update
This commit is contained in:
Harald Hoyer
parent
7d097f89e7
commit
d18cdafa5b
35
clonedisk.sh
35
clonedisk.sh
|
|
@ -37,6 +37,7 @@ while true; do
|
|||
shift 1; continue
|
||||
;;
|
||||
'--crypttpm2')
|
||||
USE_CRYPT="y"
|
||||
USE_TPM="y"
|
||||
shift 1; continue
|
||||
;;
|
||||
|
|
@ -139,14 +140,30 @@ for i in 1 2 3; do
|
|||
done
|
||||
|
||||
if ! [[ $UPDATE ]]; then
|
||||
swapoff ${OUT}6 || :
|
||||
# ------------------------------------------------------------------------------
|
||||
# swap
|
||||
echo -n "zero key" \
|
||||
| cryptsetup luksFormat --type luks2 ${OUT}6 /dev/stdin
|
||||
swapoff -a :
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
# data
|
||||
echo -n "zero key" \
|
||||
| cryptsetup luksFormat --type luks2 ${OUT}7 /dev/stdin
|
||||
if [[ $USE_CRYPT ]]; then
|
||||
# ------------------------------------------------------------------------------
|
||||
# swap
|
||||
echo -n "zero key" \
|
||||
| cryptsetup luksFormat --type luks2 ${OUT}6 /dev/stdin
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
# data
|
||||
echo -n "zero key" \
|
||||
| cryptsetup luksFormat --type luks2 ${OUT}7 /dev/stdin
|
||||
else
|
||||
mkswap ${OUT}6
|
||||
mkfs.xfs -L data ${OUT}7
|
||||
fi
|
||||
fi
|
||||
|
||||
efibootmgr -C -b FED1 -d ${OUT_DEV} -p 1 -L "FedoraBook 1" -l '\efi\fedorabook\1.efi'
|
||||
efibootmgr -C -b FED2 -d ${OUT_DEV} -p 1 -L "FedoraBook 2" -l '\efi\fedorabook\2.efi'
|
||||
efibootmgr -C -b FED3 -d ${OUT_DEV} -p 1 -L "FedoraBook Old 1" -l '\efi\fedorabook\_1.efi'
|
||||
efibootmgr -C -b FED4 -d ${OUT_DEV} -p 1 -L "FedoraBook Old 2" -l '\efi\fedorabook\_2.efi'
|
||||
|
||||
BOOT_ORDER=$(efibootmgr | grep BootOrder: | { read _ a; echo "$a"; })
|
||||
if ! [[ $BOOT_ORDER == *FED1* ]]; then
|
||||
efibootmgr -o "FED1,FED2,FED3,FED4,$BOOT_ORDER"
|
||||
fi
|
||||
|
|
|
|||
|
|
@ -77,3 +77,4 @@ libvirt-daemon-kvm
|
|||
squashfs-tools
|
||||
mc
|
||||
veritysetup
|
||||
rsync
|
||||
|
|
|
|||
|
|
@ -163,6 +163,7 @@ for i in passwd shadow group gshadow subuid subgid; do
|
|||
done
|
||||
|
||||
chown -R +0.+0 "$sysroot"
|
||||
chmod 0000 "$sysroot"/etc/{shadow,gshadow}
|
||||
|
||||
mkdir -p "$sysroot"/{dev,proc,sys,run}
|
||||
mount --bind /proc "$sysroot/proc"
|
||||
|
|
@ -235,6 +236,8 @@ find "$sysroot" -name '*.rpmnew' -print0 | xargs -0 rm -fv
|
|||
mkdir -p ${BASEDIR}/${NAME}
|
||||
for i in passwd shadow group gshadow subuid subgid; do
|
||||
cp "$sysroot"/etc/"$i" ${BASEDIR}/${NAME}
|
||||
chown "$USER" "${BASEDIR}/${NAME}/$i"
|
||||
chmod u+r "${BASEDIR}/${NAME}/$i"
|
||||
done
|
||||
|
||||
cp "$CURDIR/clonedisk.sh" "$sysroot"/usr/bin/clonedisk
|
||||
|
|
|
|||
|
|
@ -1,9 +1,10 @@
|
|||
chroot "$sysroot" bash -c 'useradd -G wheel admin'
|
||||
|
||||
sed -i -e 's#^\(passwd:.*\) files#\1 files db altfile#g;s#^\(shadow:.*\) files#\1 files altfiles db#g;s#^\(group:.*\) files#\1 files altfiles db#g' \
|
||||
"$sysroot"/etc/nsswitch.conf
|
||||
mkdir -p "$sysroot"/usr/db
|
||||
sed -i -e 's#/var/db#/usr/db#g' "$sysroot"/lib64/libnss_db-2*.so "$sysroot"/var/db/Makefile
|
||||
|
||||
chroot "$sysroot" bash -c 'useradd -G wheel admin'
|
||||
egrep -e '^(adm|wheel):.*' "$sysroot"/etc/group > "$sysroot"/etc/group.admin
|
||||
egrep -e '^(adm|wheel):.*' "$sysroot"/etc/gshadow > "$sysroot"/etc/gshadow.admin
|
||||
|
||||
|
|
@ -16,12 +17,16 @@ chroot "$sysroot" bash -c 'make -C /var/db /usr/db/passwd.db /usr/db/shadow.db /
|
|||
|
||||
mv "$sysroot"/etc/group.admin "$sysroot"/etc/group
|
||||
mv "$sysroot"/etc/gshadow.admin "$sysroot"/etc/gshadow
|
||||
chmod 0000 "$sysroot"/etc/gshadow
|
||||
|
||||
chroot "$sysroot" bash -c 'useradd admin; usermod -a -G wheel admin; echo -n admin | passwd --stdin admin'
|
||||
chroot "$sysroot" bash -c 'passwd -e admin'
|
||||
|
||||
mkdir -p "$sysroot"/usr/share/factory/var
|
||||
mv "$sysroot"/etc/passwd "$sysroot"/etc/sub{u,g}id "$sysroot"/etc/shadow "$sysroot"/etc/group "$sysroot"/etc/gshadow "$sysroot"/usr/share/factory/var
|
||||
|
||||
rm -f "$sysroot"/etc/shadow- "$sysroot"/etc/gshadow-
|
||||
|
||||
sed -i -e 's!^# directory = /etc!directory = /var!g' "$sysroot"/etc/libuser.conf
|
||||
|
||||
for i in passwd shadow group gshadow .pwd.lock subuid subgid; do
|
||||
|
|
|
|||
|
|
@ -79,9 +79,5 @@ sfdisk --part-uuid ${ROOT_DEV} ${ROOT_PARTNO} ${ROOT_UUID}
|
|||
mkdir -p /efi/EFI/${NAME}
|
||||
cp bootx64.efi /efi/EFI/${NAME}/${NEW_ROOT_NUM}.efi
|
||||
|
||||
# better swap prio with efibootmgr
|
||||
mv /efi/EFI/${NAME}/${OLD_ROOT_NUM}.efi /efi/EFI/${NAME}/_${OLD_ROOT_NUM}.efi
|
||||
|
||||
## unless proper boot entries set, just force copy to default boot loader
|
||||
cp bootx64.efi /efi/EFI/Boot/new_bootx64.efi
|
||||
mv --backup=simple /efi/EFI/Boot/new_bootx64.efi /efi/EFI/Boot/bootx64.efi
|
||||
rm /efi/EFI/${NAME}/_${NEW_ROOT_NUM}.efi
|
||||
|
|
|
|||
Loading…
Reference in a new issue