blob: cfd2ad1653fa17632e130947ab4467c4299db685 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
|
#!/bin/bash
die()
{
printf 'Error: %s\n' "$*" >&2
exit 1
}
KiB()
{
printf %s $(("$1" * 1024))
}
MiB()
{
KiB $(KiB "$1")
}
. samizdat-paths.sh || die 'samizdat-paths.sh not found'
samizdat_linux_dir=/boot
: ${GPG_INPUT_DIR:=/cdrom/gnupghome}
if [[ $UID != 0 ]]
then
exit 1
fi
for d in "$samizdat_linux_dir" "$GPG_INPUT_DIR"
do
if ! test -d "$d"
then
exit 1
fi
done
start_keys=64 # megs
end_keys=256 # megs
target=fallacy.img.tmp
initialize_target()
{
rm -f "$target"
fallocate -l $(($(KiB 17) + $(MiB $end_keys))) "$target"
}
partition_target()
{
parted "$target" -sm -a optimal \
unit B \
mklabel gpt \
mkpart samizdat-grub 1MiB 8MiB \
set 1 bios_grub on \
mkpart samizdat-plaintext btrfs ${start_keys}MiB ${end_keys}MiB
}
make_target_bootable()
{
version=${1:+-$1}
losetup -f "$target"
dev=$(losetup -j "$target" -O NAME --noheadings)
kpartx -vasas "$dev"
kdev=/dev/mapper/${dev##*/}
mnt=$target.mnt
mkfs.btrfs --mixed "$kdev"p2
mkdir -p "$mnt"
mount "$kdev"p2 "$mnt"
rsync -aL --info=STATS "$samizdat_linux_dir"/vmlinuz${version} "$samizdat_linux_dir"/initrd.img${version} "$mnt"/linux/
boot_dir=$mnt/boot
mkdir -p "$boot_dir"/grub
cp -a grub.cfg "$boot_dir"/grub
# grub-install -v -d "$samizdat_grub_efi_dir"/grub/i386-pc --boot-directory "$mnt"/boot "$dev"
eatmydata -- grub-install -v --boot-directory "$boot_dir" "$dev"
sync
}
release_target()
{
umount "$mnt"
kpartx -d "$dev"
losetup -d "$dev"
}
add_keys()
{
local mnt dev target="$1"
mnt=$target.mnt
mkdir -p "$mnt"
losetup -f "$target" -o $(MiB $start_keys)
dev=$(losetup -j "$target" -O NAME --noheadings)
mount "$dev" "$mnt"
rsync -a --info=STATS "$GPG_INPUT_DIR"/ "$mnt"/gnupghome/
umount "$mnt"
losetup -d "$dev"
}
set -e
if [ ! -e "$target" ]
then
initialize_target
partition_target
make_target_bootable ${1:4.9.0-0.bpo.2-amd64}
release_target
fi
cp --reflink=always "$target" "$target".keyed
add_keys "$target".keyed
qemu-system-x86_64 -enable-kvm -smp 2 -m 512 -k en-us -vga qxl -drive file="$target".keyed,format=raw
# rm -f "$target"
|