From f340b76e5f9ca3b1931d98558cb003e6110d047b Mon Sep 17 00:00:00 2001 From: illiliti Date: Sat, 25 Jan 2020 14:27:02 +0300 Subject: [PATCH] initial luks support --- config | 32 +++++++++++++++++++------------- generate | 52 +++++++++++++++++++++++++++++++++++++--------------- init | 25 +++++++++++++++---------- 3 files changed, 71 insertions(+), 38 deletions(-) diff --git a/config b/config index 8b72fe8..26623fa 100644 --- a/config +++ b/config @@ -5,14 +5,14 @@ # parse fstab #use_fstab=0 -# root fs -root="UUID=28305682-0dfe-40a9-bf39-5df42123b749" +# root fs ( device,partuuid,uuid,label ) +root="UUID=07729c48-25d8-4096-acaf-ce5322915680" -# root fs type -#rootfstype="" +# root type +#root_type="" -# root fs mount options -#rootflags="" +# root mount options +#root_args="" # drivers #drivers="" @@ -24,22 +24,28 @@ root="UUID=28305682-0dfe-40a9-bf39-5df42123b749" use_lvm=1 # LVM include config -use_lvmconf=0 +#use_lvmconf=0 # LVM issue_discards -lvm_discard=0 +lvm_discard=1 # LUKS support -#use_luks=0 +use_luks=1 # parse crypttab #use_crypttab=0 -# LUKS header -#luks_header=/path/to/header +# LUKS encrypted root ( device,partuuid,uuid,label ) +luks_root="PARTUUID=b04395be-f467-458b-8630-9a429b487600" + +# LUKS detached header +#luks_header="/path/to/header" # LUKS keyfile -#luks_keyfile=/path/to/keyfile +#luks_keyfile="/path/to/keyfile" # LUKS allow_discards -#luks_discard=0 +luks_discard=1 + +# LUKS unlock options +#luks_args="" diff --git a/generate b/generate index 83f329e..06acc55 100755 --- a/generate +++ b/generate @@ -28,7 +28,7 @@ fi tmpdir="$(mktemp -d /tmp/initramfs.XXXXXXXX)" kernel="$(uname -r)" moddir="/lib/modules" -binaries="./busybox udevd udevadm mount modprobe umount $binaries" +binaries="./busybox findfs blkid udevd udevadm mount modprobe umount $binaries" # structure for d in dev var run etc usr/lib usr/bin mnt/root proc root sys; do @@ -49,6 +49,7 @@ done # TODO parse fstab | crypttab #while [ "$use_fstab" -eq 1 ] && read fs dir type opts; do thing; done < /etc/fstab +# TODO implement busybox mdev/mdevd # install mdev #mkdir "$tmpdir/usr/lib/mdev" #cp ./mdev/mdev.conf ./mdev/passwd ./mdev/group "$tmpdir/etc" @@ -79,21 +80,39 @@ find "/usr/lib/udev" -type f | grep -v "rc_keymaps\|hwdb.d" | cpio -pd "$tmpdir" #nobody:x:99:99::/dev/null:/bin/false #EOF -# TODO implement use_lvmconf # handle lvm if [ "$use_lvm" = 1 ] && [ -x "$(command -v lvm)" ]; then binaries="lvm dmsetup $binaries" mkdir "$tmpdir/etc/lvm" + + # avoid lvmetad warning message echo "use_lvmetad = 0" >> "$tmpdir/etc/lvm/lvm.conf" + if [ "$lvm_discard" = 1 ]; then echo "issue_discards = 1" >> "$tmpdir/etc/lvm/lvm.conf" fi + # TODO implement use_lvmconf fi -# TODO handle luks -#if [ "$use_luks" = 1 ] && [ -x "$(command -v cryptsetup)" ]; then -# binaries="cryptsetup $binaries" -#fi +# handle luks +if [ "$use_luks" = 1 ] && [ -x "$(command -v cryptsetup)" ]; then + binaries="cryptsetup dmsetup $binaries" + + # avoid locking directory missing warning message + mkdir "$tmpdir/run/cryptsetup" + + # TODO get rid of this workaround + # workaround for luks2 + cp "$(readlink -f libgcc_s.so.1)" "$tmpdir/usr/lib" + cp -a /usr/lib/libgcc_s.so.1 "$tmpdir/usr/lib" + + if [ "$luks_discard" = 1 ]; then + luks_args="--allow-discards $luks_args" + fi + + # TODO detached header + # TODO keyfile +fi # TODO rewrite drivers installing | handle $drivers config var # install drivers @@ -162,17 +181,20 @@ chmod +x "$tmpdir/init" # initialize config cat < "$tmpdir/config" root="$root" -rootfstype="$rootfstype" -rootflags="$rootflags" -drivers="$drivers" -#use_lvm="$use_lvm" -#lvm_discard="$lvm_discard" -#use_luks="$use_luks" -#luks_header="$luks_header" -#luks_keyfile="$luks_keyfile" -#luks_discard="$luks_discard" +root_type="$root_type" +root_args="$root_args" +#drivers="$drivers" +use_lvm="$use_lvm" +lvm_discard="$lvm_discard" +use_luks="$use_luks" +luks_root="$luks_root" +luks_header="$luks_header" +luks_keyfile="$luks_keyfile" +luks_discard="$luks_discard" +luks_args="$luks_args" EOF +# TODO add another compession tools # packing if ! ( cd "$tmpdir" && find . | cpio --create --verbose --format=newc | gzip --best ) > "./initramfs-$kernel.img.gz" 2>/dev/null; then echo "failed" diff --git a/init b/init index 102c663..f622187 100644 --- a/init +++ b/init @@ -4,7 +4,7 @@ set -x # install busybox -/usr/bin/busybox --install -s /usr/bin +/usr/bin/busybox --install panic() { echo "bruh moment :(" && sh; } @@ -19,8 +19,9 @@ mount -t proc none /proc mount -t sysfs none /sys mount -t devtmpfs none /dev +# TODO implement busybox mdev/mdevd # setup mdev -#echo "/sbin/mdev" >/proc/sys/kernel/hotplug +#echo /sbin/mdev >/proc/sys/kernel/hotplug #mdev -s # setup udev @@ -31,23 +32,27 @@ udevadm settle # TODO parse /proc/cmdline +# unlock cryptsetup container +[ "$use_luks" = 1 ] && { + luks_root="$(findfs $luks_root)" + # TODO improve mapper name ( crypttab or config option ) + cryptsetup $luks_args luksOpen "$luks_root" luks_root || panic +} + # load drivers #modprobe -a $drivers # merge mount flags -[ -n "$rootflags" ] && mountargs="$rootflags" -[ -n "$rootfstype" ] && mountargs="$mountargs -t $rootfstype" +[ -n "$root_args" ] && mount_args="$root_args" +[ -n "$root_type" ] && mount_args="$mount_args -t $root_type" # mount rootfs -mount $mountargs "$root" "/mnt/root" || panic +mount $mount_args "$root" /mnt/root || panic # clean up udevadm control --exit - -umount "/dev" -umount "/sys" -umount "/proc" +umount /dev /sys /proc # boot system echo SUCCESS -exec switch_root "/mnt/root" "/sbin/init" +exec switch_root /mnt/root /sbin/init