initial luks support

2020-01-25 14:27:02 +03:00 · 2020-01-25 14:27:02 +03:00 · f340b76e5f
commit f340b76e5f
parent 5bc7f6e047
3 changed files with 71 additions and 38 deletions
--- a/32
+++ b/32
@ -5,14 +5,14 @@
 # parse fstab
 #use_fstab=0

-# root fs
-root="UUID=28305682-0dfe-40a9-bf39-5df42123b749"
+# root fs ( device,partuuid,uuid,label )
+root="UUID=07729c48-25d8-4096-acaf-ce5322915680"

-# root fs type
-#rootfstype=""
+# root type
+#root_type=""

-# root fs mount options
-#rootflags=""
+# root mount options
+#root_args=""

 # drivers
 #drivers=""
@ -24,22 +24,28 @@ root="UUID=28305682-0dfe-40a9-bf39-5df42123b749"
 use_lvm=1

 # LVM include config
-use_lvmconf=0
+#use_lvmconf=0

 # LVM issue_discards
-lvm_discard=0
+lvm_discard=1

 # LUKS support
-#use_luks=0
+use_luks=1

 # parse crypttab
 #use_crypttab=0

-# LUKS header
-#luks_header=/path/to/header
+# LUKS encrypted root ( device,partuuid,uuid,label )
+luks_root="PARTUUID=b04395be-f467-458b-8630-9a429b487600"
+
+# LUKS detached header
+#luks_header="/path/to/header"

 # LUKS keyfile
-#luks_keyfile=/path/to/keyfile
+#luks_keyfile="/path/to/keyfile"

 # LUKS allow_discards
-#luks_discard=0
+luks_discard=1
+
+# LUKS unlock options
+#luks_args=""
--- a/52
+++ b/52
@ -28,7 +28,7 @@ fi
 tmpdir="$(mktemp -d /tmp/initramfs.XXXXXXXX)"
 kernel="$(uname -r)"
 moddir="/lib/modules"
-binaries="./busybox udevd udevadm mount modprobe umount $binaries"
+binaries="./busybox findfs blkid udevd udevadm mount modprobe umount $binaries"

 # structure
 for d in dev var run etc usr/lib usr/bin mnt/root proc root sys; do
@ -49,6 +49,7 @@ done
 # TODO parse fstab | crypttab
 #while [ "$use_fstab" -eq 1 ] && read fs dir type opts; do thing; done < /etc/fstab

+# TODO implement busybox mdev/mdevd
 # install mdev
 #mkdir "$tmpdir/usr/lib/mdev"
 #cp ./mdev/mdev.conf ./mdev/passwd ./mdev/group "$tmpdir/etc"
@ -79,21 +80,39 @@ find "/usr/lib/udev" -type f | grep -v "rc_keymaps\|hwdb.d" | cpio -pd "$tmpdir"
 #nobody:x:99:99::/dev/null:/bin/false
 #EOF

-# TODO implement use_lvmconf
 # handle lvm
 if [ "$use_lvm" = 1 ] && [ -x "$(command -v lvm)" ]; then
    binaries="lvm dmsetup $binaries"
    mkdir "$tmpdir/etc/lvm"
+
+    # avoid lvmetad warning message
    echo "use_lvmetad = 0" >> "$tmpdir/etc/lvm/lvm.conf"
+
    if [ "$lvm_discard" = 1 ]; then
 	echo "issue_discards = 1" >> "$tmpdir/etc/lvm/lvm.conf"
    fi
+    # TODO implement use_lvmconf
 fi

-# TODO handle luks
-#if [ "$use_luks" = 1 ] && [ -x "$(command -v cryptsetup)" ]; then
-#    binaries="cryptsetup $binaries"
-#fi
+# handle luks
+if [ "$use_luks" = 1 ] && [ -x "$(command -v cryptsetup)" ]; then
+    binaries="cryptsetup dmsetup $binaries"
+
+    # avoid locking directory missing warning message
+    mkdir "$tmpdir/run/cryptsetup"
+
+    # TODO get rid of this workaround
+    # workaround for luks2
+    cp "$(readlink -f libgcc_s.so.1)" "$tmpdir/usr/lib"
+    cp -a /usr/lib/libgcc_s.so.1 "$tmpdir/usr/lib"
+
+    if [ "$luks_discard" = 1 ]; then
+	luks_args="--allow-discards $luks_args"
+    fi
+
+    # TODO detached header
+    # TODO keyfile
+fi

 # TODO rewrite drivers installing | handle $drivers config var
 # install drivers
@ -162,17 +181,20 @@ chmod +x "$tmpdir/init"
 # initialize config
 cat <<EOF > "$tmpdir/config"
 root="$root"
-rootfstype="$rootfstype"
-rootflags="$rootflags"
-drivers="$drivers"
-#use_lvm="$use_lvm"
-#lvm_discard="$lvm_discard"
-#use_luks="$use_luks"
-#luks_header="$luks_header"
-#luks_keyfile="$luks_keyfile"
-#luks_discard="$luks_discard"
+root_type="$root_type"
+root_args="$root_args"
+#drivers="$drivers"
+use_lvm="$use_lvm"
+lvm_discard="$lvm_discard"
+use_luks="$use_luks"
+luks_root="$luks_root"
+luks_header="$luks_header"
+luks_keyfile="$luks_keyfile"
+luks_discard="$luks_discard"
+luks_args="$luks_args"
 EOF

+# TODO add another compession tools
 # packing
 if ! ( cd "$tmpdir" && find . | cpio --create --verbose --format=newc | gzip --best ) > "./initramfs-$kernel.img.gz" 2>/dev/null; then
    echo "failed"
--- a/25
+++ b/25
@ -4,7 +4,7 @@
 set -x

 # install busybox
-/usr/bin/busybox --install -s /usr/bin
+/usr/bin/busybox --install

 panic() { echo "bruh moment :(" && sh; }

@ -19,8 +19,9 @@ mount -t proc none /proc
 mount -t sysfs none /sys
 mount -t devtmpfs none /dev

+# TODO implement busybox mdev/mdevd
 # setup mdev
-#echo "/sbin/mdev" >/proc/sys/kernel/hotplug
+#echo /sbin/mdev >/proc/sys/kernel/hotplug
 #mdev -s

 # setup udev
@ -31,23 +32,27 @@ udevadm settle

 # TODO parse /proc/cmdline

+# unlock cryptsetup container
+[ "$use_luks" = 1 ] && {
+    luks_root="$(findfs $luks_root)"
+    # TODO improve mapper name ( crypttab or config option )
+    cryptsetup $luks_args luksOpen "$luks_root" luks_root || panic
+}
+
 # load drivers
 #modprobe -a $drivers

 # merge mount flags
-[ -n "$rootflags" ] && mountargs="$rootflags"
-[ -n "$rootfstype" ] && mountargs="$mountargs -t $rootfstype"
+[ -n "$root_args" ] && mount_args="$root_args"
+[ -n "$root_type" ] && mount_args="$mount_args -t $root_type"

 # mount rootfs
-mount $mountargs "$root" "/mnt/root" || panic
+mount $mount_args "$root" /mnt/root || panic

 # clean up
 udevadm control --exit
-
-umount "/dev"
-umount "/sys"
-umount "/proc"
+umount /dev /sys /proc

 # boot system
 echo SUCCESS
-exec switch_root "/mnt/root" "/sbin/init"
+exec switch_root /mnt/root /sbin/init