Detect encrypted volumes using blkid instead of another partition

This commit is contained in:
tslil clingman 2019-10-12 18:39:17 -04:00
parent 677742a76b
commit c57507aff4
6 changed files with 15 additions and 47 deletions

View File

@ -21,8 +21,7 @@ echo In PrawnOS Init
#add this to start shell at desired point #add this to start shell at desired point
rescue_shell() { rescue_shell() {
[ "{$1}" != "debug" ] && echo "Something went wrong. Dropping to a shell." > /dev/tty1 echo "Something went wrong. Dropping to a shell." > /dev/tty1
[ "{$1}" == "debug" ] && echo "Debug flag detected, entering debug shell" > /dev/tty1
exec setsid /bin/sh -c 'exec /bin/sh </dev/tty1 >/dev/tty1 2>&1' exec setsid /bin/sh -c 'exec /bin/sh </dev/tty1 >/dev/tty1 2>&1'
} }
@ -44,7 +43,7 @@ rootpartuuid() {
[ "${value}" != "" ] && echo "${value}" [ "${value}" != "" ] && echo "${value}"
} }
# mount the bare necesities # mount the bare necesities
mount -n -t proc proc /proc mount -n -t proc proc /proc
mount -n -t sysfs sysfs /sys mount -n -t sysfs sysfs /sys
mount -n -t devtmpfs devtmpfs /dev mount -n -t devtmpfs devtmpfs /dev
@ -65,28 +64,20 @@ echo ${ROOT_DEV} > /dev/tty1
# the next boot stage # the next boot stage
CMDLINE='cat /proc/cmdline' CMDLINE='cat /proc/cmdline'
[ -d "/boot" ] || mkdir -p /boot if [ -n "$(blkid ${ROOT_DEV}2 | grep crypto_LUKS)" ]
mount ${ROOT_DEV}2 /boot
#Debugging can be facilitated by creating /boot/debug
[ -f "/boot/debug" ] && rescue_shell debug
if [ -f "/boot/root_encryption" ]
then then
#decrypt and mount the root filesystem #decrypt and mount the root filesystem
echo "Opening encrypted root partition, this will take 30s..." echo "Opening encrypted root partition, this will take 30s..."
cryptsetup --tries 5 luksOpen ${ROOT_DEV}3 luksroot || rescue_shell debug cryptsetup --tries 5 luksOpen ${ROOT_DEV}2 luksroot || rescue_shell
mount /dev/mapper/luksroot /newroot mount /dev/mapper/luksroot /newroot
else else
# mount the unencrypted root filesystem # mount the unencrypted root filesystem
[ -d "/newroot" ] || mkdir -p /newroot [ -d "/newroot" ] || mkdir -p /newroot
mount ${ROOT_DEV}3 /newroot mount ${ROOT_DEV}2 /newroot
fi fi
umount /sys umount /sys
umount /proc umount /proc
#swith to the new rootfs #swith to the new rootfs
exec switch_root /newroot /sbin/init ${CMDLINE} exec switch_root /newroot /sbin/init ${CMDLINE}

View File

@ -6,5 +6,4 @@ first-lba: 34
last-lba: 30785502 last-lba: 30785502
/dev/mmcblk2p1 : start= 20480, size= 65536, type=FE3A2A5D-4F32-41A7-B725-ACCC3285A309, uuid=89B31CDB-1147-5241-8271-C1ADBB9BBB44, name="Kernel", attrs="GUID:49,51,52,54,56" /dev/mmcblk2p1 : start= 20480, size= 65536, type=FE3A2A5D-4F32-41A7-B725-ACCC3285A309, uuid=89B31CDB-1147-5241-8271-C1ADBB9BBB44, name="Kernel", attrs="GUID:49,51,52,54,56"
/dev/mmcblk2p2 : start= 86016, size= 976562, name="Boot" /dev/mmcblk2p2 : start= 86016, size= 30699486, type=EBD0A0A2-B9E5-4433-87C0-68B6B72699C7, uuid=63DB8E49-63C4-984E-90A0-8AC3222C4771, name="Root"
/dev/mmcblk2p3 : start= 1062578, size= 29722924, type=EBD0A0A2-B9E5-4433-87C0-68B6B72699C7, uuid=63DB8E49-63C4-984E-90A0-8AC3222C4771, name="Root"

View File

@ -1,4 +1,3 @@
label: gpt label: gpt
label-id: EBA5A923-2F33-7C4E-AC9A-1555FD600D19 label-id: EBA5A923-2F33-7C4E-AC9A-1555FD600D19
device: /dev/mmcblk2 device: /dev/mmcblk2
@ -7,5 +6,4 @@ first-lba: 34
last-lba: 30777310 last-lba: 30777310
/dev/mmcblk2p1 : start= 20480, size= 65536, type=FE3A2A5D-4F32-41A7-B725-ACCC3285A309, uuid=89B31CDB-1147-5241-8271-C1ADBB9BBB44, name="Kernel", attrs="GUID:49,51,52,54,56" /dev/mmcblk2p1 : start= 20480, size= 65536, type=FE3A2A5D-4F32-41A7-B725-ACCC3285A309, uuid=89B31CDB-1147-5241-8271-C1ADBB9BBB44, name="Kernel", attrs="GUID:49,51,52,54,56"
/dev/mmcblk2p2 : start= 86016, size= 976562, name="Boot" /dev/mmcblk2p3 : start= 86016, size= 30699486, type=EBD0A0A2-B9E5-4433-87C0-68B6B72699C7, uuid=63DB8E49-63C4-984E-90A0-8AC3222C4771, name="Root"
/dev/mmcblk2p3 : start= 1062578, size= 29714732, type=EBD0A0A2-B9E5-4433-87C0-68B6B72699C7, uuid=63DB8E49-63C4-984E-90A0-8AC3222C4771, name="Root"

View File

@ -36,7 +36,6 @@ then
dmesg -D dmesg -D
umount /dev/mmcblk2p1 || /bin/true umount /dev/mmcblk2p1 || /bin/true
umount /dev/mmcblk2p2 || /bin/true umount /dev/mmcblk2p2 || /bin/true
umount /dev/mmcblk2p3 || /bin/true
echo Writing partition map echo Writing partition map
DISK_SZ="$(blockdev --getsz /dev/mmcblk2)" DISK_SZ="$(blockdev --getsz /dev/mmcblk2)"
@ -73,15 +72,9 @@ then
dd if=/dev/zero of=/dev/mmcblk2p1 bs=512 count=65536 dd if=/dev/zero of=/dev/mmcblk2p1 bs=512 count=65536
dd if="$BOOT_DEVICE"1 of=/dev/mmcblk2p1 dd if="$BOOT_DEVICE"1 of=/dev/mmcblk2p1
BOOT_DEV_NAME=mmcblk2p2 ROOT_DEV_NAME=mmcblk2p2
ROOT_DEV_NAME=mmcblk2p3
CRYPTO=false CRYPTO=false
#ready /boot
mkfs.ext4 -F -b 1024 /dev/$BOOT_DEV_NAME
mkdir -p /mnt/boot
mount /dev/$BOOT_DEV_NAME /mnt/boot
#Handle full disk encryption #Handle full disk encryption
echo "Would you like to setup full disk encrytion using LUKs/DmCrypt?" echo "Would you like to setup full disk encrytion using LUKs/DmCrypt?"
select yn in "Yes" "No" select yn in "Yes" "No"
@ -96,8 +89,6 @@ then
echo "Now unlock the newly created encrypted root partition so we can mount it and install the filesystem" echo "Now unlock the newly created encrypted root partition so we can mount it and install the filesystem"
cryptsetup luksOpen /dev/$ROOT_DEV_NAME luksroot || exit 1 cryptsetup luksOpen /dev/$ROOT_DEV_NAME luksroot || exit 1
ROOT_DEV_NAME=mapper/luksroot ROOT_DEV_NAME=mapper/luksroot
#set the root encryption flag
touch /mnt/boot/root_encryption
break break
;; ;;
No,*|*,No ) No,*|*,No )
@ -120,7 +111,7 @@ then
then then
echo "/dev/mapper/luksroot / ext4 defaults,noatime 0 1" > /mnt/mmc/etc/fstab echo "/dev/mapper/luksroot / ext4 defaults,noatime 0 1" > /mnt/mmc/etc/fstab
else else
echo "/dev/mmcblk2p3 / ext4 defaults,noatime 0 1" > /mnt/mmc/etc/fstab echo "/dev/mmcblk2p2 / ext4 defaults,noatime 0 1" > /mnt/mmc/etc/fstab
fi fi
umount /dev/$ROOT_DEV_NAME umount /dev/$ROOT_DEV_NAME
echo Running fsck echo Running fsck

View File

@ -43,7 +43,7 @@ install_resources=resources/InstallResources
build_resources=resources/BuildResources build_resources=resources/BuildResources
#A hacky way to ensure the loops are properly unmounted and the temp files are properly deleted. #A hacky way to ensure the loops are properly unmounted and the temp files are properly deleted.
#Without this, a reboot is sometimes required to properly clean the loop devices and ensure a clean build #Without this, a reboot is sometimes required to properly clean the loop devices and ensure a clean build
cleanup() { cleanup() {
set +e set +e
@ -67,27 +67,18 @@ create_image() {
cgpt create $1 cgpt create $1
kernel_start=8192 kernel_start=8192
kernel_size=65536 kernel_size=65536
boot_size=409600 # 200 MB
cgpt add -i 1 -t kernel -b $kernel_start -s $kernel_size -l Kernel -S 1 -T 5 -P 10 $1 cgpt add -i 1 -t kernel -b $kernel_start -s $kernel_size -l Kernel -S 1 -T 5 -P 10 $1
#create the initramfs partiton, aka /boot
boot_start=$(($kernel_start + $kernel_size))
cgpt add -i 2 -t data -b $boot_start -s $boot_size -l Boot $1
#Now the main filesystem #Now the main filesystem
root_start=$(($boot_start + $boot_size)) root_start=$(($kernel_start + $kernel_size))
end=`cgpt show $1 | grep 'Sec GPT table' | awk '{print $1}'` end=`cgpt show $1 | grep 'Sec GPT table' | awk '{print $1}'`
root_size=$(($end - $root_start)) root_size=$(($end - $root_start))
cgpt add -i 3 -t data -b $root_start -s $root_size -l Root $1 cgpt add -i 3 -t data -b $root_start -s $root_size -l Root $1
# $size is in 512 byte blocks while ext4 uses a block size of 1024 bytes # $size is in 512 byte blocks while ext4 uses a block size of 1024 bytes
losetup -P $2 $1 losetup -P $2 $1
mkfs.ext4 -F -b 1024 -m 0 ${2}p2 $(($boot_size / 2)) mkfs.ext4 -F -b 1024 -m 0 ${2}p2 $(($root_size / 2))
mkfs.ext4 -F -b 1024 -m 0 ${2}p3 $(($root_size / 2))
# mount the / partition # mount the / partition
mount -o noatime ${2}p3 $5 mount -o noatime ${2}p2 $5
# mount the /boot partiton
mkdir -p $5/boot
mount -o noatime ${2}p2 $5/boot
} }
# use buster if no suite is specified # use buster if no suite is specified

View File

@ -33,7 +33,7 @@ outdev=/dev/loop7
build_resources=resources/BuildResources build_resources=resources/BuildResources
#A hacky way to ensure the loops are properly unmounted and the temp files are properly deleted. #A hacky way to ensure the loops are properly unmounted and the temp files are properly deleted.
#Without this, a reboot is sometimes required to properly clean the loop devices and ensure a clean build #Without this, a reboot is sometimes required to properly clean the loop devices and ensure a clean build
cleanup() { cleanup() {
set +e set +e
@ -54,9 +54,7 @@ trap cleanup INT TERM EXIT
losetup -P $outdev $2 losetup -P $outdev $2
#mount the root filesystem #mount the root filesystem
mount -o noatime ${outdev}p3 $outmnt mount -o noatime ${outdev}p2 $outmnt
#mount the initramfs partition
# mount -o noatime ${outdev}p2 $outmnt/boot
# put the kernel in the kernel partition, modules in /lib/modules and AR9271 # put the kernel in the kernel partition, modules in /lib/modules and AR9271
# firmware in /lib/firmware # firmware in /lib/firmware