diff --git a/20fedorabook/module-setup.sh b/20veritybook/module-setup.sh similarity index 100% rename from 20fedorabook/module-setup.sh rename to 20veritybook/module-setup.sh diff --git a/20fedorabook/pre-pivot.sh b/20veritybook/pre-pivot.sh similarity index 100% rename from 20fedorabook/pre-pivot.sh rename to 20veritybook/pre-pivot.sh diff --git a/README.md b/README.md index 11835a5..9930909 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# FedoraBook +# VerityBook Let's put all the fancy features together, we developed in the last years: @@ -80,56 +80,56 @@ All configurable files have been whitelisted and moved to /cfg. ### Prepare the Image For reproducible squashfs builds use https://github.com/squashfskit/squashfskit. Clone it in the -main FedoraBook directory and build it. +main VerityBook directory and build it. ```bash $ sudo ./prepare-root.sh \ --pkglist pkglist.txt \ --excludelist excludelist.txt \ - --name FedoraBook \ + --name VerityBook \ --logo logo.bmp \ --reposd \ --releasever 29 ``` This will create the following files and directories: -- ```FedoraBook``` - keep this directory around for updates +- ```VerityBook``` - keep this directory around for updates (includes needed passwd/group history and rpmdb) -- ```FedoraBook-29.``` - the resulting -- ```FedoraBook-latest.json``` - a metadata file for the update server +- ```VerityBook-29.``` - the resulting +- ```VerityBook-latest.json``` - a metadata file for the update server -or download a prebuilt [image](https://harald.fedorapeople.org/downloads/fedorabook.tgz), +or download a prebuilt [image](https://harald.fedorapeople.org/downloads/veritybook.tgz), unpack and use this as ``````. ## Sign the release Get [efitools](https://github.com/haraldh/efitools.git). Compile and create your keys. -Copy ```LockDown.efi``` ```DB.key``` ```DB.crt``` from efitools to the fedorabook directory. +Copy ```LockDown.efi``` ```DB.key``` ```DB.crt``` from efitools to the veritybook directory. -Rename ```DB.key``` ```DB.crt``` to ```FedoraBook.key``` and ```FedoraBook.crt``` +Rename ```DB.key``` ```DB.crt``` to ```VerityBook.key``` and ```VerityBook.crt``` -Optionally copy ```Shell.efi``` (might be ```/usr/share/edk2/ovmf/Shell.efi```) to the fedorabook directory. +Optionally copy ```Shell.efi``` (might be ```/usr/share/edk2/ovmf/Shell.efi```) to the veritybook directory. ```bash -$ sudo ./mkrelease.sh FedoraBook-latest.json +$ sudo ./mkrelease.sh VerityBook-latest.json ``` then upload to your update server: ```bash -$ TARBALL="$(jq -r '.name' FedoraBook-latest.json)-$(jq -r '.version' FedoraBook-latest.json)".tgz -$ scp "$TARBALL" FedoraBook-latest.json +$ TARBALL="$(jq -r '.name' VerityBook-latest.json)-$(jq -r '.version' VerityBook-latest.json)".tgz +$ scp "$TARBALL" VerityBook-latest.json ``` ## QEMU disk image ```bash -$ sudo ./mkimage.sh image.raw +$ sudo ./mkimage.sh image.raw ``` or with the json file: ```bash -$ sudo ./mkimage.sh FedoraBook-latest.json image.raw +$ sudo ./mkimage.sh VerityBook-latest.json image.raw ``` ## USB stick @@ -139,7 +139,7 @@ $ sudo ./mkimage.sh /dev/disk/by-path/pci-…-usb… or with the json file: ```bash -$ sudo ./mkimage.sh FedoraBook-latest.json /dev/disk/by-path/pci-…-usb… +$ sudo ./mkimage.sh VerityBook-latest.json /dev/disk/by-path/pci-…-usb… ``` ## Install from USB stick @@ -167,7 +167,7 @@ If you cannot: - use the option ```--crypt``` otherwise ```bash -$ sudo fedorabook-clonedisk +$ sudo veritybook-clonedisk ``` ### Post @@ -208,7 +208,7 @@ The initial password is ```zero key```. ## Updating ```bash -# systemd-inhibit fedorabook-update +# systemd-inhibit veritybook-update ``` ## Secure Boot @@ -222,4 +222,4 @@ Make sure the BIOS contains an option to restore the default keys. - Boot from stick with Shell.efi and LockDown.efi - Execute LockDown.efi - reset -- Secure Boot into signed FedoraBook release +- Secure Boot into signed VerityBook release diff --git a/FedoraBook.fc b/VerityBook.fc similarity index 100% rename from FedoraBook.fc rename to VerityBook.fc diff --git a/FedoraBook.te b/VerityBook.te similarity index 99% rename from FedoraBook.te rename to VerityBook.te index a720247..92c8cbb 100644 --- a/FedoraBook.te +++ b/VerityBook.te @@ -1,4 +1,4 @@ -module FedoraBook 1.0; +module VerityBook 1.0; require { type policykit_auth_t; diff --git a/prepare-root.sh b/prepare-root.sh index 4b0ee51..78ee043 100755 --- a/prepare-root.sh +++ b/prepare-root.sh @@ -14,7 +14,7 @@ Creates a directory with a readonly root on squashfs, a dm_verity file and an EF --releasever NUM Used Fedora release version NUM (default: $VERSION_ID) --outname JSON Creates \$JSON.json symlinked to that release (default: NAME-NUM-DATE) --baseoutdir DIR Parent directory of --outdir - --name NAME The NAME of the product (default: FedoraBook) + --name NAME The NAME of the product (default: VerityBook) --logo FILE Uses the .bmp FILE to display as a splash screen (default: logo.bmp) --quirks LIST Source the list of quirks from the quikrs directory --gpgkey FILE Use FILE as the signing gpg key @@ -143,7 +143,7 @@ while true; do esac done -NAME=${NAME:-"FedoraBook"} +NAME=${NAME:-"VerityBook"} RELEASEVER=${RELEASEVER:-$VERSION_ID} BASEOUTDIR=$(realpath ${BASEOUTDIR:-"$CURDIR"}) CRT=${CRT:-${NAME}.crt} @@ -359,7 +359,7 @@ cp "${BASEDIR}/${CRT}" "$sysroot"/etc/pki/${NAME}/crt rpm --root "$sysroot" -qa | sort > "$sysroot"/usr/rpm-list.txt -cp -avr "${BASEDIR}"/{10verity,20fedorabook} "$sysroot"/usr/lib/dracut/modules.d/ +cp -avr "${BASEDIR}"/{10verity,20veritybook} "$sysroot"/usr/lib/dracut/modules.d/ KVER=$(cd "$sysroot"/lib/modules/; ls -1d ??* | tail -1) @@ -378,7 +378,7 @@ chroot "$sysroot" \ dracut -N --kver $KVER --force \ --filesystems "squashfs vfat xfs" \ -m "bash systemd systemd-initrd modsign crypt dm kernel-modules qemu rootfs-block" \ - -m "udev-rules dracut-systemd base fs-lib shutdown terminfo resume verity fedorabook" \ + -m "udev-rules dracut-systemd base fs-lib shutdown terminfo resume verity veritybook" \ --reproducible \ /lib/modules/$KVER/initrd