131 lines
2.4 KiB
Bash
Executable File
131 lines
2.4 KiB
Bash
Executable File
#!/bin/sh
|
|
|
|
. ../lib/common.sh
|
|
|
|
cleanup()
|
|
{
|
|
umount "${tmpdir}/root" || :
|
|
cryptsetup close "$name" || :
|
|
qemu-nbd -d "$nbd" || :
|
|
rm -rf "$tmpdir"
|
|
}
|
|
|
|
command -v cryptsetup > /dev/null || exit 222
|
|
|
|
set -ef
|
|
trap cleanup EXIT INT
|
|
|
|
nbd=${NBD:-/dev/nbd2}
|
|
devmgr=${DEVMGR:-proc}
|
|
arch=${ARCH:-$(uname -m)}
|
|
kernel=${KERNEL:-$(uname -r)}
|
|
vmlinuz=${VMLINUZ:-"/boot/vmlinuz-${kernel}"}
|
|
|
|
mkdir -p "${tmpdir:=${TMPDIR:-/tmp}/${0##*/}.$$}"
|
|
|
|
name="luks$$"
|
|
root="${tmpdir}/root"
|
|
config="${tmpdir}/config"
|
|
image="${tmpdir}/root.qcow2"
|
|
initrd="${tmpdir}/initramfs-$(uname -r)"
|
|
|
|
qemu-img create -f qcow2 "$image" 1G
|
|
qemu-nbd -c "$nbd" "$image"
|
|
|
|
sleep 1
|
|
|
|
# o: Create MBR table.
|
|
# n: Add new partition to table.
|
|
# p: Primary partition.
|
|
# 1: Partition number.
|
|
# newline: Use default value for first sector.
|
|
# newline: Use default value for last sector.
|
|
# w: Write changes and re-read partition table.
|
|
fdisk "$nbd" << EOF
|
|
o
|
|
n
|
|
p
|
|
1
|
|
|
|
|
|
w
|
|
EOF
|
|
|
|
dd bs=512 count=1 if=/dev/urandom of="${tmpdir}/key"
|
|
|
|
cryptsetup -qd "${tmpdir}/key" --pbkdf=pbkdf2 luksFormat "${nbd}p1"
|
|
cryptsetup -d "${tmpdir}/key" open "${nbd}p1" "$name"
|
|
|
|
cat > "$config" << EOF
|
|
hooks=$devmgr,luks
|
|
root=LABEL=root
|
|
luks_root=UUID=$(cryptsetup luksUUID "${nbd}p1")
|
|
luks_key=${tmpdir}/key
|
|
EOF
|
|
|
|
mkdir -p "$root"
|
|
|
|
mkfs.ext4 -L root "/dev/mapper/${name}"
|
|
mount "/dev/mapper/${name}" "$root"
|
|
|
|
(
|
|
tmpdir=$root; cd "$tmpdir"
|
|
|
|
mkdir -p \
|
|
dev sys tmp run proc \
|
|
root usr/lib usr/bin
|
|
|
|
ln -s usr/lib lib
|
|
ln -s usr/bin bin
|
|
ln -s usr/bin sbin
|
|
ln -s bin usr/sbin
|
|
|
|
copy_exec sh
|
|
copy_exec e2label
|
|
|
|
cat > sbin/init << EOF
|
|
#!/bin/sh
|
|
exec e2label /dev/disk/by-label/root success
|
|
EOF
|
|
|
|
chmod +x sbin/init
|
|
)
|
|
|
|
umount "$root"
|
|
cryptsetup close "$name"
|
|
qemu-nbd -d "$nbd"
|
|
|
|
(cd .. && ./tinyramfs -lk "$kernel" -c "$config" "$initrd")
|
|
|
|
set -- \
|
|
-no-reboot \
|
|
-initrd "$initrd" \
|
|
-kernel "$vmlinuz" \
|
|
-device virtio-scsi \
|
|
-drive file="$image",if=virtio
|
|
|
|
if [ -c /dev/kvm ]; then
|
|
set -- -enable-kvm -cpu host "$@"
|
|
fi
|
|
|
|
if [ "$DEBUG" ]; then
|
|
set -- -append 'panic=-1 rdpanic debug rddebug console=ttyS0' -nographic "$@"
|
|
else
|
|
set -- -append 'panic=-1 rdpanic' -display none "$@"
|
|
fi
|
|
|
|
"qemu-system-${arch}" "$@"
|
|
|
|
qemu-nbd -c "$nbd" "$image"
|
|
|
|
sleep 1
|
|
|
|
# Re-read partition table.
|
|
fdisk "$nbd" << EOF
|
|
w
|
|
EOF
|
|
|
|
cryptsetup -d "${tmpdir}/key" open "${nbd}p1" "$name"
|
|
|
|
[ "$(e2label "/dev/mapper/${name}")" = success ]
|