev=/dev/md55 cdrom_rw_file=/"${cdrom_dev##*/}".rw + + sectors=$(get_cdrom_sizelimit "$cdrom_dev") || return + + # TODO: do we even need this backing file? We do need to trick mdadm into + # thinking that this is a RW device, but previously we got away with just + # creating a loopback device. + dd if=/dev/zero of="$cdrom_rw_file" bs=1K count=32 || return + cdrom_rw_dev=$(dm_snapshot "$cdrom_dev" "$cdrom_rw_file" "$sectors") || return + mdadm_dup "$cdrom_rw_dev" "$md_dev" "$sectors" || return + mount -t iso9660 -r $md_dev "$mountpoint" +} + +get_cdrom_sizelimit() +{ + # returns 512-byte sectors + local dev="$1" sectors + sectors=$(blockdev --getsz "$dev") || return + + # Check if we can read the last 8 sectors. With a TAO CDROM, we can't -- + # these sectors are faux, and not part of the ISO fs. If mdadm is allowed to + # read them, it will mark the device failed. + if dd count=2 if="$dev" bs=2048 skip=$((sectors/4 - 2)) of=/dev/null 2>/dev/null; then + echo $sectors + else + echo $((sectors - 8)) + fi +} + +mdadm_dup() +{ + local input_dev="$1" md_name="$2" sectors="$3" + + mdadm --build "$md_name" "${sectors:+--size=$((sectors / 2))}" \ + --level=1 --raid-devices=1 --force --write-mostly "$input_dev" || return +} + +mdadm_subdevices() +{ + local md_dev="$1" + mdadm -D "$md_dev" -Y | sed -ne 's/^MD_DEVICE_.*_DEV=//p' +} + +cryptsetup_temp() +{ + local sectors="$1" cryptname="$2" temp_file="$3" parms=$- secret + set +x + # Add 4096 sectors for LUKS header + truncate -s $(((sectors + 4096) * 512)) "$temp_file" || return + cleartext_dev=$(LoSetup -f --show "$temp_file") || return + secret="$(head -c256 /dev/urandom)" || return + printf %s "$secret" | + cryptsetup luksFormat "$cleartext_dev" - || return + printf %s "$secret" | + cryptsetup --key-file - luksOpen "$cleartext_dev" "$cryptname" || return + unset secret + set "$parms" + + wait_for_dm_device /dev/mapper/"$cryptname" + rm "$temp_file" + echo /dev/mapper/"$cryptname" +} + +mdadm_copy_eject_crypt() +{ + local md_dev="$1" temp_file="$2" + + [ -b "$md_dev" ] || return + + local output_dev sectors + + old_subdev=$(mdadm_subdevices "$md_dev"|head -n1) || return + [ -b "$old_subdev" ] || return + # TODO: truncate to the ISO fs size if the device is larger + sectors=$(blockdev --getsz "$md_dev") || return + + output_dev=$(cryptsetup_temp "$sectors" samizdatiso "$temp_file") || return + + mdadm "$md_dev" --add "$output_dev" || return + mdadm "$md_dev" --grow -n2 || return + + mdadm_wait_remove "$md_dev" "$old_subdev" || return + + mdadm "$md_dev" --grow -n1 --force || return + dm_snapshot_teardown "$old_subdev" +} + +mdadm_copy_eject() +{ + local md_dev="$1" output_file="$2" + + [ -b "$md_dev" ] || return + [ ! -e "$output_file" ] || return + + local output_dev sectors + + old_subdev=$(mdadm_subdevices "$md_dev"|head -n1) || return + [ -b "$old_subdev" ] || return + sectors=$(blockdev --getsz "$md_dev") || return + + truncate -s $((sectors * 512)) "$output_file" || return + output_dev=$(LoSetup -f --show "$output_file") || return + + mdadm "$md_dev" --add "$output_dev" || return + mdadm "$md_dev" --grow -n2 || return + + mdadm_wait_remove "$md_dev" "$old_subdev" || return + + mdadm "$md_dev" --grow -n1 --force || return + dm_snapshot_teardown "$old_subdev" +} + +mdadm_wait_remove() +{ + # We should perhaps use mdadm --monitor's RebuildFinished event. + + local dev="$1" disk="$2" tries + if ! mdadm --wait "$dev"; then + tries=1000 + while ! mdadm --detail --test "$dev"; do + [ $tries -gt 0 ] || return 1 + sleep 1 + tries=$((tries-1)) + done + fi + + mdadm "$dev" --fail "$disk" || return 1 + tries=100 + while ! mdadm "$dev" --remove "$disk"; do + [ $tries -gt 0 ] || return 1 + sleep 1 + tries=$((tries-1)) + done + return 0 +} diff --git a/src/initrd/menu-select b/src/initrd/menu-select new file mode 100755 index 0000000..f059052 --- /dev/null +++ b/src/initrd/menu-select @@ -0,0 +1,123 @@ +#!/bin/sh +# usage: +# $0 boot-ram - use memory-only overlay +# $0 boot-new [dev name] [loop file] [megabytes] - create new luks-encrypted overlay +# $0 boot-overwrite [dev name] [loop file] [megabytes] - overwrite with new luks overlay +# $0 boot-luks [dev name] [loop file] - boot existing luks-encrypted overlay +# $0 boot-gpg [key id] [gnupg homedir] [???] - boot any device signed with the key + +. lvm-create.sh +. common.sh +exec 4>&1 +debug_log + +error() +{ + local sleep=3 + + clear >&4 + echo "error -- ${*:-:(}" >&4 + + if [ $sleep -gt 0 ]; then + echo "will try again in $sleep seconds..." >&4 + sleep $sleep + fi + bootmenu do_trigger no_panic + exit +} + +badopts= +fs= +while [ $# -ge 1 ]; do + case $1 in + --fs=*) fs="${1#--fs=}"; shift; continue ;; + --*) echo "error: unknown option $1"; badopts=true; shift; continue ;; + esac + break +done +[ -z "$badopts" ] || error 'usage error' + +[ $# -ge 2 -o "$1" = 'boot-ram' ] || error 'usage error' + +remountrw() +{ + local fs="$1" dev="$2" loopfile="$3" + if [ "$fs" = hfsplus ]; then + mountpoint="/mnt/${dev##*/}" + umount "$dev" || error + fsck.hfsplus -q "$dev" || error + mount -o force "$dev" "$mountpoint" || error + else + mount -o remount,rw "$dev" || error + fi +} + +hwclock_to_system() +{ + local fs="$1" UTC=UTC + case "$fs" in ntfs|vfat) UTC=LOCAL ;; esac + printf '0.0 0 0.0\n0\n%s' $UTC > /etc/adjtime + hwclock --hctosys +} + +case "$1" in + boot-ram) + read _ memtotal_kb _ < /proc/meminfo + # This doesn't make sense to me, but setting rd_size _lower_ than total + # memory seems to be what breaks things ('btrfs device add' hangs forever). + # Somehow you can fill up the filesystem and there's still space for + # programs and btrfs does not complain. I don't know what is going on here. + + # BTW, I verified with blockdev that the device size really is being + # specified in KB here. I did not really believe it. + modprobe brd rd_nr=1 rd_size=$memtotal_kb + + init_gpg || error + init_samizdat /dev/ram0 '' || { + umount /root/cdrom + umount /root/outerfs + umount /root + error + } + ;; + boot-overwrite|boot-new|boot-luks) + dev="$2" + loopfile="$3" + megs="$4" + + [ "$1" != 'boot-new' -o ! -e "$loopfile" ] || error + + remountrw "$fs" "$dev" "$loopfile" || error + + hwclock_to_system "$fs" + + if [ "$1" = 'boot-overwrite' ]; then + rm "$loopfile" "$loopfile"k + fi + + init_gpg || error + + if [ "$1" = 'boot-luks' ]; then + open_samizdat "$loopfile" "$loopfile"k || error + exit + fi + + start_meter "Allocating ${megs}MB in '$loopfile' on $dev..." + + if init_samizdat_blockdev "$loopfile" "$megs" "$loopfile"k && + init_samizdat /dev/mapper/samizdatcrypt "$loopfile"; then + stop_meter done. + else + stop_meter error! + rm "$loopfile" "$loopfile"k + dmsetup remove samizdatcrypt + # TODO: more teardown + error + fi + ;; + *) + error "Unimplemented boot command: $*" + ;; +esac + +# vim:ts=2 sw=2 et diff --git a/src/initrd/samizdat-cdrom-copy b/src/initrd/samizdat-cdrom-copy new file mode 100755 index 0000000..d4920b9 --- /dev/null +++ b/src/initrd/samizdat-cdrom-copy @@ -0,0 +1,75 @@ +#!/bin/sh +md_name=$1 +lv_name=$2 +lv_dev=$3 +cdrom_loopdev=$4 +cdrom_dev=$5 + +. lvm-create.sh + +mdadm_wait_remove() +{ + # We should perhaps use mdadm --monitor's RebuildFinished event. + + local dev="$1" disk="$2" tries + if ! mdadm --wait "$dev"; then + tries=1000 + while ! mdadm --detail --test "$dev"; do + [ $tries -gt 0 ] || return 1 + sleep 1 + tries=$((tries-1)) + done + fi + + mdadm "$dev" --fail "$disk" || return 1 + tries=100 + while ! mdadm "$dev" --remove "$disk"; do + [ $tries -gt 0 ] || return 1 + sleep 1 + tries=$((tries-1)) + done + return 0 +} + + +Done() +{ + mdadm --grow "$md_name" -n 1 --force + lvm lvrename "$lv_name".tmp "${lv_name#*/}" + losetup -d "$cdrom_loopdev" + [ -e /etc/mtab ] || ln -sf /proc/mounts /etc/mtab + eject "$cdrom_dev" + echo "[$$] Done." +} + +exec >>/var/log/samizdat-cdrom-copy.log 2>&1 +echo "[$$] Waiting for $cdrom_loopdev ($cdrom_dev) to be removed from $md_name." + +if mdadm_wait_remove "$md_name" "$cdrom_loopdev"; then + Done; +else + echo "[$$] Warning: mdadm_wait_remove() returned $?. Doing manual copy with sg_dd (using continue-on-error)." + mdadm -D "$md_name" + mdadm "$md_name" --fail "$lv_dev".tmp + mdadm -D "$md_name" + mdadm "$md_name" --remove "$lv_dev".tmp + mdadm -D "$md_name" + mdadm /dev/md55 --grow -n1 --force + mdadm -D "$md_name" + + sizelimit=$(get_cdrom_sizelimit "$cdrom_dev") + + if sg_dd bs=2048 ${sizelimit:+count=$((sizelimit/2048))} iflag=coe,coe,coe if="$cdrom_dev" of="$lv_dev".tmp retries=42; then + echo "[$$] sg_dd succeeded." + mdadm "$md_name" --grow -n 2 --assume-clean --add "$lv_dev".tmp + mdadm -D "$md_name" + if mdadm_wait_remove "$md_name" "$cdrom_loopdev"; then + Done; + else + echo "[$$] Error: mdadm_wait_remove() returned $? after sg_dd. Cannot eject CDROM!" + fi + else + echo "[$$] Error: sg_dd returned $?. Cannot eject CDROM!" + fi +fi + diff --git a/src/initrd/samizdat-eject.sh b/src/initrd/samizdat-eject.sh new file mode 100755 index 0000000..d95a49d --- /dev/null +++ b/src/initrd/samizdat-eject.sh @@ -0,0 +1,92 @@ +#!/bin/sh +die() +{ + printf '%s\n' "$*" >&2 + exit 1 +} + +btrfs_subdevices() +{ + local mountpoint="$1" + btrfs filesystem show "$mountpoint" | sed -ne 's/^[ \t]*devid.* path //p' +} + +btrfs_subdevice_count() +{ + btrfs_subdevices "$1" | wc -l +} + +remove() +{ + for dev; do + (set -x; btrfs device remove "$dev" /) + dmsetup remove "$dev" 2>/dev/null + losetup -D + done +} + +dm_name() +{ + dmsetup info "$1" | sed -ne 's/^Name: *//p' +} + +md_ready() +{ + local mountpoint="$1" count dev + count=$(mdadm_subdevices /dev/md55|wc -l) + [ "$count" = 1 ] || return + dev=$(mdadm_subdevices /dev/md55) + [ "$(dm_name "$dev")" = samizdatiso ] +} + +copy() +{ + temp_target=$(mktemp --tmpdir=/outerfs) + mdadm_copy_eject_crypt /dev/md55 "$temp_target" +} + +. mdadm-dup.sh || exit 1 + +target=$1 + +if [ ! "$target" ] && mountpoint -q /srv && [ ! -e /srv/samizdat.iso ]; then + target=/srv/samizdat.iso +fi + +[ "$target" ] || die "Usage: $0 " +[ ! -e "$target" ] || die "Error: file exists: $target" + +if ! mountpoint -q /outerfs; then + die "Error: /outerfs is not a mountpoint. Please mount a safe filesystem to temporarily store the ISO on /outerfs" +fi + +devices=$(btrfs_subdevices /) || exit 1 + +set -- +seen= +for dev in $devices; do + [ -b "$dev" ] || exit 1 + case "$dev" in + /dev/mapper/loop*) set -- "$@" "$dev" ;; + /dev/mapper/samizdatcrypt) seen=y ;; + esac +done +[ "$seen" ] || set -- # avoid messing up someone's btrfs! + + + + + + +if ! md_ready; then + copy & +fi + +remove "$@" + +wait + +if [ "$(btrfs_subdevice_count /)" = 1 ] && md_ready; then + mdadm_copy_eject /dev/md55 "$target".part && + mv "$target".part "$target" +fi diff --git a/src/initrd/squashfs-size b/src/initrd/squashfs-size new file mode 100755 index 0000000..74b67d7 --- /dev/null +++ b/src/initrd/squashfs-size @@ -0,0 +1,88 @@ +#!/bin/sh + +squashfs_size_ratio() +{ + local fn="$1" + #FSIZE="$(stat -c "%s" "$fn")" + word5() { echo $5; } + FSIZE="$(word5 `ls -l "$fn"`)" + echo $(( $FSIZE * 3367 / 1000 )) +} + +squashfs_size_magicdb() +{ + + get() + { + local len=$1 + local off=$2 + local fn="$3" + #local OUT=( $(od -t d$len -N$len -j $off "$fn") ) + #echo "${OUT[1]}" + od -t u$len -N$len -j $off "$fn" | head -n1 | sed 's/.* //' + } + +# getReversedEndian() +# { +# local len=$1 +# local off=$2 +# local fn="$3" +# #local B=( $(od -t x$len -N$len -j $off "$fn") ) +# #B="${B[1]}" +# local B="$(od -t x$len -N$len -j $off "$fn" | head -n1 | cut -d' ' -f2)" +# local D= +# local C=$(( $len * 2 )) +# while [ $C -gt 0 ] +# do +# C=$(( $C - 2 )) +# D="$D${B:$C:2}" +# done +# D="0x$D" +# echo $D +# } + getReversedEndian() + { + local len=$1 + local off=$2 + local fn="$3" + local D= + local C=$len + while [ $C -gt 0 ] + do + C=$(( $C - 1 )) + D="$(od -t x1 -N1 -j $(($off+$C)) "$fn" | head -n1 | cut -d' ' -f2)$D" + done + D=$((0x$D)) + echo $D + } + + + local fn="$1" + + local M=$(get 4 0 "$fn") + local N=$(getReversedEndian 4 0 "$fn") + if [ $M -eq 1936814952 ] + then + # Proper endian. + local get=get + elif [ $N -eq 1936814952 ] + then + # Reversed endian. + local get=getReversedEndian + else + error not squashfs + fi + + local T=$($get 2 28 "$fn") + if [ $T -lt 3 ] + then + local BC=$($get 4 8 "$fn") + else + local BC=$($get 8 63 "$fn") + fi + + echo $BC +} + + +squashfs_size_ratio "$1" diff --git a/src/initrd/umountall.sh b/src/initrd/umountall.sh new file mode 100755 index 0000000..bf89838 --- /dev/null +++ b/src/initrd/umountall.sh @@ -0,0 +1,126 @@ +#!/bin/sh +OPEN_SHELL_BEFORE_SHUTDOWN= + +movemount() { + if mountpoint -q "$1"; then + umount /root/"$1" + else + mkdir -p "$1" + mount --move /root/"$1" "$1" + fi +} + +retry_n_delay() { + local n="$1" delay="$2" + shift 2 + while [ "$n" -gt 0 ]; do "$@" && break; sleep $delay; n=$((n-1)); done +} + +umount_all_novirtual() +{ + # EQUIVALENT: umount -a -t norootfs,nosysfs,noproc,notmpfs,nodevpts,nodevtmpfs + # busyboxy umount does not support -t, therefore: + tac /proc/mounts | { + errors=0 + while read dev mp type opts _; do + case $type in + rootfs|sysfs|proc|tmpfs|devpts|devtmpfs) ;; + *) umount "$mp" || errors=$((errors+1)) ;; + esac + done + return $errors + } +} + +losetup_delete_all() +{ + local f dev + for f in /sys/dev/block/7:*/loop; do + dev=${f#/sys/dev/block/7:} + dev=/dev/loop${dev%%/*} + losetup -d $dev + done +} + +mdadm_stop_all() +{ + for md in /dev/md* /dev/md/*; do + test -b "$md" && mdadm --stop "$md" + done +} + +lvm_deactivate() { lvm lvchange -v -an samizdat 11>&-; } + +killemdead() { + force= pids="$(pidof "$@")" + while [ "$pids" ]; do + kill $force $pids + living= + for p in $pids; do + if [ -e /proc/$p ]; then + living=1 + break + fi + done + [ ! "$living" ] && break + force=-9 + done +} + +specials= movemounts= umounts= +while read dev mp type opts _; do # N.B. order is reversed in variables +case $mp in + /root/dev|/root/proc) + specials="$mp $specials" ;; + /root/sys|/root/cdrom|/root/mnt/*|/root/gpg|/root/overlay|/root/xino|/root/squashes/*) + movemounts="$mp $movemounts" ;; + /root/*) + umounts="$mp $umounts" ;; +esac +done < /proc/mounts + +# Unmount mounts under /root that we didn't put there +while true; do + error=0; success=0 + for m in $umounts; do + if umount $m; then + success=$((success+1)) + else + error=$((error+1)) + fi + done + [ $error = 0 ] && break + [ $success = 0 ] && break +done + +# Move back mounts that we moved +for m in $movemounts; do + movemount "${m#/root}" # TODO: error handling +done + +killemdead gpg-agent samizdat-pinentry + +umount /root/dev +umount /root/proc +ln -sf /proc/mounts /etc/mtab + +umount_all_novirtual +mdadm_stop_all +losetup_delete_all +lvm_deactivate +cryptsetup remove samizdatcrypt +losetup_delete_all +umount_all_novirtual + +if [ "$OPEN_SHELL_BEFORE_SHUTDOWN" ]; then + read cmd < /halt + echo + echo "Remove cdrom and press ctrl-d to run '$cmd'." + /bin/sh -i +fi + +read cmd < /halt && $cmd +sleep 1 + +echo "Error! Starting emergency shell with pid 1." +exec /bin/sh -i diff --git a/src/initrd/vol_id b/src/initrd/vol_id new file mode 100755 index 0000000..5cd24a1 --- /dev/null +++ b/src/initrd/vol_id @@ -0,0 +1,2 @@ +#!/bin/sh +exec blkid -p -o udev "$@" diff --git a/src/keygen.sh b/src/keygen.sh new file mode 100755 index 0000000..716359b --- /dev/null +++ b/src/keygen.sh @@ -0,0 +1,122 @@ +#!/bin/sh + +gpg_set_ultimate_trust() +{ + local keygrip + keygrip=$(gpg -K --with-colons|sed -ne '/^sec:/{p;q}'|cut -d: -f5) || return + + expect - -- "$keygrip" <<'END' + + set keygrip "[lindex $argv 0]" + + spawn gpg --edit-key "$keygrip" trust + + expect "Your decision?" + send -- "5\n" + expect "Do you really want to set this key to ultimate trust?" + send -- "y\n" + expect "gpg>" + send -- "save\n" + send_tty "\r" + +END +} + +add() +{ + kiki merge \ + --flow=sync \ + --home${2:+="$2"} \ + --create=rsa:4096 \ + --flow=spill,match="$1" \ + --type=pem \ + --access=secret \ + nil +} + +init() +{ + local root="$1" + + if [ "$root" ]; then + mkdir -m0600 -p "$root"/root/.gnupg + fi + + kiki init ${root:+--chroot "$root"} + add encrypt ${root:+"$root/root/.gnupg"} + add sign ${root:+"$root/root/.gnupg"} + + ( + [ "$root" ] && export GNUPGHOME="$root/root/.gnupg/" + gpg_set_ultimate_trust + ) +} + +sync() +{ + local home1="$1"/root/.gnupg home2="$2"/root/.gnupg + kiki sync-public \ + --homedir "$home1" \ + --passphrase-fd=0 \ + --import-if-authentic \ + --autosign \ + --keyrings "$home2"/pubring.gpg + kiki sync-secret \ + --homedir "$home1" \ + --autosign --import +} + +doublecheck() +{ + gpg2 --clearsign &1 4>&2 + exec >/dev/null 2>&1 +} + +noisy() +{ + exec >&3 2>&1 +} + +new_child() +{ + local root="$1" + init "$root" + + sync "$root" '' + sync '' "$root" + + gpg2 --check-trustdb + gpg2 --check-trustdb --homedir "$root"/root/.gnupg + + doublecheck "$root" +} + + +child_dir=$1 + +set -e + +[ "$(id -u)" = 0 ] +[ "$child_dir" ] +[ ! -d "$child_dir" ] +which expect >/dev/null + +mkdir "$child_dir" +trap -- 'umount "$child_dir"; rmdir "$child_dir"' EXIT +mount -t tmpfs -o mode=0700 tmpfs "$child_dir" + +silent +init +new_child "$child_dir" +noisy + +trap EXIT + +# gpg2 -k +# gpg2 -k --homedir "$child_dir"/root/.gnupg diff --git a/src/patchroot.sh b/src/patchroot.sh new file mode 100755 index 0000000..738beac --- /dev/null +++ b/src/patchroot.sh @@ -0,0 +1,43 @@ +#!/bin/sh + +pkgs='avahi-daemon git tmux btrfs-tools/jessie-backports sshfs eject' +pkgs="$pkgs $(cat initrd-dependencies.txt)" +pkgs="$pkgs linux-image-$(uname -r)/jessie-backports" + +default_sources_list() +{ + cat <<'END' +deb http://httpredir.debian.org/debian jessie main contrib non-free +deb http://security.debian.org jessie/updates main contrib non-free +deb http://httpredir.debian.org/debian jessie-backports main contrib non-free +deb-src http://httpredir.debian.org/debian jessie main contrib non-free +deb-src http://security.debian.org jessie/updates main contrib non-free +deb-src http://httpredir.debian.org/debian jessie-backports main contrib non-free +END +} + +network_devs() +{ + ip -oneline link | + while read _ dev _; do + echo ${dev%:} + done +} + +if [ -e /root/sources.list ]; then + cp /root/sources.list /etc/apt/sources.list +else + default_sources_list > /etc/apt/sources.list +fi + +if [ -e /sys/module/hid_apple/parameters/fnmode ]; then + echo 2 > /sys/module/hid_apple/parameters/fnmode +fi +echo options hid_apple fnmode=2 > /etc/modprobe.d/apple.conf + +if [ "$(ifquery -a --list)" = lo ]; then + # No configured interfaces. Do something! + dhclient $(network_devs) +fi +apt-get update +apt-get -y install --no-upgrade $pkgs diff --git a/src/qemu.sh b/src/qemu.sh new file mode 100755 index 0000000..dfed521 --- /dev/null +++ b/src/qemu.sh @@ -0,0 +1,34 @@ +#!/bin/sh + +. samizdat-path.sh + +# iso=debian-live-8.4.0-amd64-gnome-desktop.iso +# iso=debian-live-8.4.0-amd64-standard.iso +# iso=debian-live-8.4.0-amd64-standard.btrfs.iso +iso=${samizdat_iso_dir}/samizdat.iso +disk=${samizdat_iso_dir}/debian-live-8.4.0-amd64-standard.btrfs.disk +layered=${samizdat_iso_dir}/${iso%.iso}.layered.iso + +[ -f "$layered" ] && iso=$layered + +[ "$1" ] && iso=$1 + +initrd.sh || { echo "initrd.sh failed" >&2; exit 1; }; + +NET='tap,vlan=0,ifname=tap0,script=no,downscript=no' + +# To test local pxe boot server: +# NET='user,tftp=isolinux,bootfile=/pxelinux.0' + +initrd=${samizdat_isolinux_dir}/linux/initrd.img +kernel=${samizdat_isolinux_dir}/linux/vmlinuz +kcmdline='boot=samizdat components quiet splash' + +sudo qemu-system-x86_64 -enable-kvm -smp 2 -m 640 -k en-us \ + -vga qxl \ + -net nic,vlan=0,model=virtio \ + -net "$NET" \ + -rtc base=localtime \ + -cdrom "$iso" \ + -hda "$disk" \ + -initrd "$initrd" -kernel "$kernel" -append "$kcmdline" diff --git a/src/samizdat-paths.sh b/src/samizdat-paths.sh new file mode 100644 index 0000000..c437c5b --- /dev/null +++ b/src/samizdat-paths.sh @@ -0,0 +1,5 @@ +samizdat_initrd_files_dir=/home/d/sami/src/initrd +samizdat_execs_dir=/home/d/src/samizdat +samizdat_child_dir=./child +samizdat_isolinux_dir=/home/d/sami/isolinux +PATH=${libexecdir}/${PACKAGE}/bin:${PATH} diff --git a/src/var.sh b/src/var.sh new file mode 100644 index 0000000..d0c7df5 --- /dev/null +++ b/src/var.sh @@ -0,0 +1,75 @@ +die() +{ + if [ "$*" ]; then + printf 'Error: %s\n' "$*" >&2 + else + echo 'Error: fatal error' >&2 + fi + exit 1 +} + +nosex() +{ + case $- in + *x*) set +x; "$@"; set -x;; + *) "$@";; + esac +} + +_nonempty() +{ + printf '[ "${%s}" ] || die \"mandatory parameter is empty: %s\";\n' "$1" "$1" +} + +_mandatory() +{ + printf '[ $# -ge %d ] || die \"mandatory parameter is missing: %s\";\n' "$2" "$1" +} + +_assign() +{ + printf 'local %s="${%d}";\n' "$1" "$2" +} + +_args() +{ + local v i=1 check="$1" assign="$2" + shift + shift + for v; do + $assign "$v" "$i" + $check "$v" "$i" + i=$((i+1)) + done +} + +_ARGS() +{ + echo eval "$(_args _mandatory _assign "$@")" +} + +_ARGS_NONEMPTY() +{ + echo eval "$(_args _nonempty _assign "$@")" +} + +_ARGS_OPTIONAL() +{ + echo eval "$(_args : _assign "$@")" +} + +_NONEMPTY() +{ + echo eval "$(_args _nonempty : "$@")" +} + +ARGS() { nosex _ARGS "$@"; } +ARGS_NONEMPTY() { nosex _ARGS_NONEMPTY "$@"; } +ARGS_OPTIONAL() { nosex _ARGS_OPTIONAL "$@"; } +NONEMPTY() { nosex _NONEMPTY "$@"; } + +ARGS_NE() { ARGS_NONEMPTY "$@"; } + +if [ "${0#-}" = bash ]; then + export -f die _nonempty _mandatory _args ARGS ARGS_NONEMPTY ARGS_OPTIONAL +fi diff --git a/src/xorriso-layer.sh b/src/xorriso-layer.sh new file mode 100755 index 0000000..7ce4776 --- /dev/null +++ b/src/xorriso-layer.sh @@ -0,0 +1,38 @@ +#!/bin/bash + +outdev=debian-live-8.4.0-amd64-standard.btrfs.layered.iso +indev=debian-live-8.4.0-amd64-standard.btrfs.iso +volid=SamizdatLive +btrfs_layer_iso_path=live/layer%s.btrfs +btrfs_layer_filesystem="$1" + +die() { printf '%s\n' "$*"; exit 1; } + +[ -f "$btrfs_layer_filesystem" ] || die "Usage: $0 [layer2.btrfs ...]" + +i=0 +while [ $i -lt $# ]; do + arg=$1 + [ $i -eq 0 ] && n='' || n=$((i + 1)) + arg=$(printf "${btrfs_layer_iso_path}=%s" "$n" "$arg") + shift + set -- "$@" "$arg" + i=$((i + 1)) +done + +for arg; do echo "a=$arg"; done; exit; + +set -ex + +cp --reflink "$indev" "$outdev"~ +time xorriso \ + -drive_class clear_list all \ + -outdev "$outdev"~ -indev "$outdev"~ \ + -report_about mishap \ + -volid "$volid" \ + -return_with sorry 0 \ + -pathspecs on -overwrite on \ + -add_plainly any \ + "$@" + +mv -f "$outdev"~ "$outdev" diff --git a/src/xorriso-usb.sh b/src/xorriso-usb.sh new file mode 100644 index 0000000..61fcda0 --- /dev/null +++ b/src/xorriso-usb.sh @@ -0,0 +1,182 @@ +#!/bin/bash + +. samizdat-paths.sh || exit 1 + +outdev= +volid=SamizdatLive +gpg_iso_path=gnupghome +gnupghome= +child_dir=$samizdat_child_dir +vmlinuz_dir=$samizdat_isolinux_dir +efi_dir=$samizdat_grub_efi_dir + +die() { printf "%s: Error: %s\n" "$0" "$*" >&2; exit 1; } + +TEMP="$(getopt -o '' --long adam,usb,detach,out:,test -n "$0" -- "$@")" || + die 'getopt error' +eval set -- "$TEMP" + +ADAM=; DETACH=; USB= +while [ $# -gt 0 ]; do + case "$1" in + --adam) shift; ADAM=y;; + --usb) shift; USB=y;; + --detach) shift; DETACH=y;; + --test) shift; QUICK_TEST=y;; + --out) CMDLINE_OUTDEV="$2"; shift 2;; + --) shift; break;; + *) die 'getopt error';; + esac +done + +if [ $# = 0 ]; then + set -- debian-live-8.4.0-amd64-standard.btrfs layer.btrfs +fi + +for fs; do + [ -f "$fs" ] || die "not a file: $fs" + shift + set -- "$@" "rootfs/${fs##*/}=$fs" +done + + +whole_device() +{ + case "$1" in + *-part?) false ;; + *-part??) false ;; + *-part???) false ;; + */usb\*) false ;; + *) true ;; + esac +} + +confirm_usb() +{ + local msg="This will completely overwrite device:\n\n\t%s\n\nType 'yes' to confirm.\nContinue? " + printf "$msg" "$1" >&2 + read line + case "$line" in + [yY][eE][sS]) return ;; + *) die "Aborted by user." ;; + esac +} + +choose_usb() +{ + local devs maj + set -- /dev/disk/by-id/usb* + for dev; do + shift + whole_device "$dev" || continue + set -- "$@" "$dev" + done + if [ $# = 0 ]; then + die "no usb device found" + elif [ $# = 1 ]; then + confirm_usb "$1" || die impossible + outdev="$1" + else + die "multiple USB devices connected and choice between them is unimplemented. ($*)" + fi +} + +choose_cdrom() +{ + die 'choose_cdrom: unimplemented' +} + +choose_outdev() +{ + if [ "$CMDLINE_OUTDEV" ]; then + outdev=$CMDLINE_OUTDEV~ + NEED_STDIO=y + elif [ "$USB" ]; then + choose_usb + NEED_STDIO=y + else + choose_cdrom + NEED_STDIO= + fi +} + +generate_keys() +{ + if [ "$ADAM" ]; then + kiki init || die 'kiki init failed' + gnupghome=/root/.gnupg + else + keygen.sh "$child_dir" || die "keygen.sh failed" + gnupghome=$child_dir/root/.gnupg + trap 'umount "$child_dir"; rmdir "$child_dir"' EXIT + fi +} + + +[ "$(id -u)" = 0 ] || die "you are not root." + +grub-efi.sh || die "grub-efi.sh failed" + +choose_outdev + +generate_keys + +if [ "$INPUT_DEVICE" ]; then + REPLACE_INITRD= + REMOVE_BTRFS= + ADD_BTRFS= +else + REPLACE_INITRD=y + REMOVE_BTRFS=y + ADD_BTRFS=y +fi + +if [ "$QUICK_TEST" ]; then + REMOVE_BTRFS=y + ADD_BTRFS= +fi + +if [ "$REPLACE_INITRD" ]; then + initrd.sh +fi + +(set -x +xorriso \ + ${INPUT_DEVICE:+ -indev "$INPUT_DEVICE" } \ + -outdev ${NEED_STDIO:+stdio:}"$outdev" \ + -blank as_needed \ + -report_about mishap \ + -return_with sorry 0 \ + -volid "$volid" \ + -pathspecs on \ + \ + \ + ${REPLACE_INITRD:+ -rm_r linux -- -add linux="${vmlinuz_dir}" -- } \ + ${REMOVE_BTRFS:+ -rm_r btrfs -- } \ + ${ADD_BTRFS:+ -follow link -add "$@" -- -follow default } \ + \ + \ + -rm_r "${gpg_iso_path}" -- \ + -add "${gpg_iso_path}=${gnupghome}" -- \ + \ + \ + -chown_r 0 / -- \ + -chgrp_r 0 / -- \ + -chmod_r go-rwx "${gpg_iso_path}" -- \ + \ + \ + -as mkisofs -graft-points \ + -b grub/i386-pc/eltorito.img \ + -no-emul-boot -boot-info-table \ + --embedded-boot "${efi_dir}"/embedded.img \ + --protective-msdos-label \ + grub="${efi_dir}"/grub +) || die "xorriso exited $?" + +case "$outdev" in + *~) [ -f "$outdev" ] && mv "$outdev" "${outdev%\~}" ;; +esac + +if [ "$USB" -a "$DETACH" -a $? = 0 ]; then + udisks --detach "$outdev" +fi diff --git a/src/xorriso.sh b/src/xorriso.sh new file mode 100755 index 0000000..5068d4b --- /dev/null +++ b/src/xorriso.sh @@ -0,0 +1,66 @@ +#!/bin/sh + +outdev=samizdat.iso +indev=debian-live-8.4.0-amd64-standard.iso +volid=SamizdatLive +gpg_iso_path=gnupghome +gnupghome=gnupghome +secrets=secrets + +if [ $# = 0 ]; then + set -- debian-live-8.4.0-amd64-standard.btrfs layer.btrfs +fi + +for fs; do + [ -f "$fs" ] || exit 1 + shift + set -- "$@" "rootfs/${fs##*/}=$fs" +done + +die() { printf '%s\n' "$*"; exit 1; } + +make_gnupghome() +{ + [ -d "$gnupghome" ] && return + local reset=$- + set -e + [ ! -d "$gnupghome".tmp ] || die "Error: refusing to overwrite $gnupghome.tmp" + [ ! -d "$secrets".tmp ] || die "Error: refusing to overwrite $secrets.tmp" + mkdir -p "$gnupghome".tmp "$secrets".tmp + local PATH="$HOME"/src/samizdat/src:"$PATH" NO_USE_RAMFS=y + NEW_GNUPGHOME="$gnupghome".tmp SECRETS_DIRECTORY="$secrets".tmp ~/src/samizdat/src/samizdat-make-key --adam + mv "$secrets".tmp "$secrets" + mv "$gnupghome".tmp "$gnupghome" + set -$reset +} + +make_gnupghome + +if [ grub-efi.sh -nt grub-efi ]; then + ./grub-efi.sh || die "Error: grub-efi.sh failed" +fi + +set -ex + +xorriso \ + -drive_class clear_list all \ + -outdev "$outdev"~ \ + -report_about mishap \ + -return_with sorry 0 \ + -volid "$volid" \ + -pathspecs on \ + \ + \ + -add "${gpg_iso_path}=${gnupghome}" -- \ + -add linux=isolinux/linux -- \ + -follow link -add "$@" -- -follow default \ + \ + \ + -as mkisofs -graft-points \ + -b grub/i386-pc/eltorito.img \ + -no-emul-boot -boot-info-table \ + --embedded-boot grub-efi/embedded.img \ + --protective-msdos-label \ + grub=grub-efi/grub + +mv -f "$outdev"~ "$outdev" diff --git a/src/xorriso.test-efi.sh b/src/xorriso.test-efi.sh new file mode 100755 index 0000000..3591528 --- /dev/null +++ b/src/xorriso.test-efi.sh @@ -0,0 +1,65 @@ +#!/bin/sh + +outdev=samizdat.iso +indev=debian-live-8.4.0-amd64-standard.iso +volid=SamizdatLive +gpg_iso_path=gnupghome +gnupghome=gnupghome +secrets=secrets + +if [ $# = 0 ]; then + set -- debian-live-8.4.0-amd64-standard.btrfs layer.btrfs +fi + +for fs; do + [ -f "$fs" ] || exit 1 + shift + set -- "$@" "rootfs/${fs##*/}=$fs" +done + +die() { printf '%s\n' "$*"; exit 1; } + +make_gnupghome() +{ + [ -d "$gnupghome" ] && return + local reset=$- + set -e + [ ! -d "$gnupghome".tmp ] || die "Error: refusing to overwrite $gnupghome.tmp" + [ ! -d "$secrets".tmp ] || die "Error: refusing to overwrite $secrets.tmp" + mkdir -p "$gnupghome".tmp "$secrets".tmp + local PATH="$HOME"/src/samizdat/src:"$PATH" NO_USE_RAMFS=y + NEW_GNUPGHOME="$gnupghome".tmp SECRETS_DIRECTORY="$secrets".tmp ~/src/samizdat/src/samizdat-make-key --adam + mv "$secrets".tmp "$secrets" + mv "$gnupghome".tmp "$gnupghome" + set -$reset +} + +make_gnupghome + +if [ grub-efi.sh -nt grub-efi ]; then + ./grub-efi.sh || die "Error: grub-efi.sh failed" +fi + +set -ex + +xorriso \ + -drive_class clear_list all \ + -outdev "$outdev"~ \ + -report_about mishap \ + -return_with sorry 0 \ + -volid "$volid" \ + -pathspecs on \ + \ + \ + -add "${gpg_iso_path}=${gnupghome}" -- \ + -add linux=isolinux/linux -- \ + \ + \ + -as mkisofs -graft-points \ + -b grub/i386-pc/eltorito.img \ + -no-emul-boot -boot-info-table \ + --embedded-boot grub-efi/embedded.img \ + --protective-msdos-label \ + grub=grub-efi/grub + +mv -f "$outdev"~ "$outdev" -- cgit v1.2.3