mirrors/armbian_build
1
0
Fork 0
mirror of https://github.com/armbian/build.git synced 2025-08-13 22:56:57 +02:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

Cleaned up LUKS support from #948

Browse Source
This commit is contained in:
zador-blood-stained 2018-05-28 19:25:46 +03:00
parent 0ca85e92e4
commit 08743d36b6
6 changed files with 69 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
lib/build-all.sh
View File

@ -207,9 +207,10 @@ for line in "${buildlist[@]}"; do
CPUMIN CPUMAX UBOOT_VER KERNEL_VER GOVERNOR BOOTSIZE BOOTFS_TYPE UBOOT_TOOLCHAIN KERNEL_TOOLCHAIN PACKAGE_LIST_EXCLUDE KERNEL_IMAGE_TYPE \ CPUMIN CPUMAX UBOOT_VER KERNEL_VER GOVERNOR BOOTSIZE BOOTFS_TYPE UBOOT_TOOLCHAIN KERNEL_TOOLCHAIN PACKAGE_LIST_EXCLUDE KERNEL_IMAGE_TYPE \
write_uboot_platform family_tweaks family_tweaks_bsp setup_write_uboot_platform uboot_custom_postprocess atf_custom_postprocess family_tweaks_s \ write_uboot_platform family_tweaks family_tweaks_bsp setup_write_uboot_platform uboot_custom_postprocess atf_custom_postprocess family_tweaks_s \
BOOTSCRIPT UBOOT_TARGET_MAP LOCALVERSION UBOOT_COMPILER KERNEL_COMPILER BOOTCONFIG BOOTCONFIG_VAR_NAME BOOTCONFIG_DEFAULT BOOTCONFIG_NEXT BOOTCONFIG_DEV \ BOOTSCRIPT UBOOT_TARGET_MAP LOCALVERSION UBOOT_COMPILER KERNEL_COMPILER BOOTCONFIG BOOTCONFIG_VAR_NAME BOOTCONFIG_DEFAULT BOOTCONFIG_NEXT BOOTCONFIG_DEV \
MODULES MODULES_NEXT MODULES_DEV INITRD_ARCH BOOTENV_FILE BOOTDELAY MODULES_BLACKLIST MODULES_BLACKLIST_NEXT \ MODULES MODULES_NEXT MODULES_DEV INITRD_ARCH BOOTENV_FILE BOOTDELAY MODULES_BLACKLIST MODULES_BLACKLIST_NEXT CRYPTROOT_ENABLE \
MODULES_BLACKLIST_DEV MOUNT SDCARD BOOTPATCHDIR KERNELPATCHDIR buildtext RELEASE IMAGE_TYPE OVERLAY_PREFIX ASOUND_STATE \ MODULES_BLACKLIST_DEV MOUNT SDCARD BOOTPATCHDIR KERNELPATCHDIR buildtext RELEASE IMAGE_TYPE OVERLAY_PREFIX ASOUND_STATE CRYPTROOT_PASSPHRASE \
ATF_COMPILER ATF_USE_GCC ATFSOURCE ATFDIR ATFBRANCH ATFSOURCEDIR PACKAGE_LIST_RM NM_IGNORE_DEVICES DISPLAY_MANAGER family_tweaks_bsp_s ATF_COMPILER ATF_USE_GCC ATFSOURCE ATFDIR ATFBRANCH ATFSOURCEDIR PACKAGE_LIST_RM NM_IGNORE_DEVICES DISPLAY_MANAGER family_tweaks_bsp_s ROOT_MAPPER
read BOARD BRANCH RELEASE BUILD_DESKTOP <<< $line read BOARD BRANCH RELEASE BUILD_DESKTOP <<< $line
n=$[$n+1] n=$[$n+1]

13
lib/configuration.sh
View File

@ -23,6 +23,9 @@ CHROOT_CACHE_VERSION=6
[[ -z $DISPLAY_MANAGER ]] && DISPLAY_MANAGER=nodm [[ -z $DISPLAY_MANAGER ]] && DISPLAY_MANAGER=nodm
ROOTFS_CACHE_MAX=16 # max number of rootfs cache, older ones will be cleaned up ROOTFS_CACHE_MAX=16 # max number of rootfs cache, older ones will be cleaned up
# TODO: fixed name can't be used for parallel image building
ROOT_MAPPER="armbian-root"
[[ -z $ROOTFS_TYPE ]] && ROOTFS_TYPE=ext4 # default rootfs type is ext4 [[ -z $ROOTFS_TYPE ]] && ROOTFS_TYPE=ext4 # default rootfs type is ext4
[[ "ext4 f2fs btrfs nfs fel" != *$ROOTFS_TYPE* ]] && exit_with_error "Unknown rootfs type" "$ROOTFS_TYPE" [[ "ext4 f2fs btrfs nfs fel" != *$ROOTFS_TYPE* ]] && exit_with_error "Unknown rootfs type" "$ROOTFS_TYPE"
@ -31,6 +34,11 @@ ROOTFS_CACHE_MAX=16 # max number of rootfs cache, older ones will be cleaned up
# echo $(( $(blockdev --getsize64 /dev/sdX) / 1024 / 1024 )) # echo $(( $(blockdev --getsize64 /dev/sdX) / 1024 / 1024 ))
[[ "f2fs" == *$ROOTFS_TYPE* && -z $FIXED_IMAGE_SIZE ]] && exit_with_error "Please define FIXED_IMAGE_SIZE" [[ "f2fs" == *$ROOTFS_TYPE* && -z $FIXED_IMAGE_SIZE ]] && exit_with_error "Please define FIXED_IMAGE_SIZE"
# a passphrase is mandatory if rootfs encryption is enabled
if [[ $CRYPTROOT_ENABLE == yes && -z $CRYPTROOT_PASSPHRASE ]]; then
exit_with_error "Root encryption is enabled but CRYPTROOT_PASSPHRASE is not set"
fi
# small SD card with kernel, boot script and .dtb/.bin files # small SD card with kernel, boot script and .dtb/.bin files
[[ $ROOTFS_TYPE == nfs ]] && FIXED_IMAGE_SIZE=64 [[ $ROOTFS_TYPE == nfs ]] && FIXED_IMAGE_SIZE=64
@ -55,6 +63,7 @@ ARCH=armhf
KERNEL_IMAGE_TYPE=zImage KERNEL_IMAGE_TYPE=zImage
SERIALCON=ttyS0 SERIALCON=ttyS0
CAN_BUILD_STRETCH=yes CAN_BUILD_STRETCH=yes
CRYPTROOT_SSH_PORT=2022
# single ext4 partition is the default and preferred configuration # single ext4 partition is the default and preferred configuration
#BOOTFS_TYPE='' #BOOTFS_TYPE=''
@ -139,6 +148,10 @@ PACKAGE_LIST_DESKTOP="xserver-xorg xserver-xorg-video-fbdev gvfs-backends gvfs-f
PACKAGE_LIST_DESKTOP_RECOMMENDS="mirage galculator hexchat xfce4-screenshooter network-manager-openvpn-gnome mpv fbi cups-pk-helper \ PACKAGE_LIST_DESKTOP_RECOMMENDS="mirage galculator hexchat xfce4-screenshooter network-manager-openvpn-gnome mpv fbi cups-pk-helper \
cups geany atril xarchiver leafpad" cups geany atril xarchiver leafpad"
# rootfs encryption related packages
if [[ $CRYPTROOT_ENABLE == yes ]]; then
PACKAGE_LIST="$PACKAGE_LIST cryptsetup dropbear-initramfs"
fi
case $DISPLAY_MANAGER in case $DISPLAY_MANAGER in
nodm) nodm)

42
lib/debootstrap-ng.sh
View File

@ -312,6 +312,12 @@ prepare_partitions()
local bootfs=ext4 local bootfs=ext4
local bootpart=1 local bootpart=1
[[ -z $BOOTSIZE || $BOOTSIZE -le 8 ]] && BOOTSIZE=64 # MiB, For cleanup processing only [[ -z $BOOTSIZE || $BOOTSIZE -le 8 ]] && BOOTSIZE=64 # MiB, For cleanup processing only
elif [[ $CRYPTROOT_ENABLE == yes ]]; then
# 2 partition setup for encrypted /root and non-encrypted /boot
local bootfs=ext4
local bootpart=1
local rootpart=2
[[ -z $BOOTSIZE || $BOOTSIZE -le 8 ]] && BOOTSIZE=64 # MiB
else else
# single partition ext4 root # single partition ext4 root
local rootpart=1 local rootpart=1
@ -395,13 +401,29 @@ prepare_partitions()
rm -f $SDCARD/etc/fstab rm -f $SDCARD/etc/fstab
if [[ -n $rootpart ]]; then if [[ -n $rootpart ]]; then
local rootdevice="${LOOP}p${rootpart}" local rootdevice="${LOOP}p${rootpart}"
display_alert "Creating rootfs" "$ROOTFS_TYPE"
if [[ $CRYPTROOT_ENABLE == yes ]]; then
display_alert "Encrypting partition with LUKS" "" "ext"
echo -n $CRYPTROOT_PASSPHRASE | cryptsetup luksFormat $rootdevice -
echo -n $CRYPTROOT_PASSPHRASE | cryptsetup luksOpen $rootdevice $ROOT_MAPPER -
# TODO: pass /dev/mapper to Docker
rootdevice=/dev/mapper/$ROOT_MAPPER # used by `mkfs` and `mount` commands
fi
check_loop_device "$rootdevice" check_loop_device "$rootdevice"
display_alert "Creating rootfs" "$ROOTFS_TYPE on $rootdevice"
mkfs.${mkfs[$ROOTFS_TYPE]} ${mkopts[$ROOTFS_TYPE]} $rootdevice mkfs.${mkfs[$ROOTFS_TYPE]} ${mkopts[$ROOTFS_TYPE]} $rootdevice
[[ $ROOTFS_TYPE == ext4 ]] && tune2fs -o journal_data_writeback $rootdevice > /dev/null [[ $ROOTFS_TYPE == ext4 ]] && tune2fs -o journal_data_writeback $rootdevice > /dev/null
[[ $ROOTFS_TYPE == btrfs ]] && local fscreateopt="-o compress-force=zlib" [[ $ROOTFS_TYPE == btrfs ]] && local fscreateopt="-o compress-force=zlib"
mount ${fscreateopt} $rootdevice $MOUNT/ mount ${fscreateopt} $rootdevice $MOUNT/
local rootfs="UUID=$(blkid -s UUID -o value $rootdevice)" # create fstab (and crypttab) entry
if [[ $CRYPTROOT_ENABLE == yes ]]; then
# map the LUKS container partition via its UUID to be the 'cryptroot' device
echo "$ROOT_MAPPER UUID=$(blkid -s UUID -o value ${LOOP}p${rootpart}) none luks" >> $SDCARD/etc/crypttab
local rootfs=$rootdevice # used in fstab
else
local rootfs="UUID=$(blkid -s UUID -o value $rootdevice)"
fi
echo "$rootfs / ${mkfs[$ROOTFS_TYPE]} defaults,noatime,nodiratime${mountopts[$ROOTFS_TYPE]} 0 1" >> $SDCARD/etc/fstab echo "$rootfs / ${mkfs[$ROOTFS_TYPE]} defaults,noatime,nodiratime${mountopts[$ROOTFS_TYPE]} 0 1" >> $SDCARD/etc/fstab
fi fi
if [[ -n $bootpart ]]; then if [[ -n $bootpart ]]; then
@ -417,7 +439,11 @@ prepare_partitions()
# stage: adjust boot script or boot environment # stage: adjust boot script or boot environment
if [[ -f $SDCARD/boot/armbianEnv.txt ]]; then if [[ -f $SDCARD/boot/armbianEnv.txt ]]; then
echo "rootdev=$rootfs" >> $SDCARD/boot/armbianEnv.txt if [[ $CRYPTROOT_ENABLE == yes ]]; then
echo "rootdev=$rootdevice cryptdevice=UUID=$(blkid -s UUID -o value ${LOOP}p${rootpart}):$ROOT_MAPPER" >> $SDCARD/boot/armbianEnv.txt
else
echo "rootdev=$rootfs" >> $SDCARD/boot/armbianEnv.txt
fi
echo "rootfstype=$ROOTFS_TYPE" >> $SDCARD/boot/armbianEnv.txt echo "rootfstype=$ROOTFS_TYPE" >> $SDCARD/boot/armbianEnv.txt
elif [[ $rootpart != 1 ]]; then elif [[ $rootpart != 1 ]]; then
local bootscript_dst=${BOOTSCRIPT##*:} local bootscript_dst=${BOOTSCRIPT##*:}
@ -428,8 +454,12 @@ prepare_partitions()
# if we have boot.ini = remove armbianEnv.txt and add UUID there if enabled # if we have boot.ini = remove armbianEnv.txt and add UUID there if enabled
if [[ -f $SDCARD/boot/boot.ini ]]; then if [[ -f $SDCARD/boot/boot.ini ]]; then
sed -i -e "s/rootfstype \"ext4\"/rootfstype \"$ROOTFS_TYPE\"/" $SDCARD/boot/boot.ini if [[ $CRYPTROOT_ENABLE == yes ]]; then
sed -i 's/^setenv rootdev .*/setenv rootdev "'$rootfs'"/' $SDCARD/boot/boot.ini local rootpart="UUID=$(blkid -s UUID -o value ${LOOP}p${rootpart})"
sed -i 's/^setenv rootdev .*/setenv rootdev "\/dev\/mapper\/'$ROOT_MAPPER' cryptdevice='UUID="$(blkid -s UUID -o value ${LOOP}p${rootpart})"':'$ROOT_MAPPER'"/' $SDCARD/boot/boot.ini
else
sed -i 's/^setenv rootdev .*/setenv rootdev "'$rootfs'"/' $SDCARD/boot/boot.ini
fi
[[ -f $SDCARD/boot/armbianEnv.txt ]] && rm $SDCARD/boot/armbianEnv.txt [[ -f $SDCARD/boot/armbianEnv.txt ]] && rm $SDCARD/boot/armbianEnv.txt
fi fi
@ -481,6 +511,8 @@ create_image()
sync sync
[[ $BOOTSIZE != 0 ]] && umount -l $MOUNT/boot [[ $BOOTSIZE != 0 ]] && umount -l $MOUNT/boot
[[ $ROOTFS_TYPE != nfs ]] && umount -l $MOUNT [[ $ROOTFS_TYPE != nfs ]] && umount -l $MOUNT
[[ $CRYPTROOT_ENABLE == yes ]] && cryptsetup luksClose $ROOT_MAPPER
losetup -d $LOOP losetup -d $LOOP
rm -rf --one-file-system $DESTIMG $MOUNT rm -rf --one-file-system $DESTIMG $MOUNT
mkdir -p $DESTIMG mkdir -p $DESTIMG

13
lib/distributions.sh
View File

@ -212,6 +212,19 @@ install_common()
unmanaged-devices=$NM_IGNORE_DEVICES unmanaged-devices=$NM_IGNORE_DEVICES
EOF EOF
fi fi
# Set the port of the dropbear ssh deamon in the initramfs to a different one if configured
# this avoids the typical 'host key changed warning' - `WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!`
[[ -f $SDCARD/etc/dropbear-initramfs/config ]] && sed -i 's/^#DROPBEAR_OPTIONS=/DROPBEAR_OPTIONS="-p '$CRYPTROOT_SSH_PORT'"/' $SDCARD/etc/dropbear-initramfs/config
if [[ $CRYPTROOT_ENABLE == yes ]]; then
if [[ -f $SRC/userpatches/dropbear_authorized_keys ]]; then
# TODO: check for supported key types in Dropbear
mkdir -p $SDCARD/etc/dropbear-initramfs/
cp $SRC/userpatches/dropbear_authorized_keys $SDCARD/etc/dropbear-initramfs/authorized_keys
else
display_alert "Authorized keys file not found in userpatches, cryptsetup SSH unlock will be disabled" "" "wrn"
fi
fi
} }
install_distribution_specific() install_distribution_specific()

2
lib/general.sh
View File

@ -530,7 +530,7 @@ prepare_host()
nfs-kernel-server btrfs-tools ncurses-term p7zip-full kmod dosfstools libc6-dev-armhf-cross \ nfs-kernel-server btrfs-tools ncurses-term p7zip-full kmod dosfstools libc6-dev-armhf-cross \
curl patchutils python liblz4-tool libpython2.7-dev linux-base swig libpython-dev aptly acl \ curl patchutils python liblz4-tool libpython2.7-dev linux-base swig libpython-dev aptly acl \
locales ncurses-base pixz dialog systemd-container udev lib32stdc++6 libc6-i386 lib32ncurses5 lib32tinfo5 \ locales ncurses-base pixz dialog systemd-container udev lib32stdc++6 libc6-i386 lib32ncurses5 lib32tinfo5 \
bison libbison-dev flex libfl-dev" bison libbison-dev flex libfl-dev cryptsetup"
local codename=$(lsb_release -sc) local codename=$(lsb_release -sc)
display_alert "Build host OS release" "${codename:-(unknown)}" "info" display_alert "Build host OS release" "${codename:-(unknown)}" "info"

1
lib/image-helpers.sh
View File

@ -54,6 +54,7 @@ unmount_on_exit()
umount -l $SDCARD >/dev/null 2>&1 umount -l $SDCARD >/dev/null 2>&1
umount -l $MOUNT/boot >/dev/null 2>&1 umount -l $MOUNT/boot >/dev/null 2>&1
umount -l $MOUNT >/dev/null 2>&1 umount -l $MOUNT >/dev/null 2>&1
[[ $CRYPTROOT_ENABLE == yes ]] && cryptsetup luksClose $ROOT_MAPPER
losetup -d $LOOP >/dev/null 2>&1 losetup -d $LOOP >/dev/null 2>&1
rm -rf --one-file-system $SDCARD rm -rf --one-file-system $SDCARD
exit_with_error "debootstrap-ng was interrupted" exit_with_error "debootstrap-ng was interrupted"