Administration/pmbootstrap-meow
2
0
Fork 0
forked from Mirror/pmbootstrap
Code Pull requests Activity Actions

Merge branch 'optional_full_disk_encryption' of https://github.com/PabloCastellano/pmbootstrap into optional-fde

Browse source
This commit is contained in:
Oliver Smith 2017-06-28 17:16:56 +02:00
commit 86cb9f5ec8
No known key found for this signature in database
GPG key ID: 5AE7F5513E0885CB
7 changed files with 64 additions and 31 deletions
Download patch file Download diff file Expand all files Collapse all files

13
aports/postmarketos-mkinitfs/10-usb-unlock.sh
View file

@ -2,6 +2,10 @@
IP=172.16.42.1 IP=172.16.42.1
TELNET_PORT=23 TELNET_PORT=23
. /init_functions.sh
log "info" "show_splash $partition"
usb_setup_android() { usb_setup_android() {
SYS=/sys/class/android_usb/android0 SYS=/sys/class/android_usb/android0
[ -e "$SYS" ] || return [ -e "$SYS" ] || return
@ -46,6 +50,13 @@ telnetd_start()
telnetd -b "${IP}:${TELNET_PORT}" -l /telnet_connect.sh telnetd -b "${IP}:${TELNET_PORT}" -l /telnet_connect.sh
} }
partition=$(find_root_partition)
usb_setup_android usb_setup_android
dhcpcd_start dhcpcd_start
telnetd_start
if $(cryptsetup isLuks "$partition"); then
log "info" "password needed to decrypt $partition, launching telnetd"
telnetd_start
fi

8
aports/postmarketos-mkinitfs/APKBUILD
View file

@ -1,6 +1,6 @@
pkgname=postmarketos-mkinitfs pkgname=postmarketos-mkinitfs
pkgver=0.0.5 pkgver=0.0.5
pkgrel=4 pkgrel=5
pkgdesc="Tool to generate initramfs images for postmarketOS" pkgdesc="Tool to generate initramfs images for postmarketOS"
url="https://github.com/postmarketOS" url="https://github.com/postmarketOS"
# multipath-tools: kpartx # multipath-tools: kpartx
@ -27,9 +27,9 @@ package() {
install -Dm644 "$srcdir/10-usb-unlock.sh" \ install -Dm644 "$srcdir/10-usb-unlock.sh" \
"$pkgdir/etc/postmarketos-mkinitfs/hooks/" "$pkgdir/etc/postmarketos-mkinitfs/hooks/"
} }
sha512sums="2f45dee1ad9ef75166d614774e0ee2a6856950990c063bce7d0e98ed27599d2f8040c6118a9381aab4a69c79f96a30eb044b6b29ef2afb2a9374bac5f5a398da init.sh.in sha512sums="6f4d96b5b5e19811d7b03a5f20e6ee766d22047c182e9b21c56e99634b2300978d8c98f42f9a889e356a295bb968053d1d289a8ebddf52a696b4630df6839b45 init.sh.in
3ebc5fa2220a8da920ebca67f14c38b0c296eafdbcf312997b442a020d1683bd622a42a946a61b4d80cbecf28853c915480e26ffe59eda57769855303b67bbdf init_functions.sh 6795e225e0576b003ea492a05d83d28092753af7cc4dd6a8b75ae2d2ca3555f951d632c7ee5ee7db3a7b606bb77cc9a035804a81a1f5b4fdad6a7aac5a0ee6b4 init_functions.sh
dd3c86c6ba4f91e20b72f4180049960a58dc01002f69ad9e5d98c752da3b34711c2bbe6e0c7d003eb6a4a8d9e185796aa2fe84c0231a3057b204912c439140f7 mkinitfs.sh dd3c86c6ba4f91e20b72f4180049960a58dc01002f69ad9e5d98c752da3b34711c2bbe6e0c7d003eb6a4a8d9e185796aa2fe84c0231a3057b204912c439140f7 mkinitfs.sh
82f0b9927bfef919c6561d67283a0e77c36ef8f8d11000a6153b52e39731ceaa65b9a34c682e737881dc676cc8bfc97dfbbfdeb2ca03594b8f9beef9e49a754d 10-usb-unlock.sh bea0eae6852f4a401347bbbd6c376ea8cc5bfa4817d2c87170a4f2a916e25f155769eb8e97e16d39bf2eac84e3fdaf6f8c7a0564ec561a96e32407daa1d71e1c 10-usb-unlock.sh
35a8eabad947347afec7e3f5860d31ab9e3534972c0960ccf553c7e1cc9262316bfdddb8d61d3588db1ee2261077597617806080b9956798b3e5088d6f9b596b splash1.ppm.gz 35a8eabad947347afec7e3f5860d31ab9e3534972c0960ccf553c7e1cc9262316bfdddb8d61d3588db1ee2261077597617806080b9956798b3e5088d6f9b596b splash1.ppm.gz
bf11d8b3a50db984cfbb2cafe6687de327242c1f6f56c6fdd02ca579b05213f9c886aa1c0527530fdec21b16e65e68962e40a600c4ce155819df2f610b435087 splash2.ppm.gz" bf11d8b3a50db984cfbb2cafe6687de327242c1f6f56c6fdd02ca579b05213f9c886aa1c0527530fdec21b16e65e68962e40a600c4ce155819df2f610b435087 splash2.ppm.gz"

3
aports/postmarketos-mkinitfs/TODO
View file

@ -1,6 +1,3 @@
- use device labels or uuids inside init to properly detect the right
partition
- support for adding files/modules in hooks (one file per hook): - support for adding files/modules in hooks (one file per hook):
- add build() function - add build() function
- should have add_module and add_file functions - should have add_module and add_file functions

2
aports/postmarketos-mkinitfs/init.sh.in
View file

@ -30,7 +30,7 @@ unlock_root_partition
# switch root # switch root
show_splash /splash2.ppm.gz show_splash /splash2.ppm.gz
killall telnetd mdev 2&> /dev/null killall telnetd mdev 2&> /dev/null
mount -w -t ext4 /dev/mapper/root /sysroot mount -w -t ext4 $(find_root_partition) /sysroot
umount /proc umount /proc
umount /sys umount /sys
umount /dev/pts umount /dev/pts

29
aports/postmarketos-mkinitfs/init_functions.sh
View file

@ -1,6 +1,11 @@
#!/bin/sh #!/bin/sh
# This file will be in /init_functions.sh inside the initramfs. # This file will be in /init_functions.sh inside the initramfs.
log()
{
echo "[$1] $2" >> /tmp/boot.log
}
mount_subpartitions() mount_subpartitions()
{ {
for i in /dev/mmcblk*; do for i in /dev/mmcblk*; do
@ -19,24 +24,35 @@ mount_subpartitions()
find_root_partition() find_root_partition()
{ {
for i in /dev/mapper/* /dev/mmcblk*; do DEVICE=$(blkid | grep "crypto_LUKS" | tail -1 | cut -d ":" -f 1)
cryptsetup isLuks "$i" || continue
echo "$i" if [ -z "$DEVICE" ]; then
break DEVICE=$(blkid | grep "pmOS_root" | tail -1 | cut -d ":" -f 1)
done fi
log "info" "root partition is $DEVICE"
echo $DEVICE
} }
unlock_root_partition() unlock_root_partition()
{ {
log "info" "unlock_root_partition()"
while ! [ -e /dev/mapper/root ]; do while ! [ -e /dev/mapper/root ]; do
partition="$(find_root_partition)" partition="$(find_root_partition)"
if [ -z "$partition" ]; then if [ -z "$partition" ]; then
echo "Could not find cryptsetup partition." echo "Could not find the root partition."
echo "Maybe you need to insert the sdcard, if your device has" echo "Maybe you need to insert the sdcard, if your device has"
echo "any? Trying again in one second..." echo "any? Trying again in one second..."
sleep 1 sleep 1
else else
if $(cryptsetup isLuks "$partition"); then
cryptsetup luksOpen "$partition" root cryptsetup luksOpen "$partition" root
log "info" "decrypted $partition"
else
log "info" "unencrypted $partition"
break
fi
fi fi
done done
} }
@ -44,6 +60,7 @@ unlock_root_partition()
# $1: path to ppm.gz file # $1: path to ppm.gz file
show_splash() show_splash()
{ {
log "info" "show_splash $1"
gzip -c -d "$1" > /tmp/splash.ppm gzip -c -d "$1" > /tmp/splash.ppm
fbsplash -s /tmp/splash.ppm fbsplash -s /tmp/splash.ppm
} }

26
pmb/install/format.py
View file

@ -23,33 +23,39 @@ import pmb.chroot
def format_and_mount_boot(args): def format_and_mount_boot(args):
mountpoint = "/mnt/install/boot" mountpoint = "/mnt/install/boot"
logging.info("(native) format /dev/installp1 (boot, ext2), mount to " + device = "/dev/installp1"
logging.info("(native) format " + device + " (boot, ext2), mount to " +
mountpoint) mountpoint)
pmb.chroot.root(args, ["mkfs.ext2", "-F", "-q", "/dev/installp1"]) pmb.chroot.root(args, ["mkfs.ext2", "-F", "-q", "-L", "pmOS_boot", device])
pmb.chroot.root(args, ["mkdir", "-p", mountpoint]) pmb.chroot.root(args, ["mkdir", "-p", mountpoint])
pmb.chroot.root(args, ["mount", "/dev/installp1", mountpoint]) pmb.chroot.root(args, ["mount", device, mountpoint])
def format_and_mount_root(args): def format_and_mount_root(args):
mountpoint = "/dev/mapper/pm_crypt" mountpoint = "/dev/mapper/pm_crypt"
logging.info("(native) format /dev/installp2 (root, luks), mount to " + device = "/dev/installp2"
if not args.no_fde:
logging.info("(native) format " + device + " (root, luks), mount to " +
mountpoint) mountpoint)
pmb.chroot.root(args, ["cryptsetup", "luksFormat", "--use-urandom", pmb.chroot.root(args, ["cryptsetup", "luksFormat", "--use-urandom",
"--cipher", args.cipher, "-q", "/dev/installp2"], log=False) "--cipher", args.cipher, "-q", device], log=False)
pmb.chroot.root(args, ["cryptsetup", "luksOpen", "/dev/installp2", pmb.chroot.root(args, ["cryptsetup", "luksOpen", device,
"pm_crypt"], log=False) "pm_crypt"], log=False)
if not os.path.exists(args.work + "/chroot_native" + mountpoint): if not os.path.exists(args.work + "/chroot_native" + mountpoint):
raise RuntimeError("Failed to open cryptdevice!") raise RuntimeError("Failed to open cryptdevice!")
def format_and_mount_pm_crypt(args): def format_and_mount_pm_crypt(args):
cryptdevice = "/dev/mapper/pm_crypt" if args.no_fde:
device = "/dev/installp2"
else:
device = "/dev/mapper/pm_crypt"
mountpoint = "/mnt/install" mountpoint = "/mnt/install"
logging.info("(native) format " + cryptdevice + " (ext4), mount to " + logging.info("(native) format " + device + " (ext4), mount to " +
mountpoint) mountpoint)
pmb.chroot.root(args, ["mkfs.ext4", "-F", "-q", cryptdevice]) pmb.chroot.root(args, ["mkfs.ext4", "-F", "-q", "-L", "pmOS_root", device])
pmb.chroot.root(args, ["mkdir", "-p", mountpoint]) pmb.chroot.root(args, ["mkdir", "-p", mountpoint])
pmb.chroot.root(args, ["mount", cryptdevice, mountpoint]) pmb.chroot.root(args, ["mount", device, mountpoint])
def format(args): def format(args):

2
pmb/parse/arguments.py
View file

@ -154,6 +154,8 @@ def arguments():
" encrypt the system partition, eg. aes-xts-plain64") " encrypt the system partition, eg. aes-xts-plain64")
install.add_argument("--add", help="comma separated list of packages to be" install.add_argument("--add", help="comma separated list of packages to be"
" added to the rootfs (e.g. 'vim,gcc')") " added to the rootfs (e.g. 'vim,gcc')")
install.add_argument("--no-fde", help="do not use full disk encryption",
action="store_true")
# Action: build / checksum / menuconfig / parse_apkbuild / aportgen # Action: build / checksum / menuconfig / parse_apkbuild / aportgen
menuconfig = sub.add_parser("menuconfig", help="run menuconfig on" menuconfig = sub.add_parser("menuconfig", help="run menuconfig on"