From 5d5ec9682e9106607f96170ec1f6b91d15e71ddf Mon Sep 17 00:00:00 2001 From: Harald Hoyer Date: Thu, 6 Sep 2018 15:56:53 +0200 Subject: [PATCH] update --- clonedisk.sh | 91 +++++++++++++++++++++++++++++---- excludelist.txt | 3 +- mkimage.sh | 47 ++++++++++++----- pkglist.txt | 5 +- prepare-root.sh | 45 +++++++++++++++- quirks/nss_db.sh | 3 +- systemd-udev-settle-dri.service | 26 ++++++++++ update.sh | 80 +++++++++++++++++++++++++++++ 8 files changed, 270 insertions(+), 30 deletions(-) create mode 100644 systemd-udev-settle-dri.service create mode 100755 update.sh diff --git a/clonedisk.sh b/clonedisk.sh index 4e97112..53a4d21 100755 --- a/clonedisk.sh +++ b/clonedisk.sh @@ -1,6 +1,67 @@ -#!/bin/bash +#!/bin/bash -ex -set -ex +usage() { + cat << EOF +Usage: $PROGNAME [OPTION] + + -h, --help Display this help + --crypt Use Luks2 to encrypt the data partition (default PW: 1) + --crypttpm2 as --crypt, but additionally auto-open with the use of a TPM2 + --simple do not use dual-boot layout (e.g. for USB install media) + --update do not clear the data partition +EOF +} + +TEMP=$( + getopt -o '' \ + --long crypt \ + --long crypttpm2 \ + --long simple \ + --long update \ + --long help \ + -- "$@" + ) + +if (( $? != 0 )); then + usage >&2 + exit 1 +fi + +eval set -- "$TEMP" +unset TEMP + +while true; do + case "$1" in + '--crypt') + USE_CRYPT="y" + shift 1; continue + ;; + '--crypttpm2') + USE_TPM="y" + shift 1; continue + ;; + '--simple') + SIMPLE="y" + shift 1; continue + ;; + '--update') + UPDATE="y" + shift 1; continue + ;; + '--help') + usage + exit 0 + ;; + '--') + shift + break + ;; + *) + echo 'Internal error!' >&2 + exit 1 + ;; + esac +done [[ $TMPDIR ]] || TMPDIR=/var/tmp readonly TMPDIR="$(realpath -e "$TMPDIR")" @@ -44,9 +105,11 @@ if [[ ${IN#/dev/loop} != $IN ]]; then IN="${IN}p" fi -wipefs --all "$OUT" +if ! [[ $UPDATE ]]; then -sfdisk -W always -w always "$OUT" << EOF + wipefs --all "$OUT" + + sfdisk -W always -w always "$OUT" << EOF label: gpt size=512MiB, type=c12a7328-f81f-11d2-ba4b-00a0c93ec93b, name="ESP System Partition" size=256M, type=2c7357ed-ebd2-46d9-aec1-23d437ec2bf5, name="ver1", uuid=$(blkid -o value -s PARTUUID ${IN}2) @@ -56,6 +119,9 @@ label: gpt size=${mem}GiB, type=0657fd6d-a4ab-43c4-84e5-0933c84b4f4f, name="swap" type=3b8f8425-20e0-4f3b-907f-1a25a76f98e9, name="data" EOF +fi + +OUT_DEV=$OUT if [[ ${OUT#/dev/loop} != $OUT ]]; then OUT="${OUT}p" @@ -66,13 +132,16 @@ fi for i in 1 2 3; do dd if=${IN}${i} of=${OUT}${i} status=progress + sfdisk --part-uuid ${OUT_DEV} $i $(blkid -o value -s PARTUUID ${IN}${i}) done -# ------------------------------------------------------------------------------ -# swap -mkswap -L swap ${OUT}6 +if ! [[ $UPDATE ]]; then + # ------------------------------------------------------------------------------ + # swap + mkswap -L swap ${OUT}6 -# ------------------------------------------------------------------------------ -# data -echo -n "zero key" \ - | cryptsetup luksFormat --type luks2 ${OUT}7 /dev/stdin + # ------------------------------------------------------------------------------ + # data + echo -n "zero key" \ + | cryptsetup luksFormat --type luks2 ${OUT}7 /dev/stdin +fi diff --git a/excludelist.txt b/excludelist.txt index de0cbbc..67fc5df 100644 --- a/excludelist.txt +++ b/excludelist.txt @@ -4,7 +4,6 @@ grubby grub* plymouth device-mapper-multipath -libvirt-daemon selinux-policy-targeted libselinux-utils - +httpd diff --git a/mkimage.sh b/mkimage.sh index c30e5d9..c6ade84 100755 --- a/mkimage.sh +++ b/mkimage.sh @@ -17,6 +17,7 @@ Usage: $PROGNAME [OPTION] --crypt Use Luks2 to encrypt the data partition (default PW: 1) --crypttpm2 as --crypt, but additionally auto-open with the use of a TPM2 --simple do not use dual-boot layout (e.g. for USB install media) + --update do not clear the data partition EOF } @@ -24,6 +25,8 @@ TEMP=$( getopt -o '' \ --long crypt \ --long crypttpm2 \ + --long simple \ + --long update \ --long help \ -- "$@" ) @@ -47,6 +50,14 @@ while true; do USE_TPM="y" shift 1; continue ;; + '--simple') + SIMPLE="y" + shift 1; continue + ;; + '--update') + UPDATE="y" + shift 1; continue + ;; '--help') usage exit 0 @@ -109,8 +120,10 @@ HASH_UUID=${ROOT_HASH:0:8}-${ROOT_HASH:8:4}-${ROOT_HASH:12:4}-${ROOT_HASH:16:4}- # create GPT table with EFI System Partition if ! [[ -b "${IMAGE}" ]]; then - rm -f "${IMAGE}" - dd if=/dev/null of="${IMAGE}" bs=1MiB seek=$((15*1024)) count=1 + if ! [[ $UPDATE ]]; then + rm -f "${IMAGE}" + dd if=/dev/null of="${IMAGE}" bs=1MiB seek=$((15*1024)) count=1 + fi readonly DEV=$(losetup --show -f -P "${IMAGE}") readonly DEV_PART=${DEV}p else @@ -118,13 +131,16 @@ else umount "$i" || : done - wipefs --force --all "${IMAGE}" + if ! [[ $UPDATE ]]; then + wipefs --force --all "${IMAGE}" + fi readonly DEV="${IMAGE}" readonly DEV_PART="${IMAGE}" fi udevadm settle -sfdisk "${DEV}" << EOF +if ! [[ $UPDATE ]]; then + sfdisk "${DEV}" << EOF label: gpt size=512MiB, type=c12a7328-f81f-11d2-ba4b-00a0c93ec93b, name="ESP System Partition" size=64MiB, type=2c7357ed-ebd2-46d9-aec1-23d437ec2bf5, name="ver1", uuid=$HASH_UUID @@ -132,15 +148,21 @@ label: gpt type=3b8f8425-20e0-4f3b-907f-1a25a76f98e9, name="data" EOF -udevadm settle -for i in 1 2 3 4; do - wipefs --force --all ${DEV_PART}${i} -done -udevadm settle + udevadm settle + for i in 1 2 3 4; do + wipefs --force --all ${DEV_PART}${i} + done + udevadm settle +else + sfdisk --part-uuid ${DEV} 2 ${HASH_UUID} + sfdisk --part-uuid ${DEV} 3 ${ROOT_UUID} +fi # ------------------------------------------------------------------------------ # ESP -mkfs.fat -nEFI -F32 ${DEV_PART}1 +if ! [[ $UPDATE ]]; then + mkfs.fat -nEFI -F32 ${DEV_PART}1 +fi mkdir "$MY_TMPDIR"/boot mount ${DEV_PART}1 "$MY_TMPDIR"/boot @@ -158,8 +180,9 @@ dd if="$SOURCE"/root.squashfs.img of=${DEV_PART}3 status=progress # ------------------------------------------------------------------------------ # data -mkfs.xfs -L data ${DEV_PART}4 - +if ! [[ $UPDATE ]]; then + mkfs.xfs -L data ${DEV_PART}4 +fi # ------------------------------------------------------------------------------ # DONE diff --git a/pkglist.txt b/pkglist.txt index 5a7279e..59e1a4d 100644 --- a/pkglist.txt +++ b/pkglist.txt @@ -10,7 +10,6 @@ NetworkManager-vpnc NetworkManager-vpnc-gnome NetworkManager-wifi firefox -emacs vim-enhanced pigz flatpak @@ -63,3 +62,7 @@ fedora-gpg-keys bind-utils bash-completion nss-mdns +@development-tools +@development-libs +@c-development + diff --git a/prepare-root.sh b/prepare-root.sh index be64937..a8acd20 100755 --- a/prepare-root.sh +++ b/prepare-root.sh @@ -44,6 +44,7 @@ fi eval set -- "$TEMP" unset TEMP . /etc/os-release +unset NAME while true; do case "$1" in @@ -97,8 +98,8 @@ done [[ $EXCLUDELIST ]] || [[ -f excludelist.txt ]] && EXCLUDELIST=$( "$sysroot"/usr/rpm-list.txt mkdir -p "$sysroot"/overlay/efi @@ -243,6 +260,9 @@ ln -fsnr "$sysroot"/usr/lib/systemd/system/dbus-broker.service "$sysroot"/etc/sy if [[ -d "$sysroot"/etc/ssh ]]; then mv "$sysroot"/etc/ssh "$sysroot"/usr/share/factory/var/etc/ssh ln -sfnr "$sysroot"/var/etc/ssh "$sysroot"/etc/ssh + cat >> "$sysroot"/usr/lib/tmpfiles.d/ssh.conf <> "$sysroot"/usr/lib/tmpfiles.d/libvirt.conf < "$sysroot"/etc/sysctl.d/inotify.conf <"$sysroot"/etc/fstab < "$MY_TMPDIR"/options.txt -echo -n "$NAME $VERSION_ID" > "$MY_TMPDIR"/release.txt +echo -n "${NAME}-${VERSION_ID}" > "$MY_TMPDIR"/release.txt objcopy \ --add-section .release="$MY_TMPDIR"/release.txt --change-section-vma .release=0x20000 \ --add-section .cmdline="$MY_TMPDIR"/options.txt --change-section-vma .cmdline=0x30000 \ @@ -377,3 +415,6 @@ mv "$MY_TMPDIR"/root-hash.txt \ "$MY_TMPDIR"/linux \ "$MY_TMPDIR"/initrd \ "$OUTDIR" + +tar cf - -C "${OUTDIR%/*}" "${OUTDIR##*/}" | pigz -c > "$OUTDIR".tgz +echo "$ROOT_HASH ${NAME}-${VERSION_ID}" > "${OUTDIR%/*}/${NAME}-latest.txt" diff --git a/quirks/nss_db.sh b/quirks/nss_db.sh index d09ab54..e46bc1b 100644 --- a/quirks/nss_db.sh +++ b/quirks/nss_db.sh @@ -1,4 +1,3 @@ - sed -i -e 's#files#files db#g' "$sysroot"/etc/nsswitch.conf mkdir -p "$sysroot"/usr/db sed -i -e 's#/var/db#/usr/db#g' "$sysroot"/lib64/libnss_db-2*.so "$sysroot"/var/db/Makefile @@ -22,7 +21,7 @@ mv "$sysroot"/etc/passwd "$sysroot"/etc/sub{u,g}id "$sysroot"/etc/shadow "$sysro sed -i -e 's!^# directory = /etc!directory = /var!g' "$sysroot"/etc/libuser.conf for i in passwd shadow group gshadow .pwd.lock subuid subgid; do - ln -sfnr "$sysroot"/var/"$i" "$sysroot"/etc/"$i" + ln -sfnr "$sysroot"/var/"$i" "$sysroot"/etc/"$i" done sed -i -e 's#/etc/passwd#/var/passwd#g;s#/etc/npasswd#/var/npasswd#g' "$sysroot"/usr/lib64/security/pam_unix.so diff --git a/systemd-udev-settle-dri.service b/systemd-udev-settle-dri.service new file mode 100644 index 0000000..ccf1570 --- /dev/null +++ b/systemd-udev-settle-dri.service @@ -0,0 +1,26 @@ +# SPDX-License-Identifier: LGPL-2.1+ +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# This service can dynamically be pulled-in by legacy services which +# cannot reliably cope with dynamic device configurations, and wrongfully +# expect a populated /dev during bootup. + +[Unit] +Description=udev Wait for /dev/dri/card0 Device Initialization +Documentation=man:udev(7) man:systemd-udevd.service(8) +Wants=systemd-udevd.service +After=systemd-udev-trigger.service +Before=display-manager.service +ConditionPathIsReadWrite=/sys + +[Service] +Type=oneshot +TimeoutSec=180 +RemainAfterExit=yes +ExecStart=/usr/bin/udevadm settle --exit-if-exists=/dev/dri/card0 diff --git a/update.sh b/update.sh new file mode 100755 index 0000000..56cc25c --- /dev/null +++ b/update.sh @@ -0,0 +1,80 @@ +#!/bin/bash -ex + +BASEURL="$1" + +. /etc/os-release + +CURRENT_ROOT_HASH=$(