VerityBook/mkimage.sh

201 lines
5.1 KiB
Bash
Raw Normal View History

2018-09-11 11:37:47 +02:00
#!/bin/bash -ex
2018-08-28 09:25:03 +02:00
CURDIR=$(pwd)
PROGNAME=${0##*/}
usage() {
cat << EOF
2018-10-23 16:08:53 +02:00
Usage: $PROGNAME [OPTION] DIR_OR_LATEST-JSON
2018-08-28 09:25:03 +02:00
-h, --help Display this help
--crypt Use Luks2 to encrypt the data partition (default PW: 1)
--crypttpm2 as --crypt, but additionally auto-open with the use of a TPM2
--simple do not use dual-boot layout (e.g. for USB install media)
2018-09-06 15:56:53 +02:00
--update do not clear the data partition
2018-08-28 09:25:03 +02:00
EOF
}
TEMP=$(
getopt -o '' \
2018-09-14 11:48:24 +02:00
--long crypt \
--long crypttpm2 \
2018-10-23 16:08:53 +02:00
--long simple \
--long update \
--long efishell \
--long help \
2018-09-14 11:48:24 +02:00
-- "$@"
2018-08-28 09:25:03 +02:00
)
if (( $? != 0 )); then
usage >&2
exit 1
fi
eval set -- "$TEMP"
unset TEMP
. /etc/os-release
while true; do
case "$1" in
2018-09-14 11:48:24 +02:00
'--efishell')
USE_EFISHELL="y"
shift 1; continue
;;
2018-08-28 09:25:03 +02:00
'--crypt')
2018-09-14 11:48:24 +02:00
USE_CRYPT="y"
2018-08-28 09:25:03 +02:00
shift 1; continue
;;
'--crypttpm2')
2018-09-14 11:48:24 +02:00
USE_TPM="y"
2018-08-28 09:25:03 +02:00
shift 1; continue
;;
2018-09-06 15:56:53 +02:00
'--simple')
2018-09-14 11:48:24 +02:00
SIMPLE="y"
2018-09-06 15:56:53 +02:00
shift 1; continue
;;
'--update')
2018-09-14 11:48:24 +02:00
UPDATE="y"
2018-09-06 15:56:53 +02:00
shift 1; continue
;;
2018-08-28 09:25:03 +02:00
'--help')
2018-09-14 11:48:24 +02:00
usage
exit 0
2018-08-28 09:25:03 +02:00
;;
'--')
shift
break
;;
*)
echo 'Internal error!' >&2
exit 1
;;
esac
done
SOURCE=$(readlink -e "$1")
2018-09-11 11:37:47 +02:00
IMAGE=$(readlink -f "$2")
2018-08-28 09:25:03 +02:00
if ! [[ -d $SOURCE ]]; then
NAME="$(jq -r '.name' "$SOURCE")"
SOURCE="${SOURCE%/*}/$(jq -r '.name' "$SOURCE")-$(jq -r '.version' "$SOURCE")"
else
NAME="$(jq -r '.name' "$SOURCE"/release.json)"
fi
2018-08-28 09:25:03 +02:00
if ! [[ -d $SOURCE ]] || ! [[ $IMAGE ]]; then
usage
exit 1
fi
[[ $TMPDIR ]] || TMPDIR=/var/tmp
readonly TMPDIR="$(realpath -e "$TMPDIR")"
[ -d "$TMPDIR" ] || {
printf "%s\n" "${PROGNAME}: Invalid tmpdir '$tmpdir'." >&2
exit 1
}
readonly MY_TMPDIR="$(mktemp -p "$TMPDIR/" -d -t ${PROGNAME}.XXXXXX)"
[ -d "$MY_TMPDIR" ] || {
printf "%s\n" "${PROGNAME}: mktemp -p '$TMPDIR/' -d -t ${PROGNAME}.XXXXXX failed." >&2
exit 1
}
# clean up after ourselves no matter how we die.
trap '
ret=$?;
for i in "$MY_TMPDIR"/boot "$MY_TMPDIR"/data; do
[[ -d "$i" ]] && mountpoint -q "$i" && umount "$i"
done
[[ $DEV ]] && losetup -d $DEV 2>/dev/null || :
[[ $MY_TMPDIR ]] && rm -rf --one-file-system -- "$MY_TMPDIR"
exit $ret;
' EXIT
# clean up after ourselves no matter how we die.
trap 'exit 1;' SIGINT
ROOT_HASH=$(jq -r '.roothash' "$SOURCE"/release.json)
2018-08-28 09:25:03 +02:00
ROOT_UUID=${ROOT_HASH:32:8}-${ROOT_HASH:40:4}-${ROOT_HASH:44:4}-${ROOT_HASH:48:4}-${ROOT_HASH:52:12}
# ------------------------------------------------------------------------------
# Testdisk
# create GPT table with EFI System Partition
if ! [[ -b "${IMAGE}" ]]; then
2018-09-06 15:56:53 +02:00
if ! [[ $UPDATE ]]; then
rm -f "${IMAGE}"
dd if=/dev/null of="${IMAGE}" bs=1MiB seek=$((15*1024)) count=1
fi
2018-08-28 09:25:03 +02:00
readonly DEV=$(losetup --show -f -P "${IMAGE}")
readonly DEV_PART=${DEV}p
else
for i in ${IMAGE}*; do
umount "$i" || :
done
2018-09-06 15:56:53 +02:00
if ! [[ $UPDATE ]]; then
wipefs --force --all "${IMAGE}"
fi
2018-08-28 09:25:03 +02:00
readonly DEV="${IMAGE}"
readonly DEV_PART="${IMAGE}"
fi
udevadm settle
2018-09-06 15:56:53 +02:00
if ! [[ $UPDATE ]]; then
sfdisk "${DEV}" << EOF
2018-08-28 09:25:03 +02:00
label: gpt
size=512MiB, type=c12a7328-f81f-11d2-ba4b-00a0c93ec93b, name="ESP System Partition"
size=4GiB, type=4F68BCE3-E8CD-4DB1-96E7-FBCAF984B709, name="root1", uuid=$ROOT_UUID
type=3b8f8425-20e0-4f3b-907f-1a25a76f98e9, name="data"
EOF
2018-09-06 15:56:53 +02:00
udevadm settle
for i in 1 2 3; do
2018-09-06 15:56:53 +02:00
wipefs --force --all ${DEV_PART}${i}
done
udevadm settle
else
sfdisk --part-uuid ${DEV} 3 ${ROOT_UUID}
fi
2018-08-28 09:25:03 +02:00
# ------------------------------------------------------------------------------
# ESP
2018-09-06 15:56:53 +02:00
if ! [[ $UPDATE ]]; then
mkfs.fat -nEFI -F32 ${DEV_PART}1
fi
2018-08-28 09:25:03 +02:00
mkdir "$MY_TMPDIR"/boot
2018-09-14 11:48:24 +02:00
mount "${DEV_PART}1" "$MY_TMPDIR"/boot
2018-08-28 09:25:03 +02:00
mkdir -p "$MY_TMPDIR"/boot/EFI/Boot
mkdir -p "$MY_TMPDIR"/boot/EFI/FedoraBook
2018-09-14 11:48:24 +02:00
if [[ $USE_EFISHELL ]]; then
[[ -e "${SOURCE}"/efi/startup.nsh ]] && cp "${SOURCE}"/efi/startup.nsh "$MY_TMPDIR"/boot/
[[ -e "${SOURCE}"/efi/LockDown.efi ]] && cp "${SOURCE}"/efi/LockDown.efi "$MY_TMPDIR"/boot/
cp "${SOURCE}"/efi/Shell.efi "$MY_TMPDIR"/boot/EFI/Boot/bootx64.efi
cp "$SOURCE"/efi/EFI/${NAME}/bootx64-$ROOT_HASH.efi "$MY_TMPDIR"/boot/EFI/FedoraBook/1.efi
else
cp "$SOURCE"/efi/EFI/${NAME}/bootx64-$ROOT_HASH.efi "$MY_TMPDIR"/boot/EFI/Boot/bootx64.efi
cp "$SOURCE"/efi/EFI/${NAME}/bootx64-$ROOT_HASH.efi "$MY_TMPDIR"/boot/EFI/FedoraBook/1.efi
fi
2018-09-14 11:48:24 +02:00
2018-08-28 09:25:03 +02:00
umount "$MY_TMPDIR"/boot
# ------------------------------------------------------------------------------
# root1
2018-10-23 16:09:13 +02:00
dd bs=4096 conv=fsync if="$SOURCE"/root.img of=${DEV_PART}2 status=progress
2018-08-28 09:25:03 +02:00
# ------------------------------------------------------------------------------
# data
2018-09-06 15:56:53 +02:00
if ! [[ $UPDATE ]]; then
2018-09-14 11:48:24 +02:00
mkfs.xfs -L data "${DEV_PART}3"
2018-09-06 15:56:53 +02:00
fi
2018-08-28 09:25:03 +02:00
# ------------------------------------------------------------------------------
# DONE
sync
losetup -d $DEV || :
eject "$DEV" || :
sync