From f41c17e3d07debf0c6a5f9023115561bf56a6f24 Mon Sep 17 00:00:00 2001 From: Eric Hameleers Date: Mon, 20 Jun 2016 11:10:58 +0200 Subject: Allow persistence and (luks) containers in subdirectories. --- iso2usb.sh | 34 ++++++++++++++++++++++++++++------ liveinit | 10 +++++----- 2 files changed, 33 insertions(+), 11 deletions(-) diff --git a/iso2usb.sh b/iso2usb.sh index acc7839..ad118f9 100644 --- a/iso2usb.sh +++ b/iso2usb.sh @@ -28,7 +28,8 @@ FORCE=0 # By default, we use 'persistence' as the name of the persistence directory, # or 'persistence.img' as the name of the persistence container: -PERSISTENCE="persistence" +DEF_PERSISTENCE="persistence" +PERSISTENCE="${DEF_PERSISTENCE}" # Default persistence type is a directory: PERSISTTYPE="dir" @@ -40,6 +41,7 @@ UNATTENDED=0 VERBOSE=0 # Variables to store content from an initrd we are going to refresh: +OLDPERSISTENCE="" OLDWAIT="" OLDLUKS="" @@ -84,7 +86,7 @@ cleanup() { # In case of failure, only the most recent device should still be open: if mount |grep -q ${CNTDEV} ; then umount -f ${CNTDEV} - cryptsetup luksClose ${CNTBASE} + cryptsetup luksClose $(basename ${CNTBASE}) losetup -d ${LODEV} fi fi @@ -148,6 +150,7 @@ uncompressfs () { read_initrd() { IMGFILE="$1" + OLDPERSISTENCE=$(uncompressfs ${IMGFILE} |cpio -i --to-stdout init |grep "^PERSISTENCE" |cut -d '"' -f2 2>/dev/null) OLDWAIT=$(uncompressfs ${IMGFILE} |cpio -i --to-stdout wait-for-root 2>/dev/null) OLDLUKS=$(uncompressfs ${IMGFILE} |cpio -i --to-stdout luksdev 2>/dev/null) } @@ -182,6 +185,15 @@ update_initrd() { echo "--- Refreshing Slackware initrd..." WAIT="$OLDWAIT" echo "$OLDLUKS" >> luksdev + if [ "${PERSISTENCE}" != "${DEF_PERSISTENCE}" ]; then + # If the user specified a nonstandard persistence, use that: + sed -i -e "s,^PERSISTENCE=.*,PERSISTENCE=\"${PERSISTENCE}\"," init + elif ["${PERSISTENCE}" != "${OLDPERSISTENCE}" ]; then + # The user did not specify persistence, re-use the custome value: + sed -i -e "s,^PERSISTENCE=.*,PERSISTENCE=\"${OLDPERSISTENCE}\"," init + echo "--- Updating 'persistence' from '$PERSISTENCE' to '$OLDPERSISTENCE':" + PERSISTENCE="${OLDPERSISTENCE}" + fi else echo "--- Updating 'waitforroot' time from '$OLDWAIT' to '$WAIT':" fi @@ -253,6 +265,7 @@ create_container() { fi echo "--- Creating ${CNTSIZE} MB container file using 'dd if=/dev/urandom', patience please..." + mkdir -p $USBMNT/$(dirname "${CNTBASE}") CNTFILE="${CNTBASE}.img" # Create a sparse file (not allocating any space yet): dd of=$USBMNT/${CNTFILE} bs=1M count=0 seek=$CNTSIZE @@ -266,8 +279,8 @@ create_container() { cryptsetup -y luksFormat $LODEV # Unlock the LUKS encrypted container: echo "--- Unlocking the LUKS container requires your passphrase again..." - cryptsetup luksOpen $LODEV ${CNTBASE} - CNTDEV=/dev/mapper/${CNTBASE} + cryptsetup luksOpen $LODEV $(basename ${CNTBASE}) + CNTDEV=/dev/mapper/$(basename ${CNTBASE}) # Now we allocate blocks for the LUKS device. We write encrypted zeroes, # so that the file looks randomly filled from the outside. # Take care not to write more bytes than the internal size of the container: @@ -305,7 +318,7 @@ create_container() { # Don't forget to clean up after ourselves: if [ "${CNTENCR}" = "luks" ]; then - cryptsetup luksClose ${CNTBASE} + cryptsetup luksClose $(basename ${CNTBASE}) fi losetup -d ${LODEV} || true @@ -580,11 +593,20 @@ if [ $DOLUKS -eq 1 ]; then LUKSHOME=${CNTFILE} fi -# Update the initrd with longer USB wait time and LUKS /home info: +# Update the initrd with regard to USB wait time, persistence and LUKS. +# If this is a refresh and anything changed to persistence, then the +# variable $PERSISTENCE will have the correct value when exing this call: update_initrd ${USBMNT}/boot/initrd.img if [ $REFRESH -eq 1 ]; then # Determine what we need to do with persistence if this is a refresh. + if [ "${PERSISTENCE}" != "${OLDPERSISTENCE}" ]; then + # The user specified a nonstandard persistence, so move the old one first; + # hide any errors if it did not *yet* exist: + mkdir -p ${USBMNT}/$(dirname ${PERSISTENCE}) + mv ${USBMNT}/${OLDPERSISTENCE}.img ${USBMNT}/${PERSISTENCE}.img 2>/dev/null + mv ${USBMNT}/${OLDPERSISTENCE} ${USBMNT}/${PERSISTENCE} 2>/dev/null + fi if [ -f ${USBMNT}/${PERSISTENCE}.img ]; then # If a persistence container exists, we re-use it: PERSISTTYPE="file" diff --git a/liveinit b/liveinit index 43c8a9c..d42b9ce 100755 --- a/liveinit +++ b/liveinit @@ -691,19 +691,19 @@ if [ "$RESCUE" = "" ]; then mount -o remount,rw /mnt/media # Find a free loop device to mount the persistence container file: prdev=$(find_loop) - prdir=${PERSISTENCE}_$(od -An -N1 -tu1 /dev/urandom |tr -d ' ') + prdir=$(basename ${PERSISTENCE})_$(od -An -N1 -tu1 /dev/urandom |tr -d ' ') mkdir -p /mnt/live/${prdir} losetup $prdev /mnt/media/${PERSISTENCE}.img # Check if the persistence container is LUKS encrypted: if cryptsetup isLuks $prdev 1>/dev/null 2>/dev/null ; then echo "Unlocking LUKS encrypted persistence file '/${PERSISTENCE}.img'" - cryptsetup luksOpen $prdev ${PERSISTENCE} /dev/tty0 2>&1 + cryptsetup luksOpen $prdev $(basename ${PERSISTENCE}) /dev/tty0 2>&1 if [ $? -ne 0 ]; then echo "${MARKER}: Failed to unlock persistence file '/${PERSISTENCE}.img'." echo "${MARKER}: Falling back to RAM." else # LUKS properly unlocked; from now on use the mapper device instead: - prdev=/dev/mapper/${PERSISTENCE} + prdev=/dev/mapper/$(basename ${PERSISTENCE}) fi fi prfs=$(blkid $prdev |rev |cut -d'"' -f2 |rev) @@ -714,10 +714,10 @@ if [ "$RESCUE" = "" ]; then else if [ "$WIPE_PERSISTENCE" = "1" ]; then echo "${MARKER}: Wiping existing persistent data in '/${PERSISTENCE}.img'." - find /mnt/live/${prdir}/${PERSISTENCE}/ -mindepth 1 -exec rm -rf {} \; 2>/dev/null + find /mnt/live/${prdir}/$(basename ${PERSISTENCE})/ -mindepth 1 -exec rm -rf {} \; 2>/dev/null fi echo "${MARKER}: Writing persistent changes to file '/${PERSISTENCE}.img'." - UPPERDIR=/mnt/live/${prdir}/${PERSISTENCE} + UPPERDIR=/mnt/live/${prdir}/$(basename ${PERSISTENCE}) OVLWORK=/mnt/live/${prdir}/.ovlwork fi fi -- cgit v1.2.3 From 6d2d94ad580fe2c6bde855447498851dd00f0910 Mon Sep 17 00:00:00 2001 From: Eric Hameleers Date: Tue, 21 Jun 2016 23:23:24 +0200 Subject: iso2usb.sh: try to fix custom persistence configuration. --- iso2usb.sh | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/iso2usb.sh b/iso2usb.sh index ad118f9..b551623 100644 --- a/iso2usb.sh +++ b/iso2usb.sh @@ -187,17 +187,23 @@ update_initrd() { echo "$OLDLUKS" >> luksdev if [ "${PERSISTENCE}" != "${DEF_PERSISTENCE}" ]; then # If the user specified a nonstandard persistence, use that: + echo "--- Updating persistence from '$OLDPERSISTENCE' to '$PERSISTENCE'" sed -i -e "s,^PERSISTENCE=.*,PERSISTENCE=\"${PERSISTENCE}\"," init elif ["${PERSISTENCE}" != "${OLDPERSISTENCE}" ]; then - # The user did not specify persistence, re-use the custome value: + # The user did not specify persistence, re-use the retrieved value: sed -i -e "s,^PERSISTENCE=.*,PERSISTENCE=\"${OLDPERSISTENCE}\"," init - echo "--- Updating 'persistence' from '$PERSISTENCE' to '$OLDPERSISTENCE':" + echo "--- Updating persistence from '$PERSISTENCE' to '$OLDPERSISTENCE'" PERSISTENCE="${OLDPERSISTENCE}" fi else - echo "--- Updating 'waitforroot' time from '$OLDWAIT' to '$WAIT':" + if [ "${PERSISTENCE}" != "${DEF_PERSISTENCE}" ]; then + # If the user specified a nonstandard persistence, use that: + echo "--- Updating persitence from '$DEF_PERSISTENCE' to '$PERSISTENCE'" + sed -i -e "s,^PERSISTENCE=.*,PERSISTENCE=\"${PERSISTENCE}\"," init + fi fi + echo "--- Updating 'waitforroot' time from '$OLDWAIT' to '$WAIT'" echo ${WAIT} > wait-for-root if [ $DOLUKS -eq 1 -a -n "${LUKSHOME}" ]; then -- cgit v1.2.3 From 582579c6700ed9034b8e17c0d08d935447a661f9 Mon Sep 17 00:00:00 2001 From: Eric Hameleers Date: Thu, 23 Jun 2016 00:50:35 +0200 Subject: liveslak: enhance the boot debug a bit. Some explanation about what the 'debug' boot parameter does: 'debug=1' => enable some strategic pauses during boot while showing 'mount' and 'blkid' output, so you can scroll back and inspect the proceedings (just 'debug' also enables level 1). 'debug=2' => enable verbose script execution in addition to the above pause moments. 'debug=3' => verbose script execution but without the mount/blkid info during the strategically placed pauses. 'debug=4' => dumps you into a debug shell right before the switch_root. No other pauses other debugging aids are offered like with levels 1, 2 or 3. But you can check the health of your Live system before Slackware boots up. --- liveinit | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/liveinit b/liveinit index d42b9ce..cbac798 100755 --- a/liveinit +++ b/liveinit @@ -220,14 +220,18 @@ for ARG in $(cat /proc/cmdline); do esac done +# Verbose boot script execution: [ $DEBUG -ge 2 ] && set -x debugit () { - [ $DEBUG -eq 0 -o $DEBUG -gt 3 ] && return - echo "DEBUG>> -- blkid info -- :" - blkid | while read LINE ; do echo "DEBUG>> $LINE" ; done - echo "DEBUG>> -- mount info -- :" - mount | while read LINE ; do echo "DEBUG>> $LINE" ; done + if [ $DEBUG -eq 0 -o $DEBUG -gt 3 ]; then + return + elif [ $DEBUG -le 2 ]; then + echo "DEBUG>> -- blkid info -- :" + blkid | while read LINE ; do echo "DEBUG>> $LINE" ; done + echo "DEBUG>> -- mount info -- :" + mount | while read LINE ; do echo "DEBUG>> $LINE" ; done + fi echo "DEBUG>> -- Press ENTER to continue -- : " read JUNK return @@ -730,6 +734,8 @@ if [ "$RESCUE" = "" ]; then fi fi + debugit + # Create the writable upper directory, plus the workdir which is required # for overlay to function (the two must be in the same POSIX filesystem): [ ! -d ${UPPERDIR} ] && mkdir -p ${UPPERDIR} -- cgit v1.2.3 From 5d79c7956edb8b318b5c160cfc2f45c9bd081f01 Mon Sep 17 00:00:00 2001 From: Eric Hameleers Date: Thu, 23 Jun 2016 00:55:52 +0200 Subject: iso2usb.sh: fix a typo in a comment. --- iso2usb.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iso2usb.sh b/iso2usb.sh index b551623..11c9605 100644 --- a/iso2usb.sh +++ b/iso2usb.sh @@ -198,7 +198,7 @@ update_initrd() { else if [ "${PERSISTENCE}" != "${DEF_PERSISTENCE}" ]; then # If the user specified a nonstandard persistence, use that: - echo "--- Updating persitence from '$DEF_PERSISTENCE' to '$PERSISTENCE'" + echo "--- Updating persistence from '$DEF_PERSISTENCE' to '$PERSISTENCE'" sed -i -e "s,^PERSISTENCE=.*,PERSISTENCE=\"${PERSISTENCE}\"," init fi fi -- cgit v1.2.3 From 6d2832ebae620952e56fbb8e628ba4f3be64cc2c Mon Sep 17 00:00:00 2001 From: Eric Hameleers Date: Fri, 24 Jun 2016 23:30:02 +0200 Subject: iso2usb.sh: make the name of the '/home' LUKS container configurable. New parameter to the script: -l|--lukshome Custom path to the containerfile for your LUKS encrypted /home (slhome by default). Note: not only (just as with the persistence container) can you choose a custom name for the the LUKS container file but you can also create it in a subdirectory instead of in the filesystem root now. --- iso2usb.sh | 62 ++++++++++++++++++++++++++++++++++++++++++++------------------ 1 file changed, 44 insertions(+), 18 deletions(-) diff --git a/iso2usb.sh b/iso2usb.sh index 11c9605..e0aa770 100644 --- a/iso2usb.sh +++ b/iso2usb.sh @@ -26,6 +26,10 @@ set -e # Set to '1' if you want to ignore all warnings: FORCE=0 +# By default, we use 'slhome.img' as the name of the LUKS home containerfile. +DEF_SLHOME="slhome" +SLHOME="${DEF_SLHOME}" + # By default, we use 'persistence' as the name of the persistence directory, # or 'persistence.img' as the name of the persistence container: DEF_PERSISTENCE="persistence" @@ -66,6 +70,7 @@ IMGDIR="" ISOMNT="" CNTMNT="" USBMNT="" +US2MNT="" # Compressor used on the initrd ("gzip" or "xz --check=crc32"); # Note that the kernel's XZ decompressor does not understand CRC64: @@ -93,6 +98,7 @@ cleanup() { [ -n "${ISOMNT}" ] && ( /sbin/umount -f ${ISOMNT} 2>/dev/null; rmdir $ISOMNT ) [ -n "${CNTMNT}" ] && ( /sbin/umount -f ${CNTMNT} 2>/dev/null; rmdir $CNTMNT ) [ -n "${USBMNT}" ] && ( /sbin/umount -f ${USBMNT} 2>/dev/null; rmdir $USBMNT ) + [ -n "${US2MNT}" ] && ( /sbin/umount -f ${US2MNT} 2>/dev/null; rmdir $US2MNT ) [ -n "${IMGDIR}" ] && ( rm -rf $IMGDIR ) set -e } @@ -116,8 +122,11 @@ cat < Full path to the ISO image file. +# -l|--lukshome Custom path to the containerfile for your LUKS +# encrypted /home ($SLHOME by default). # -o|--outdev The device name of your USB drive. -# -p|--persistence Custom name of the 'persistence' directory. +# -p|--persistence Custom path to the 'persistence' directory +# or containerfile ($PERSISTENCE by default). # -r|--refresh Refresh the USB stick with the ISO content. # No formatting, do not touch user content. # -u|--unattended Do not ask any questions. @@ -184,15 +193,19 @@ update_initrd() { if [ $REFRESH -eq 1 ]; then echo "--- Refreshing Slackware initrd..." WAIT="$OLDWAIT" + if [ -n "$OLDLUKS" ]; then + echo "--- Detected LUKS container configuration:" + echo "$OLDLUKS" | sed 's/^/ /' + fi echo "$OLDLUKS" >> luksdev if [ "${PERSISTENCE}" != "${DEF_PERSISTENCE}" ]; then # If the user specified a nonstandard persistence, use that: echo "--- Updating persistence from '$OLDPERSISTENCE' to '$PERSISTENCE'" sed -i -e "s,^PERSISTENCE=.*,PERSISTENCE=\"${PERSISTENCE}\"," init - elif ["${PERSISTENCE}" != "${OLDPERSISTENCE}" ]; then + elif [ "${PERSISTENCE}" != "${OLDPERSISTENCE}" ]; then # The user did not specify persistence, re-use the retrieved value: sed -i -e "s,^PERSISTENCE=.*,PERSISTENCE=\"${OLDPERSISTENCE}\"," init - echo "--- Updating persistence from '$PERSISTENCE' to '$OLDPERSISTENCE'" + echo "--- Re-use previous '$OLDPERSISTENCE' for persistence" PERSISTENCE="${OLDPERSISTENCE}" fi else @@ -358,6 +371,10 @@ while [ ! -z "$1" ]; do SLISO="$(cd $(dirname $2); pwd)/$(basename $2)" shift 2 ;; + -l|--lukshome) + SLHOME="$2" + shift 2 + ;; -o|--outdev) TARGET="$2" shift 2 @@ -527,7 +544,7 @@ if [ ! -d $ISOMNT ]; then else chmod 711 $ISOMNT fi -# USB mount: +# USB mounts: USBMNT=$(mktemp -d -p /mnt -t alienusb.XXXXXX) if [ ! -d $USBMNT ]; then echo "*** Failed to create a temporary mount point for the USB device!" @@ -536,6 +553,14 @@ if [ ! -d $USBMNT ]; then else chmod 711 $USBMNT fi +US2MNT=$(mktemp -d -p /mnt -t alienus2.XXXXXX) +if [ ! -d $US2MNT ]; then + echo "*** Failed to create a temporary mount point for the USB device!" + cleanup + exit 1 +else + chmod 711 $US2MNT +fi # Mount the Linux partition: /sbin/mount -t auto ${TARGET}3 ${USBMNT} @@ -595,13 +620,15 @@ fi if [ $DOLUKS -eq 1 ]; then # Create LUKS container file: - create_container ${TARGET}3 ${HLUKSSIZE} slhome luks /home + create_container ${TARGET}3 ${HLUKSSIZE} ${SLHOME} luks /home LUKSHOME=${CNTFILE} fi # Update the initrd with regard to USB wait time, persistence and LUKS. # If this is a refresh and anything changed to persistence, then the -# variable $PERSISTENCE will have the correct value when exing this call: +# variable $PERSISTENCE will have the correct value when exing this function: +# If you want to move your LUKS home containerfile you'll have to do that +# manually - not a supported option for now. update_initrd ${USBMNT}/boot/initrd.img if [ $REFRESH -eq 1 ]; then @@ -657,35 +684,34 @@ mv ${USBMNT}/boot/extlinux/isolinux.cfg ${USBMNT}/boot/extlinux/extlinux.conf rm -f ${USBMNT}/boot/extlinux/isolinux.* /sbin/extlinux --install ${USBMNT}/boot/extlinux -# No longer needed: -if /sbin/mount |grep -qw ${USBMNT} ; then /sbin/umount ${USBMNT} ; fi - if [ $EFIBOOT -eq 1 ]; then # Mount the EFI partition and copy /EFI as well as /boot directories into it: - /sbin/mount -t vfat -o shortname=mixed ${TARGET}2 ${USBMNT} - mkdir -p ${USBMNT}/EFI/BOOT - rsync -rlptD ${ISOMNT}/EFI/BOOT/* ${USBMNT}/EFI/BOOT/ + /sbin/mount -t vfat -o shortname=mixed ${TARGET}2 ${US2MNT} + mkdir -p ${US2MNT}/EFI/BOOT + rsync -rlptD ${ISOMNT}/EFI/BOOT/* ${US2MNT}/EFI/BOOT/ mkdir -p ${USBMNT}/boot echo "--- Copying EFI boot files from ISO to USB." if [ $VERBOSE -eq 1 ]; then - rsync -rlptD -v ${ISOMNT}/boot/* ${USBMNT}/boot/ + rsync -rlptD -v ${ISOMNT}/boot/* ${US2MNT}/boot/ else - rsync -rlptD ${ISOMNT}/boot/* ${USBMNT}/boot/ + rsync -rlptD ${ISOMNT}/boot/* ${US2MNT}/boot/ fi if [ $REFRESH -eq 1 ]; then # Clean out old Live system data: echo "--- Cleaning out old Live system data." rsync -rlptD --delete \ - ${ISOMNT}/EFI/BOOT/ ${USBMNT}/EFI/BOOT/ + ${ISOMNT}/EFI/BOOT/ ${US2MNT}/EFI/BOOT/ rsync -rlptD --delete \ - ${ISOMNT}/boot/ ${USBMNT}/boot/ + ${ISOMNT}/boot/ ${US2MNT}/boot/ fi - # Update the initrd with longer USB wait time and LUKS container info: - update_initrd ${USBMNT}/boot/initrd.img + # Copy the modified initrd over from the Linux partition: + cat ${USBMNT}/boot/initrd.img > ${US2MNT}/boot/initrd.img + sync fi # No longer needed: if /sbin/mount |grep -qw ${USBMNT} ; then /sbin/umount ${USBMNT} ; fi +if /sbin/mount |grep -qw ${US2MNT} ; then /sbin/umount ${US2MNT} ; fi # Unmount/remove stuff: cleanup -- cgit v1.2.3