#!/bin/bash die() { printf 'Error: %s\n' "$*" >&2 exit 1 } KiB() { printf %s $(("$1" * 1024)) } MiB() { KiB $(KiB "$1") } . samizdat-paths.sh || die 'samizdat-paths.sh not found' samizdat_linux_dir=/boot : ${GPG_INPUT_DIR:=/cdrom/gnupghome} if [[ $UID != 0 ]] then exit 1 fi for d in "$samizdat_linux_dir" "$GPG_INPUT_DIR" do if ! test -d "$d" then exit 1 fi done start_keys=64 # megs end_keys=256 # megs target=fallacy.img.tmp initialize_target() { rm -f "$target" fallocate -l $(($(KiB 17) + $(MiB $end_keys))) "$target" } partition_target() { parted "$target" -sm -a optimal \ unit B \ mklabel gpt \ mkpart samizdat-grub 1MiB 8MiB \ set 1 bios_grub on \ mkpart samizdat-plaintext btrfs ${start_keys}MiB ${end_keys}MiB } make_target_bootable() { version=${1:+-$1} losetup -f "$target" dev=$(losetup -j "$target" -O NAME --noheadings) kpartx -vasas "$dev" kdev=/dev/mapper/${dev##*/} mnt=$target.mnt mkfs.btrfs --mixed "$kdev"p2 mkdir -p "$mnt" mount "$kdev"p2 "$mnt" rsync -aL --info=STATS "$samizdat_linux_dir"/vmlinuz${version} "$samizdat_linux_dir"/initrd.img${version} "$mnt"/linux/ boot_dir=$mnt/boot mkdir -p "$boot_dir"/grub cp -a grub.cfg "$boot_dir"/grub # grub-install -v -d "$samizdat_grub_efi_dir"/grub/i386-pc --boot-directory "$mnt"/boot "$dev" eatmydata -- grub-install -v --boot-directory "$boot_dir" "$dev" sync } release_target() { umount "$mnt" kpartx -d "$dev" losetup -d "$dev" } add_keys() { local mnt dev target="$1" mnt=$target.mnt mkdir -p "$mnt" losetup -f "$target" -o $(MiB $start_keys) dev=$(losetup -j "$target" -O NAME --noheadings) mount "$dev" "$mnt" rsync -a --info=STATS "$GPG_INPUT_DIR"/ "$mnt"/gnupghome/ umount "$mnt" losetup -d "$dev" } set -e if [ ! -e "$target" ] then initialize_target partition_target make_target_bootable ${1:4.9.0-0.bpo.2-amd64} release_target fi cp --reflink=always "$target" "$target".keyed add_keys "$target".keyed qemu-system-x86_64 -enable-kvm -smp 2 -m 512 -k en-us -vga qxl -drive file="$target".keyed,format=raw # rm -f "$target"