diff --git a/aports/postmarketos-mkinitfs/10-usb-unlock.sh b/aports/postmarketos-mkinitfs/10-usb-unlock.sh index c67993f0..70b473d8 100644 --- a/aports/postmarketos-mkinitfs/10-usb-unlock.sh +++ b/aports/postmarketos-mkinitfs/10-usb-unlock.sh @@ -2,6 +2,10 @@ IP=172.16.42.1 TELNET_PORT=23 +. /init_functions.sh + +log "info" "show_splash $partition" + usb_setup_android() { SYS=/sys/class/android_usb/android0 [ -e "$SYS" ] || return @@ -46,6 +50,13 @@ telnetd_start() telnetd -b "${IP}:${TELNET_PORT}" -l /telnet_connect.sh } +partition=$(find_root_partition) + usb_setup_android dhcpcd_start -telnetd_start + +if $(cryptsetup isLuks "$partition"); then + log "info" "password needed to decrypt $partition, launching telnetd" + telnetd_start +fi + diff --git a/aports/postmarketos-mkinitfs/APKBUILD b/aports/postmarketos-mkinitfs/APKBUILD index c5fd60d5..e41c0520 100644 --- a/aports/postmarketos-mkinitfs/APKBUILD +++ b/aports/postmarketos-mkinitfs/APKBUILD @@ -1,6 +1,6 @@ pkgname=postmarketos-mkinitfs pkgver=0.0.5 -pkgrel=4 +pkgrel=5 pkgdesc="Tool to generate initramfs images for postmarketOS" url="https://github.com/postmarketOS" # multipath-tools: kpartx @@ -27,9 +27,9 @@ package() { install -Dm644 "$srcdir/10-usb-unlock.sh" \ "$pkgdir/etc/postmarketos-mkinitfs/hooks/" } -sha512sums="2f45dee1ad9ef75166d614774e0ee2a6856950990c063bce7d0e98ed27599d2f8040c6118a9381aab4a69c79f96a30eb044b6b29ef2afb2a9374bac5f5a398da init.sh.in -3ebc5fa2220a8da920ebca67f14c38b0c296eafdbcf312997b442a020d1683bd622a42a946a61b4d80cbecf28853c915480e26ffe59eda57769855303b67bbdf init_functions.sh +sha512sums="6f4d96b5b5e19811d7b03a5f20e6ee766d22047c182e9b21c56e99634b2300978d8c98f42f9a889e356a295bb968053d1d289a8ebddf52a696b4630df6839b45 init.sh.in +6795e225e0576b003ea492a05d83d28092753af7cc4dd6a8b75ae2d2ca3555f951d632c7ee5ee7db3a7b606bb77cc9a035804a81a1f5b4fdad6a7aac5a0ee6b4 init_functions.sh dd3c86c6ba4f91e20b72f4180049960a58dc01002f69ad9e5d98c752da3b34711c2bbe6e0c7d003eb6a4a8d9e185796aa2fe84c0231a3057b204912c439140f7 mkinitfs.sh -82f0b9927bfef919c6561d67283a0e77c36ef8f8d11000a6153b52e39731ceaa65b9a34c682e737881dc676cc8bfc97dfbbfdeb2ca03594b8f9beef9e49a754d 10-usb-unlock.sh +bea0eae6852f4a401347bbbd6c376ea8cc5bfa4817d2c87170a4f2a916e25f155769eb8e97e16d39bf2eac84e3fdaf6f8c7a0564ec561a96e32407daa1d71e1c 10-usb-unlock.sh 35a8eabad947347afec7e3f5860d31ab9e3534972c0960ccf553c7e1cc9262316bfdddb8d61d3588db1ee2261077597617806080b9956798b3e5088d6f9b596b splash1.ppm.gz bf11d8b3a50db984cfbb2cafe6687de327242c1f6f56c6fdd02ca579b05213f9c886aa1c0527530fdec21b16e65e68962e40a600c4ce155819df2f610b435087 splash2.ppm.gz" diff --git a/aports/postmarketos-mkinitfs/TODO b/aports/postmarketos-mkinitfs/TODO index 0fbb3e5a..4dac8952 100644 --- a/aports/postmarketos-mkinitfs/TODO +++ b/aports/postmarketos-mkinitfs/TODO @@ -1,6 +1,3 @@ -- use device labels or uuids inside init to properly detect the right - partition - - support for adding files/modules in hooks (one file per hook): - add build() function - should have add_module and add_file functions diff --git a/aports/postmarketos-mkinitfs/init.sh.in b/aports/postmarketos-mkinitfs/init.sh.in index 609a11a4..3bef0a82 100644 --- a/aports/postmarketos-mkinitfs/init.sh.in +++ b/aports/postmarketos-mkinitfs/init.sh.in @@ -30,7 +30,7 @@ unlock_root_partition # switch root show_splash /splash2.ppm.gz killall telnetd mdev 2&> /dev/null -mount -w -t ext4 /dev/mapper/root /sysroot +mount -w -t ext4 $(find_root_partition) /sysroot umount /proc umount /sys umount /dev/pts diff --git a/aports/postmarketos-mkinitfs/init_functions.sh b/aports/postmarketos-mkinitfs/init_functions.sh index ac6ba150..ae00bd52 100644 --- a/aports/postmarketos-mkinitfs/init_functions.sh +++ b/aports/postmarketos-mkinitfs/init_functions.sh @@ -1,6 +1,11 @@ #!/bin/sh # This file will be in /init_functions.sh inside the initramfs. +log() +{ + echo "[$1] $2" >> /tmp/boot.log +} + mount_subpartitions() { for i in /dev/mmcblk*; do @@ -19,24 +24,35 @@ mount_subpartitions() find_root_partition() { - for i in /dev/mapper/* /dev/mmcblk*; do - cryptsetup isLuks "$i" || continue - echo "$i" - break - done + DEVICE=$(blkid | grep "crypto_LUKS" | tail -1 | cut -d ":" -f 1) + + if [ -z "$DEVICE" ]; then + DEVICE=$(blkid | grep "pmOS_root" | tail -1 | cut -d ":" -f 1) + fi + + log "info" "root partition is $DEVICE" + + echo $DEVICE } unlock_root_partition() { + log "info" "unlock_root_partition()" while ! [ -e /dev/mapper/root ]; do partition="$(find_root_partition)" if [ -z "$partition" ]; then - echo "Could not find cryptsetup partition." + echo "Could not find the root partition." echo "Maybe you need to insert the sdcard, if your device has" echo "any? Trying again in one second..." sleep 1 else - cryptsetup luksOpen "$partition" root + if $(cryptsetup isLuks "$partition"); then + cryptsetup luksOpen "$partition" root + log "info" "decrypted $partition" + else + log "info" "unencrypted $partition" + break + fi fi done } @@ -44,6 +60,7 @@ unlock_root_partition() # $1: path to ppm.gz file show_splash() { + log "info" "show_splash $1" gzip -c -d "$1" > /tmp/splash.ppm fbsplash -s /tmp/splash.ppm } diff --git a/pmb/install/format.py b/pmb/install/format.py index 45056aa6..202b1ff7 100644 --- a/pmb/install/format.py +++ b/pmb/install/format.py @@ -23,33 +23,39 @@ import pmb.chroot def format_and_mount_boot(args): mountpoint = "/mnt/install/boot" - logging.info("(native) format /dev/installp1 (boot, ext2), mount to " + + device = "/dev/installp1" + logging.info("(native) format " + device + " (boot, ext2), mount to " + mountpoint) - pmb.chroot.root(args, ["mkfs.ext2", "-F", "-q", "/dev/installp1"]) + pmb.chroot.root(args, ["mkfs.ext2", "-F", "-q", "-L", "pmOS_boot", device]) pmb.chroot.root(args, ["mkdir", "-p", mountpoint]) - pmb.chroot.root(args, ["mount", "/dev/installp1", mountpoint]) + pmb.chroot.root(args, ["mount", device, mountpoint]) def format_and_mount_root(args): mountpoint = "/dev/mapper/pm_crypt" - logging.info("(native) format /dev/installp2 (root, luks), mount to " + - mountpoint) - pmb.chroot.root(args, ["cryptsetup", "luksFormat", "--use-urandom", - "--cipher", args.cipher, "-q", "/dev/installp2"], log=False) - pmb.chroot.root(args, ["cryptsetup", "luksOpen", "/dev/installp2", - "pm_crypt"], log=False) - if not os.path.exists(args.work + "/chroot_native" + mountpoint): - raise RuntimeError("Failed to open cryptdevice!") + device = "/dev/installp2" + if not args.no_fde: + logging.info("(native) format " + device + " (root, luks), mount to " + + mountpoint) + pmb.chroot.root(args, ["cryptsetup", "luksFormat", "--use-urandom", + "--cipher", args.cipher, "-q", device], log=False) + pmb.chroot.root(args, ["cryptsetup", "luksOpen", device, + "pm_crypt"], log=False) + if not os.path.exists(args.work + "/chroot_native" + mountpoint): + raise RuntimeError("Failed to open cryptdevice!") def format_and_mount_pm_crypt(args): - cryptdevice = "/dev/mapper/pm_crypt" + if args.no_fde: + device = "/dev/installp2" + else: + device = "/dev/mapper/pm_crypt" mountpoint = "/mnt/install" - logging.info("(native) format " + cryptdevice + " (ext4), mount to " + + logging.info("(native) format " + device + " (ext4), mount to " + mountpoint) - pmb.chroot.root(args, ["mkfs.ext4", "-F", "-q", cryptdevice]) + pmb.chroot.root(args, ["mkfs.ext4", "-F", "-q", "-L", "pmOS_root", device]) pmb.chroot.root(args, ["mkdir", "-p", mountpoint]) - pmb.chroot.root(args, ["mount", cryptdevice, mountpoint]) + pmb.chroot.root(args, ["mount", device, mountpoint]) def format(args): diff --git a/pmb/parse/arguments.py b/pmb/parse/arguments.py index 8fe4f2a4..a11bd359 100644 --- a/pmb/parse/arguments.py +++ b/pmb/parse/arguments.py @@ -154,6 +154,8 @@ def arguments(): " encrypt the system partition, eg. aes-xts-plain64") install.add_argument("--add", help="comma separated list of packages to be" " added to the rootfs (e.g. 'vim,gcc')") + install.add_argument("--no-fde", help="do not use full disk encryption", + action="store_true") # Action: build / checksum / menuconfig / parse_apkbuild / aportgen menuconfig = sub.add_parser("menuconfig", help="run menuconfig on"