harald/VerityBook
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

rename fedorabook veritybook

Browse source
This commit is contained in:
Harald Hoyer 2020-02-11 10:50:54 +01:00
parent 24075408b5
commit 3c4c62fbe8
6 changed files with 24 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

0
20fedorabook/module-setup.sh → 20veritybook/module-setup.sh
View file

0
20fedorabook/pre-pivot.sh → 20veritybook/pre-pivot.sh
View file

38
README.md
View file

@ -1,4 +1,4 @@
# FedoraBook # VerityBook
Let's put all the fancy features together, we developed in the last years: Let's put all the fancy features together, we developed in the last years:
@ -80,56 +80,56 @@ All configurable files have been whitelisted and moved to /cfg.
### Prepare the Image ### Prepare the Image
For reproducible squashfs builds use https://github.com/squashfskit/squashfskit. Clone it in the For reproducible squashfs builds use https://github.com/squashfskit/squashfskit. Clone it in the
main FedoraBook directory and build it. main VerityBook directory and build it.
```bash ```bash
$ sudo ./prepare-root.sh \ $ sudo ./prepare-root.sh \
--pkglist pkglist.txt \ --pkglist pkglist.txt \
--excludelist excludelist.txt \ --excludelist excludelist.txt \
--name FedoraBook \ --name VerityBook \
--logo logo.bmp \ --logo logo.bmp \
--reposd <REPOSDIR> \ --reposd <REPOSDIR> \
--releasever 29 --releasever 29
``` ```
This will create the following files and directories: This will create the following files and directories:
- ```FedoraBook``` - keep this directory around for updates - ```VerityBook``` - keep this directory around for updates
(includes needed passwd/group history and rpmdb) (includes needed passwd/group history and rpmdb)
- ```FedoraBook-29.<datetime>``` - the resulting <IMGDIR> - ```VerityBook-29.<datetime>``` - the resulting <IMGDIR>
- ```FedoraBook-latest.json``` - a metadata file for the update server - ```VerityBook-latest.json``` - a metadata file for the update server
or download a prebuilt [image](https://harald.fedorapeople.org/downloads/fedorabook.tgz), or download a prebuilt [image](https://harald.fedorapeople.org/downloads/veritybook.tgz),
unpack and use this as ```<IMGDIR>```. unpack and use this as ```<IMGDIR>```.
## Sign the release ## Sign the release
Get [efitools](https://github.com/haraldh/efitools.git). Compile and create your keys. Get [efitools](https://github.com/haraldh/efitools.git). Compile and create your keys.
Copy ```LockDown.efi``` ```DB.key``` ```DB.crt``` from efitools to the fedorabook directory. Copy ```LockDown.efi``` ```DB.key``` ```DB.crt``` from efitools to the veritybook directory.
Rename ```DB.key``` ```DB.crt``` to ```FedoraBook.key``` and ```FedoraBook.crt``` Rename ```DB.key``` ```DB.crt``` to ```VerityBook.key``` and ```VerityBook.crt```
Optionally copy ```Shell.efi``` (might be ```/usr/share/edk2/ovmf/Shell.efi```) to the fedorabook directory. Optionally copy ```Shell.efi``` (might be ```/usr/share/edk2/ovmf/Shell.efi```) to the veritybook directory.
```bash ```bash
$ sudo ./mkrelease.sh FedoraBook-latest.json $ sudo ./mkrelease.sh VerityBook-latest.json
``` ```
then upload to your update server: then upload to your update server:
```bash ```bash
$ TARBALL="$(jq -r '.name' FedoraBook-latest.json)-$(jq -r '.version' FedoraBook-latest.json)".tgz $ TARBALL="$(jq -r '.name' VerityBook-latest.json)-$(jq -r '.version' VerityBook-latest.json)".tgz
$ scp "$TARBALL" FedoraBook-latest.json <DESTINATION> $ scp "$TARBALL" VerityBook-latest.json <DESTINATION>
``` ```
## QEMU disk image ## QEMU disk image
```bash ```bash
$ sudo ./mkimage.sh <IMGDIR> image.raw $ sudo ./mkimage.sh <IMGDIR> image.raw
``` ```
or with the json file: or with the json file:
```bash ```bash
$ sudo ./mkimage.sh FedoraBook-latest.json image.raw $ sudo ./mkimage.sh VerityBook-latest.json image.raw
``` ```
## USB stick ## USB stick
@ -139,7 +139,7 @@ $ sudo ./mkimage.sh <IMGDIR> /dev/disk/by-path/pci-…-usb…
or with the json file: or with the json file:
```bash ```bash
$ sudo ./mkimage.sh FedoraBook-latest.json /dev/disk/by-path/pci-…-usb… $ sudo ./mkimage.sh VerityBook-latest.json /dev/disk/by-path/pci-…-usb…
``` ```
## Install from USB stick ## Install from USB stick
@ -167,7 +167,7 @@ If you cannot:
- use the option ```--crypt``` otherwise - use the option ```--crypt``` otherwise
```bash ```bash
$ sudo fedorabook-clonedisk <options> <usb stick device> <harddisk device> $ sudo veritybook-clonedisk <options> <usb stick device> <harddisk device>
``` ```
### Post ### Post
@ -208,7 +208,7 @@ The initial password is ```zero key```.
## Updating ## Updating
```bash ```bash
# systemd-inhibit fedorabook-update <UPDATE-URL> # systemd-inhibit veritybook-update <UPDATE-URL>
``` ```
## Secure Boot ## Secure Boot
@ -222,4 +222,4 @@ Make sure the BIOS contains an option to restore the default keys.
- Boot from stick with Shell.efi and LockDown.efi - Boot from stick with Shell.efi and LockDown.efi
- Execute LockDown.efi - Execute LockDown.efi
- reset - reset
- Secure Boot into signed FedoraBook release - Secure Boot into signed VerityBook release

0
FedoraBook.fc → VerityBook.fc
View file

2
FedoraBook.te → VerityBook.te
View file

@ -1,4 +1,4 @@
module FedoraBook 1.0; module VerityBook 1.0;
require { require {
type policykit_auth_t; type policykit_auth_t;

8
prepare-root.sh
View file

@ -14,7 +14,7 @@ Creates a directory with a readonly root on squashfs, a dm_verity file and an EF
--releasever NUM Used Fedora release version NUM (default: $VERSION_ID) --releasever NUM Used Fedora release version NUM (default: $VERSION_ID)
--outname JSON Creates \$JSON.json symlinked to that release (default: NAME-NUM-DATE) --outname JSON Creates \$JSON.json symlinked to that release (default: NAME-NUM-DATE)
--baseoutdir DIR Parent directory of --outdir --baseoutdir DIR Parent directory of --outdir
--name NAME The NAME of the product (default: FedoraBook) --name NAME The NAME of the product (default: VerityBook)
--logo FILE Uses the .bmp FILE to display as a splash screen (default: logo.bmp) --logo FILE Uses the .bmp FILE to display as a splash screen (default: logo.bmp)
--quirks LIST Source the list of quirks from the quikrs directory --quirks LIST Source the list of quirks from the quikrs directory
--gpgkey FILE Use FILE as the signing gpg key --gpgkey FILE Use FILE as the signing gpg key
@ -143,7 +143,7 @@ while true; do
esac esac
done done
NAME=${NAME:-"FedoraBook"} NAME=${NAME:-"VerityBook"}
RELEASEVER=${RELEASEVER:-$VERSION_ID} RELEASEVER=${RELEASEVER:-$VERSION_ID}
BASEOUTDIR=$(realpath ${BASEOUTDIR:-"$CURDIR"}) BASEOUTDIR=$(realpath ${BASEOUTDIR:-"$CURDIR"})
CRT=${CRT:-${NAME}.crt} CRT=${CRT:-${NAME}.crt}
@ -359,7 +359,7 @@ cp "${BASEDIR}/${CRT}" "$sysroot"/etc/pki/${NAME}/crt
rpm --root "$sysroot" -qa | sort > "$sysroot"/usr/rpm-list.txt rpm --root "$sysroot" -qa | sort > "$sysroot"/usr/rpm-list.txt
cp -avr "${BASEDIR}"/{10verity,20fedorabook} "$sysroot"/usr/lib/dracut/modules.d/ cp -avr "${BASEDIR}"/{10verity,20veritybook} "$sysroot"/usr/lib/dracut/modules.d/
KVER=$(cd "$sysroot"/lib/modules/; ls -1d ??* | tail -1) KVER=$(cd "$sysroot"/lib/modules/; ls -1d ??* | tail -1)
@ -378,7 +378,7 @@ chroot "$sysroot" \
dracut -N --kver $KVER --force \ dracut -N --kver $KVER --force \
--filesystems "squashfs vfat xfs" \ --filesystems "squashfs vfat xfs" \
-m "bash systemd systemd-initrd modsign crypt dm kernel-modules qemu rootfs-block" \ -m "bash systemd systemd-initrd modsign crypt dm kernel-modules qemu rootfs-block" \
-m "udev-rules dracut-systemd base fs-lib shutdown terminfo resume verity fedorabook" \ -m "udev-rules dracut-systemd base fs-lib shutdown terminfo resume verity veritybook" \
--reproducible \ --reproducible \
/lib/modules/$KVER/initrd /lib/modules/$KVER/initrd