hi!
i guess a cryptroot install option is a good thing to have.
so find attached a diff for the install.sh.
regards,
x
PS: if there is a tool/way to get touchscreen userinput from the
console, please let me know
--- install.sh 2009-02-21 20:58:06.000000000 +0100
+++ install-x.sh 2009-02-23 07:19:06.000000000 +0100
@@ -4,6 +4,7 @@
#
# Copyright 2008 Joachim Breitner <[email protected]>
# Copyright 2008 Luca Capello <[email protected]>
+# cryptroot stuff and some fixes 2009 by <[email protected]>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -39,10 +40,11 @@ lc () {
#
# user variables
+HOSTNAME=${HOSTNAME:-`hostname`}
HOSTNAME=${HOSTNAME:-debian-gta02}
SD_DEVICE=${SD_DEVICE:-/dev/mmcblk0}
SD_PART1_FS=${SD_PART1_FS:-ext2}
-SD_PART1_SIZE=${SD_PART1_SIZE:-8}
+SD_PART1_SIZE=${SD_PART1_SIZE:-16}
SD_PART2_FS=${SD_PART2_FS:-ext3}
SD_SWAP_SIZE=${SD_SWAP_SIZE:-0}
INST_DIR=${INST_DIR:-/mnt/debian}
@@ -55,6 +57,7 @@ QI=${QI:-false}
QI_VERBOSE_BOOT=${QI_VERBOSE_BOOT:-false}
SINGLE_PART=${SINGLE_PART:-$QI}
WITH_WIFI=${WITH_WIFI:-none}
+CRYPTROOT=${CRYPTROOT:-false}
# hardening for the case that a user uses capitals
lc SD_PART1_FS SD_PART2_FS APT_RECOMMENDS QI QI_VERBOSE_BOOT FSO_DEVICE
@@ -82,6 +85,17 @@ CDEBOOTSTRAP_EXTRA_PACKAGES=ifupdown,dro
# This gets passed to cdebuildstrap. currently not used
CDEBOOTSTRAP_EXCLUDE_PACKAGES=hello
+# cryptroot options
+CRYPTSETUP_PACKAGE="$INST_MIRROR/pool/main/c/cryptsetup/cryptsetup_1.0.6-7_armel.deb"
+LIBDEVMAPPER_PACKAGE="$INST_MIRROR/pool/main/d/devmapper/libdevmapper1.02.1_1.02.27-4_armel.deb"
+LIBUUID_PACKAGE="$INST_MIRROR/pool/main/e/e2fsprogs/libuuid1_1.41.3-1_armel.deb"
+LIBSELINUX_PACKAGE="$INST_MIRROR/pool/main/libs/libselinux/libselinux1_2.0.65-5_armel.deb"
+CRYPTKERNEL_VERSION="2.6.28-oe1+gitr34240a1c06ae36180dee695aa25bbae869b2aa26-r3-om-gta02"
+CRYPTKERNELMODULES_VERSION="2.6.28-rc4"
+CRYPTKERNEL_PACKAGE="http://downloads.freesmartphone.org/fso-stable/milestone5/om-gta02/uImage-${CRYPTKERNEL_VERSION}.bin";
+CRYPTKERNELMODULES_PACKAGE="http://downloads.freesmartphone.org/fso-stable/milestone5/om-gta02/modules-${CRYPTKERNEL_VERSION}.tgz";
+intern_keytoinitrd="false"
+
# fso-specific packages
# With work around for some APT/aptitude bug (http://bugs.debian.org/435662)
FSO_PACKAGES="nodm matchbox-window-manager zhone fso-frameworkd fso-gpsd openmoko-panel-plugin dbus-x11 trayer fso-utils mtd-utils \
@@ -102,20 +116,65 @@ TAR_PACKAGE=$INST_MIRROR/pool/main/t/tar
# FUNCTIONS
#
+# fetch cryptsetup just in time and just if necessary
+cryptsetup_cmd () {
+ modprobe dm_crypt
+ if which cryptsetup; then
+ intern_cmd="cryptsetup"
+ elif [ -x /tmp/cryptsetup/sbin/cryptsetup ]; then
+ export LD_LIBRARY_PATH=/tmp/cryptsetup/lib
+ intern_cmd="/tmp/cryptsetup/sbin/cryptsetup"
+ else
+ echo " * Downloading cryptsetup package"
+ mkdir -p /tmp/cryptsetup
+ wget "${CRYPTSETUP_PACKAGE}" -O /tmp/cryptsetup/cryptsetup.deb
+ ( cd /tmp/cryptsetup; ar -x cryptsetup.deb data.tar.gz )
+ tar -xz -C /tmp/cryptsetup -f /tmp/cryptsetup/data.tar.gz
+ rm -f /tmp/cryptsetup/data.tar.gz
+ wget "${LIBDEVMAPPER_PACKAGE}" -O /tmp/cryptsetup/libdevmapper.deb
+ ( cd /tmp/cryptsetup; ar -x libdevmapper.deb data.tar.gz )
+ tar -xz -C /tmp/cryptsetup -f /tmp/cryptsetup/data.tar.gz
+ rm -f /tmp/cryptsetup/data.tar.gz
+ wget "${LIBUUID_PACKAGE}" -O /tmp/cryptsetup/libuuid.deb
+ ( cd /tmp/cryptsetup; ar -x libuuid.deb data.tar.gz )
+ tar -xz -C /tmp/cryptsetup -f /tmp/cryptsetup/data.tar.gz
+ rm -f /tmp/cryptsetup/data.tar.gz
+ wget "${LIBSELINUX_PACKAGE}" -O /tmp/cryptsetup/libselinux.deb
+ ( cd /tmp/cryptsetup; ar -x libselinux.deb data.tar.gz )
+ tar -xz -C /tmp/cryptsetup -f /tmp/cryptsetup/data.tar.gz
+ rm -f /tmp/cryptsetup/data.tar.gz
+# rm -rf /tmp/cryptsetup
+ export LD_LIBRARY_PATH=/tmp/cryptsetup/lib
+ intern_cmd="/tmp/cryptsetup/sbin/cryptsetup"
+ fi
+ ${intern_cmd} $@
+}
+
# fight against auto-mounting
umount_all () {
if [ -n "$VERBOSE" ]; then echo "Now unmounting all SD devices."; fi
- for I in $(seq 0 9); do
- cmd="mount | grep -q '^${SD_DEVICE}p$I'"
+ intern_dmdevs="";
+ if [ -d /dev/mapper ]; then
+ for i in /dev/mapper/*; do
+ if ! [ "${i}" = "/dev/mapper/control" ]; then
+ foo=`cryptsetup_cmd status "$i" | grep "^ *device: *" | sed "s/^ *device: *\(.*\)$/\1/"`
+ if [ -n "$foo" -a -z "${foo/#${SD_DEVICE}*/}" ]; then
+ intern_dmdevs="${intern_dmdevs} $i"
+ fi
+ fi
+ done
+ fi
+ for I in ${intern_dmdevs} "${SD_DEVICE}p"*; do
+ cmd="mount | grep -q '^${I}'"
if [ -n "$VERBOSE" ]; then echo -n " testing #$I ($cmd)"; fi
- if mount | grep -q "^${SD_DEVICE}p$I" ; then
+ if mount | grep -q "^${I}" ; then
if [ -n "$VERBOSE" ]; then
echo " unmounting"
else
- echo "W: ${SD_DEVICE}p$I is mounted, unmounting"
+ echo "W: ${I} is mounted, unmounting"
fi
- umount ${SD_DEVICE}p$I
- # if mount | grep -q ^${SD_DEVICE}p$I; then
+ umount "${I}"
+ # if mount | grep -q ^${I}"; then
# echo "E: Unmount failed"
# exit 1
# fi
@@ -123,6 +182,9 @@ umount_all () {
echo 'not mounted'
fi
done
+ for I in ${intern_dmdevs}; do
+ cryptsetup_cmd luksClose ${I}
+ done
if [ -n "$VERBOSE" ]; then echo "All SD devices unmounted."; fi
}
@@ -214,9 +276,15 @@ ENVIRONMENT
to 'none' will not install anything (default), 'wicd' is
supported as an experimental setup (set to '$WITH_WIFI').
This is not yet functional.
+ CRYPTROOT set this to true for an encrypted rootfs. Two partitions
+ have to be used, one unencrypted to boot kernel+initrd,
+ the other one for the encrypted rootfs.
Stages:
+ installkernel Installs a dm_crypt capable kernel into current system
+ which is necessary and must be booted in case of a
+ cryptroot installation
all Runs all the stages in the following order:
testing time partition format mount debian
apt fso configuration kernel unmount
@@ -258,6 +326,7 @@ OPTIONS
--part1-size sets the SD_PART1_SIZE variable
--swap-size sets the SD_SWAP_SIZE variable
--with-wifi sets the WITH_WIFI variable (experimental, not functional)
+ --cryptroot sets the CRYPTROOT variable
BUGS
Only the current (second) generation of devices is supported.
@@ -275,6 +344,7 @@ BUGS
AUTHORS
Copyright 2008 Joachim Breitner <[email protected]>
Copyright 2008 Luca Capello <[email protected]>
+ cryptroot stuff and some fixes 2009 by <[email protected]>
This program is licensed under the terms of GNU General Public
License either version 2, or (at your option) any later version.
@@ -315,6 +385,57 @@ __END__
#
+# Stage installkernel
+#
+action_installkernel () {
+ action_partition
+
+ if [ "$SD_PART1_FS" = "ext2" ]; then
+ intern_fs="ext2"
+ elif [ "$SD_PART1_FS" = "ext3" ]; then
+ intern_fs="ext2"
+ elif [ "$SD_PART1_FS" = "vfat" ]; then
+ intern_fs="fat"
+ fi
+ "mkfs.${SD_PART1_FS}" "${SD_DEVICE}p1"
+ mount -t auto "${SD_DEVICE}p1" "$INST_DIR"
+
+ echo "Installing dm_crypt capable kernel into current system"
+ cd /boot
+ wget "${CRYPTKERNEL_PACKAGE}"
+ cd "$INST_DIR"
+ cp -a "/boot/uImage-${CRYPTKERNEL_VERSION}.bin" .
+ ln -fs "uImage-${CRYPTKERNEL_VERSION}.bin" kernel.ub
+ cd /
+ wget "${CRYPTKERNELMODULES_PACKAGE}"
+ tar -xzf "modules-${CRYPTKERNEL_VERSION}.tgz"
+# intern_version=`tar -tzf "${CRYPTKERNELMODULES_PACKAGE}" | while read; do if (echo $REPLY | grep "^\(\./\)\?lib/modules/.*\?/") >/dev/null; then echo $REPLY | sed "s/^\(\.\?\/\)\?lib\/modules\/\(.*\?\)\//\2/"; break; fi; done;`
+# echo "${intern_version}" >"$INST_DIR/kernelversion-${CRYPTKERNEL_VERSION}"
+ rm "modules-${CRYPTKERNEL_VERSION}.tgz"
+ depmod -a "${CRYPTKERNELMODULES_VERSION}"
+ cat <<__END__
+
+We have now installed a kernel with dm_crypt support.
+To continue, shutdown and halt:
+ shutdown -h
+Then boot into a bootloader:
+ NAND-bootloader: press and hold POWER, after 1s press and hold AUX until menu appears
+ NOR-bootloader : press and hold AUX, then press and hold POWER until menu appears
+Connect to the bootloader via USB-Serial:
+ neocon -t 30 /dev/ttyACM0
+and at the bootloader prompt, enter the following commands:
+ setenv bootargs \${bootargs_base} \${mtdparts}
+ mmcinit
+ ${intern_fs}load mmc 1:1 0x32000000 /kernel.ub
+ bootm 0x32000000
+This should boot the system with the dm_crypt capable kernel, and you can continue with a cryptroot installation:
+ $0 --cryptroot true all
+A normal boot will boot the normal kernel.
+__END__
+}
+
+
+#
# Stage all
#
action_all () {
@@ -364,7 +485,7 @@ action_testing () {
fi
echo " * microSD card device: $SD_DEVICE present"
- for BINARY in wget ping fdisk mount umount mkfs.$SD_PART1_FS mkfs.$SD_PART2_FS gunzip dd sed rdate; do
+ for BINARY in wget ping fdisk sfdisk awk mount umount mkfs.$SD_PART1_FS mkfs.$SD_PART2_FS gunzip dd sed rdate; do
if ! which $BINARY > /dev/null; then
echo "E: Could not find $BINARY binary"
exit 1
@@ -425,6 +546,15 @@ action_testing () {
exit 1
fi
+ if [ "${CRYPTROOT}" = "true" ]; then
+ modprobe dm_crypt
+ if ! lsmod | grep -q "^dm_crypt"; then
+ echo "E: no dm_crypt capable kernel running."
+ echo " Run $0 installkernel to install one."
+ exit 1
+ fi
+ fi
+
echo "I: System setup looks good"
}
@@ -434,7 +564,7 @@ action_testing () {
action_time () {
echo "Fetching time from $RDATEHOST with rdate"
- rdate -s "$RDATEHOST"
+ rdate -s "$RDATEHOST" >/dev/null 2>&1
echo "I: Time is now `date`"
}
@@ -447,15 +577,21 @@ action_partition () {
umount_all
# put the partition table in a "known state"
- dd if=/dev/zero of=$SD_DEVICE bs=512 count=1
+ echo "Clearing MBR of SD."
+ if ! dd if=/dev/zero of=$SD_DEVICE bs=512 count=1 >/dev/null 2>&1; then
+ echo "Clearing MBR of SD with dd failed ($?)."
+ exit 1
+ fi
# run partitioner
rootpartno=2
bootfstypeno=83
- mb=$(echo pq | fdisk /dev/mmcblk0 | grep Disk| cut -f 3 -d \ )
- cylinders=$(echo pq | fdisk /dev/mmcblk0 | grep cylinders|grep heads|cut -f 5 -d\ )
- lastcylinder=$(($cylinders-($cylinders*$SD_SWAP_SIZE/$mb)))
+# mb=$(echo pq | fdisk /dev/mmcblk0 | grep Disk | cut -f 3 -d \ )
+ mb=$(sfdisk -s ${SD_DEVICE} 2>/dev/null)
+# cylinders=$(echo pq | fdisk /dev/mmcblk0 | grep cylinders | grep heads | cut -f 5 -d\ )
+ cylinders=$(sfdisk -G ${SD_DEVICE} 2>/dev/null | grep "^${SD_DEVICE}" | awk "{ print \$2 }")
+ lastcylinder=$(($cylinders-($cylinders*$SD_SWAP_SIZE/($mb/1024))))
if [ "vfat" = "$SD_PART1_FS" ]; then
bootfstypeno=4
@@ -465,7 +601,7 @@ action_partition () {
if [ "$SINGLE_PART" = "true" ]; then
echo "Preparing SD as a single Linux device."
partitionno=$(($partitionno+1))
- cat <<EOSINGLECONF > /tmp/argsToFdisk$$
+ cat <<EOSINGLECONF >/tmp/argsToFdisk$$
n
p
$partitionno
@@ -475,7 +611,7 @@ EOSINGLECONF
else
partitionno=$(($partitionno+1))
- cat <<EOBOOTCONF > /tmp/argsToFdisk$$
+ cat <<EOBOOTCONF >/tmp/argsToFdisk$$
n
p
$partitionno
@@ -486,7 +622,7 @@ $bootfstypeno
EOBOOTCONF
partitionno=$(($partitionno+1))
- cat <<EOROOTCONF >> /tmp/argsToFdisk$$
+ cat <<EOROOTCONF >>/tmp/argsToFdisk$$
n
p
$partitionno
@@ -500,7 +636,7 @@ EOROOTCONF
if [ 0 -lt "$SD_SWAP_SIZE" ]; then
partitionno=$(($partitionno+1))
- cat <<EOSWAPCONF >> /tmp/argsToFdisk$$
+ cat <<EOSWAPCONF >>/tmp/argsToFdisk$$
n
p
$partitionno
@@ -512,9 +648,9 @@ $partitionno
p
EOSWAPCONF
fi
- echo "w" >> /tmp/argsToFdisk$$
+ echo "w" >>/tmp/argsToFdisk$$
- if fdisk $SD_DEVICE < /tmp/argsToFdisk$$; then
+ if fdisk $SD_DEVICE </tmp/argsToFdisk$$ >/dev/null 2>&1; then
echo "Partitioning was successful."
if [ -n "$verbose" ]; then
echo "The following partitions have been created:"
@@ -524,7 +660,7 @@ EOSWAPCONF
else
echo "Partitioning failed, could not execute with fdisk:"
cat /tmp/argsToFdisk$$
- exit -1
+ exit 1
fi
@@ -553,6 +689,7 @@ EOSWAPCONF
action_format () {
echo
card_data_warning format
+
umount_all
echo " * Formatting the microSD card partitions"
@@ -560,7 +697,13 @@ action_format () {
mkfs.ext2 ${SD_DEVICE}p1
else
mkfs.$SD_PART1_FS ${SD_DEVICE}p1
- mkfs.$SD_PART2_FS ${SD_DEVICE}p2
+ if [ "$CRYPTROOT" = "true" ]; then
+ cryptsetup_cmd luksFormat ${SD_DEVICE}p2
+ cryptsetup_cmd luksOpen ${SD_DEVICE}p2 ${HOSTNAME}
+ mkfs.$SD_PART2_FS /dev/mapper/${HOSTNAME}
+ else
+ mkfs.$SD_PART2_FS ${SD_DEVICE}p2
+ fi
fi
echo "I: microSD card ready"
@@ -582,7 +725,11 @@ action_mount () {
mkdir -p $INST_DIR/boot
else
if [ -n "$verbose" ]; then echo "Mounting root partition to '$INST_DIR'."; fi
- mount -t auto ${SD_DEVICE}p2 $INST_DIR
+ if [ "$CRYPTROOT" = "true" ]; then
+ mount -t auto /dev/mapper/${HOSTNAME} $INST_DIR
+ else
+ mount -t auto ${SD_DEVICE}p2 $INST_DIR
+ fi
if [ "vfat" = "$SD_PART1_FS" ]; then
echo "You have a vfat boot filesystem. This is not mounted to /boot."
else
@@ -653,7 +800,7 @@ action_apt () {
echo "Configuring APT"
echo " * Creating /etc/apt/sources.list"
- cat > $INST_DIR/etc/apt/sources.list <<__END__
+ cat >"$INST_DIR/etc/apt/sources.list" <<__END__
deb $INST_MIRROR unstable main
deb $INST_MIRROR experimental main
deb $FSO_MIRROR unstable main
@@ -683,6 +830,11 @@ __END_CHROOT__
# Stage fso
#
action_fso () {
+ if [ "${CRYPTROOT}" = "true" ]; then
+ echo " * Installing initramfs-tools, cryptsetup, busybox and uboot-mkimage"
+ chroot "${INST_DIR}" apt-get --yes install initramfs-tools cryptsetup busybox uboot-mkimage
+ fi
+
# TODO
echo "Installing FSO-specific packages"
chroot $INST_DIR /bin/sh -e <<__END_CHROOT__
@@ -748,7 +900,7 @@ po::powerokwait:/etc/init.d/powerfail st
__END__
echo " * Creating /etc/modules"
- cat > $INST_DIR/etc/modules <<__END__
+ cat >"$INST_DIR/etc/modules" <<__END__
# USB RNDIS/Ethernet Gadget
g_ether
@@ -765,25 +917,25 @@ __END__
echo " * Creating /etc/fstab"
mkdir -p $INST_DIR/mnt/flash
- cat > $INST_DIR/etc/fstab <<__END__
+ cat >"$INST_DIR/etc/fstab" <<__END__
rootfs / auto defaults,errors=remount-ro,noatime 0 1
__END__
if [ "$SINGLE_PART" != "true" ]; then
if [ "ext2" = "$SD_PART1_FS" -o "ext3" = "$SD_PART1_FS" ]; then
- cat >> $INST_DIR/etc/fstab <<__END__
+ cat >>"$INST_DIR/etc/fstab" <<__END__
/dev/mmcblk0p1 /boot auto defaults,noatime 0 2
__END__
else
- cat >> $INST_DIR/etc/fstab <<__END__
+ cat >>"$INST_DIR/etc/fstab" <<__END__
/dev/mmcblk0p1 /boot auto defaults,noatime,noauto 0 2
__END__
fi
if [ 0 -lt "$SD_SWAP_SIZE" ]; then
- cat >> $INST_DIR/etc/fstab <<__END__
+ cat >>"$INST_DIR/etc/fstab" <<__END__
/dev/mmcblk0p3 none swap sw 0 0
__END__
@@ -791,14 +943,14 @@ __END__
else
# $SINGLE_PART = "true"
if [ 0 -lt "$SD_SWAP_SIZE" ]; then
- cat >> $INST_DIR/etc/fstab <<__END__
+ cat >>"$INST_DIR/etc/fstab" <<__END__
/dev/mmcblk0p2 none swap sw 0 0
__END__
fi
fi
- cat >> $INST_DIR/etc/fstab <<__END__
+ cat >>"$INST_DIR/etc/fstab" <<__END__
/dev/mtdblock6 /mnt/flash jffs2 defaults,noatime,noauto 0 2
proc /proc proc defaults 0 0
tmpfs /tmp tmpfs defaults,noatime 0 0
@@ -857,7 +1009,7 @@ __END__
fi
echo " * Installing /root/.xsession"
- cat > $INST_DIR/root/.xsession <<EOMATCHBOX
+ cat >"$INST_DIR/root/.xsession" <<EOMATCHBOX
#!/bin/sh
trayer --edge top &
openmoko-panel-plugin &
@@ -873,6 +1025,20 @@ EOMATCHBOX
;;
esac
+ if [ "$CRYPTROOT" = "true" ]; then
+ echo " * Configuring initramfs"
+ cat >>"$INST_DIR/etc/initramfs-tools/modules" <<__END__
+# USB RNDIS/Ethernet Gadget
+g_ether
+__END__
+ cat "$INST_DIR/etc/initramfs-tools/initramfs.conf" | sed "s/eth0/usb0/g" >$INST_DIR/etc/initramfs-tools/initramfs.conf.new; mv $INST_DIR/etc/initramfs-tools/initramfs.conf.new $INST_DIR/etc/initramfs-tools/initramfs.conf
+ cat >>"$INST_DIR/etc/crypttab" <<__END__
+${HOSTNAME} ${SD_DEVICE}p2 none luks
+__END__
+ cat "$INST_DIR/etc/fstab" | sed "s/^rootfs[ ]\+/\/dev\/mapper\/${HOSTNAME}\t/" >$INST_DIR/etc/fstab.new; mv $INST_DIR/etc/fstab.new $INST_DIR/etc/fstab
+
+ fi
+
echo "I: System configured"
}
@@ -882,61 +1048,94 @@ EOMATCHBOX
action_kernel () {
echo "Installing kernel package"
- intern_cmd="apt-get --yes install linux-image-2.6.28-openmoko-gta02"
-
- if [ "$SD_PART1_FS" = "vfat" ]; then
- intern_bootmountpoint=$(mount | grep "^${SD_DEVICE}p1"| cut -f3 -d\ )
- if [ -z "$intern_bootmountpoint" -o "boot" != "$(basename "$intern_bootmountpoint")" ]; then
- echo " * installing to /boot"
- chroot $INST_DIR $intern_cmd
- echo " * cleaning apt cache"
- chroot $INST_DIR apt-get clean
- echo " * copying /boot/uImage.bin to first partition"
- if [ -z "$intern_bootmountpoint" ]; then
- if [ -n "$VERBOSE" ]; then
- echo " Mounting first partition to /mnt/tmp_first_part_$$";
- fi
- mkdir /mnt/tmp_first_part_$$
- mount ${SD_DEVICE}p1 /mnt/tmp_first_part_$$
-
- if [ -n "$VERBOSE" ]; then
- echo " Copying $INST_DIR/boot/uImage.bin to /mnt/tmp_first_part_$$/"
- fi
- cp "$INST_DIR/boot/uImage.bin" "/mnt/tmp_first_part_$$/"
+ if [ "$CRYPTROOT" = "true" ]; then
+# intern_version=`cat "$INST_DIR/boot/kernelversion-${CRYPTKERNEL_VERSION}"`
+ echo " * Installing kernel image"
+ cp -a "/boot/uImage-$CRYPTKERNEL_VERSION.bin" "$INST_DIR/boot/"
+ ln -fs "uImage-$CRYPTKERNEL_VERSION.bin" "$INST_DIR/boot/kernel.ub"
+ echo " * Installing kernel modules"
+ mkdir -p "$INST_DIR/lib/modules"
+ cp -a "/lib/modules/${CRYPTKERNELMODULES_VERSION}" "$INST_DIR/lib/modules"
+ chroot "$INST_DIR" depmod -a
+
+ # not necessary?
+ #mount /proc
+ #mount -t sysfs /sys
+ #/etc/init.d/udev restart
+ #/etc/init.d/udev-mtab start
+ echo " * Creating initramdisk image"
+ if ! chroot "$INST_DIR" mkinitramfs -o "/boot/initrd-${CRYPTKERNELMODULES_VERSION}.cpio.gz" >/dev/null 2>&1; then
+ echo "E: mkinitramfs failed ($?)"
+ exit 1
+ fi
+ echo " * Creating initramdisk uboot image"
+ if ! chroot "$INST_DIR" mkimage -A arm -O linux -T ramdisk -C none -a 0x32800000 -n "Ramdisk Image" -d "/boot/initrd-${CRYPTKERNELMODULES_VERSION}.cpio.gz" "/boot/initrd-${CRYPTKERNELMODULES_VERSION}.cpio.gz.ub" >/dev/null 2>&1; then
+ echo "E: mkimage failed ($?)"
+ exit 1
+ fi
+ ln -fs "initrd-${CRYPTKERNELMODULES_VERSION}.cpio.gz.ub" "$INST_DIR/boot/initrd.ub"
+ rm -f "$INST_DIR/tmp/initrd-${CRYPTKERNELMODULES_VERSION}.cpio.gz"
+ intern_keytoinitrd="true"
+ #umount /sys
+ #umount /proc
+ #(exit)/etc/init.d/udev restart
+ else
+ intern_cmd="apt-get --yes install linux-image-2.6.28-openmoko-gta02"
- if [ -n "$VERBOSE" ]; then
- echo " Unmounting first partition from /mnt/tmp_first_part_$$"
+ if [ "$SD_PART1_FS" = "vfat" ]; then
+ intern_bootmountpoint=$(mount | grep "^${SD_DEVICE}p1" | cut -f3 -d\ )
+ if [ -z "$intern_bootmountpoint" -o "boot" != "$(basename "$intern_bootmountpoint")" ]; then
+ echo " * installing to /boot"
+ chroot $INST_DIR $intern_cmd
+ echo " * cleaning apt cache"
+ chroot $INST_DIR apt-get clean
+ echo " * copying /boot/uImage.bin to first partition"
+ if [ -z "$intern_bootmountpoint" ]; then
+ if [ -n "$VERBOSE" ]; then
+ echo " Mounting first partition to /mnt/tmp_first_part_$$";
+ fi
+ mkdir /mnt/tmp_first_part_$$
+ mount ${SD_DEVICE}p1 /mnt/tmp_first_part_$$
+
+ if [ -n "$VERBOSE" ]; then
+ echo " Copying $INST_DIR/boot/uImage.bin to /mnt/tmp_first_part_$$/"
+ fi
+ cp "$INST_DIR/boot/uImage.bin" "/mnt/tmp_first_part_$$/"
+
+ if [ -n "$VERBOSE" ]; then
+ echo " Unmounting first partition from /mnt/tmp_first_part_$$"
+ fi
+ umount /mnt/tmp_first_part_$$
+ rmdir /mnt/tmp_first_part_$$
+ else
+ if [ -n "$VERBOSE" ]; then
+ echo " Found first partitional already mounted to '$intern_bootmountpoint'."
+ fi
+ if [ -n "$VERBOSE" ]; then
+ echo " Copying $INST_DIR/boot/uImage.bin to '$intern_bootmountpoint/'."
+ fi
+ cp "$INST_DIR/boot/uImage.bin" "$intern_bootmountpoint/"
fi
- umount /mnt/tmp_first_part_$$
- rmdir /mnt/tmp_first_part_$$
- else
- if [ -n "$VERBOSE" ]; then
- echo " Found first partitional already mounted to '$intern_bootmountpoint'."
- fi
- if [ -n "$VERBOSE" ]; then
- echo " Copying $INST_DIR/boot/uImage.bin to '$intern_bootmountpoint/'."
- fi
- cp "$INST_DIR/boot/uImage.bin" "$intern_bootmountpoint/"
- fi
+ else
+ echo "W: when using $SD_PART1_FS as filesystem for the first microSD card"
+ echo " partition, you should manually install the kernel, since dpkg"
+ echo " does not support non-POSIX filesystems:"
+ echo " http://bugs.debian.org/bug=315493";
+ echo
+ echo " Make sure, the first partition is not mounted to the /boot"
+ echo " directory. Then "
+ echo " $intern_cmd"
+ echo " and copy /boot/uImage.bin to your first partition. When no longer"
+ echo " mounted to /boot, you may also rerun '$0 --part1-fs vfat kernel'."
+ return 0
+ fi
else
- echo "W: when using $SD_PART1_FS as filesystem for the first microSD card"
- echo " partition, you should manually install the kernel, since dpkg"
- echo " does not support non-POSIX filesystems:"
- echo " http://bugs.debian.org/bug=315493";
- echo
- echo " Make sure, the first partition is not mounted to the /boot"
- echo " directory. Then "
- echo " $intern_cmd"
- echo " and copy /boot/uImage.bin to your first partition. When no longer"
- echo " mounted to /boot, you may also rerun '$0 --part1-fs vfat kernel'."
- return 0
- fi
- else
- chroot $INST_DIR /bin/sh -e <<__END_CHROOT__
+ chroot $INST_DIR /bin/sh -e <<__END_CHROOT__
$intern_cmd
apt-get clean
__END_CHROOT__
+ fi
fi
echo "I: Kernel installed"
@@ -946,10 +1145,10 @@ __END_CHROOT__
BOOT_DIR=$INST_DIR/boot/boot
if [ "$SINGLE_PART" = "true" ]; then
BOOT_DIR=$INST_DIR/boot
- ln -s uImage.bin $BOOT_DIR/uImage-GTA02.bin
+ ln -fs uImage.bin $BOOT_DIR/uImage-GTA02.bin
else
mkdir $BOOT_DIR
- ln -s ../uImage.bin $BOOT_DIR/uImage-GTA02.bin
+ ln -fs ../uImage.bin $BOOT_DIR/uImage-GTA02.bin
fi
if [ "$SINGLE_PART" = "true" ]; then
@@ -979,15 +1178,43 @@ action_uboot () {
exit 1
fi
- cat > $INST_DIR/root/uboot_menu.in <<'__END__'
+ if [ "$SD_PART1_FS" = "ext2" ]; then
+ intern_fs="ext2"
+ elif [ "$SD_PART1_FS" = "ext3" ]; then
+ intern_fs="ext2"
+ elif [ "$SD_PART1_FS" = "vfat" ]; then
+ intern_fs="fat"
+ fi
+ if [ "$CRYPTROOT" = "true" ]; then
+ cat >"$INST_DIR/root/uboot_menu.in" <<__END__
bootcmd=
setenv bootargs
- ${bootargs_base} ${mtdparts}
- rootfstype=ext2 root=/dev/mmcblk0p2 rootdelay=5;
+ \${bootargs_base} \${mtdparts}
+ rootfstype=ext2 root=/dev/mapper/${HOSTNAME} rootdelay=5;
mmcinit;
- ext2load mmc 1 0x32000000 ${sd_image_name};
+ ${intern_fs}load mmc 1 0x32000000 /kernel.ub;
+ ${intern_fs}load mmc 1 0x32800000 /initrd.ub;
+ bootm 0x32000000 0x32800000
+
+__END__
+ else
+ if [ "$SINGLE_PART" = "true" ]; then
+ intern_rootpart="p1"
+ else
+ intern_rootpart="p2"
+ fi
+ cat >"$INST_DIR/root/uboot_menu.in" <<__END__
+bootcmd=
+ setenv bootargs
+ \${bootargs_base} \${mtdparts}
+ rootfstype=ext2 root=${SD_DEVICE}${intern_rootpart} rootdelay=5;
+ mmcinit;
+ ${intern_fs}load mmc 1 0x32000000 ${sd_image_name};
bootm 0x32000000
+__END__
+ fi
+ cat >>"$INST_DIR/root/uboot_menu.in" <<'__END__'
menu_1=
Boot from Flash:
setenv bootargs
@@ -1123,6 +1350,10 @@ do
assignParametername="$i"
assignVariablename="WITH_WIFI"
;;
+ "--cryptroot")
+ assignParametername="$i"
+ assignVariablename="CRYPTROOT"
+ ;;
"all")
action_testing
action_time
@@ -1135,9 +1366,11 @@ do
action_configuration
action_kernel
action_uboot
- action_unmount
+ if ! [ "${CRYPTROOT}" = "true" ]; then
+ action_unmount
+ fi
;;
- "testing"|"time"|"partition"|"format"|"mount"|"debian"|"apt"|"fso"|"configuration"|"kernel"|"unmount"|"uboot")
+ "installkernel"|"testing"|"time"|"partition"|"format"|"mount"|"debian"|"apt"|"fso"|"configuration"|"kernel"|"unmount"|"uboot")
if [ -z "$showHelp" ]; then
echo "Running stage $i"
action_$i
@@ -1176,5 +1409,32 @@ if [ -n "$showHelp" ]; then
usage
fi
+if [ "${intern_keytoinitrd}" = "true" ]; then
+ if [ "$SD_PART1_FS" = "ext2" ]; then
+ intern_fs="ext2"
+ elif [ "$SD_PART1_FS" = "ext3" ]; then
+ intern_fs="ext2"
+ elif [ "$SD_PART1_FS" = "vfat" ]; then
+ intern_fs="fat"
+ fi
+ cat <<__END__
+
+An initramdisk has been created. The keys in
+${INST_DIR}/etc/initramfs-tools/root/.ssh/ have been used as authorized
+key in the initramdisk. In case of no keys in that location, new keys have
+been generated.
+To log in to the initramdisk, you need these keys, so you should copy them to
+a machine you want to use to log in to the initramdisk (e.g. to unlock your
+rootfs) now.
+
+If you haven't updated your bootloader config yet, these are the bootloader
+commands to boot the dm_crypt capable kernel and the freshly installed OS:
+ setenv bootargs \${bootargs_base} \${mtdparts} rootfstype=ext2 root=/dev/mapper/${HOSTNAME} rootdelay=5;
+ mmcinit;
+ ${intern_fs}load mmc 1 0x32000000 /kernel.ub;
+ ${intern_fs}load mmc 1 0x32800000 /initrd.ub;
+ bootm 0x32000000 0x32800000
+__END__
+fi
exit 0
_______________________________________________
pkg-fso-maint mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/pkg-fso-maint
