diff --git a/package/base/device-mapper/device-mapper.conf b/package/base/device-mapper/device-mapper.conf index 1c39e813e..4b41181d5 100644 --- a/package/base/device-mapper/device-mapper.conf +++ b/package/base/device-mapper/device-mapper.conf @@ -20,5 +20,13 @@ # # --- ROCK-COPYRIGHT-NOTE-END --- +devicemapper_pm() { + mkdir -p $root/etc/conf/dm + cp $confdir/etc_conf_dm_initrd_dm $root/etc/conf/dm/initrd_dm + mkdir -p $root/etc/conf/initrd + cp $confdir/etc_conf_initrd_initrd_dm $root/etc/conf/initrd/initrd_dm +} + srcdir="device-mapper.$ver" [ "$root/$prefix" = "/usr" ] && confopt="" +postmake="devicemapper_pm" diff --git a/package/base/device-mapper/etc_conf_dm_initrd_dm b/package/base/device-mapper/etc_conf_dm_initrd_dm new file mode 100644 index 000000000..0903c692f --- /dev/null +++ b/package/base/device-mapper/etc_conf_dm_initrd_dm @@ -0,0 +1,256 @@ +#!/bin/bash + +read a b version c < /proc/version +while read device mountpoint status ; do + [ "${status}" == "plain" ] && continue + if [ ${rootfsmounted} -eq 0 -a "${mountpoint}" != "/" ] ; then # we need to have the rootfs mounted for all other filesystems to be mountable + echo "Mounting rootfs (${rootfs}) on /root" + initrd_mount ${rootfs} /root + rootfsmounted=1 + fi + if [ "${status}" == "encrypt" ] ; then # {{{ + echo "Encrypting ${device} on ${mountpoint}" + echo + echo "WARNING! Although this is usually safe you should make sure that your backups" + echo "are recent and working. Just in case something happens (power loss, ...)." + echo "If this process is interrupted your filesystem WILL BE INACCESSIBLE!" + echo + pass1="MEEP" + pass2="MOOP" + while [ "${pass1}" != "${pass2}" ] ; do + echo -n "Please enter the passphrase for encryption: " + read -s pass1 < /dev/console + echo + if [ -z "${pass1:20}" ] ; then + echo "Your passphrase is short and may thus be insecure." + echo -n "Enter it again to use it anyway: " + read -s passa < /dev/console + echo + if [ "${passa}" != "${pass1}" ] ; then + passa="ABCD" + pass1="MEEP" + pass2="MOOP" + continue + fi + passa="ABCD" + fi + echo -n "Please confirm the passphrase: " + read -s pass2 < /dev/console + echo + [ "${pass1}" != "${pass2}" ] && echo "The passphrases do not match!" + done + + pass1="`echo ${pass1} | md5sum`" + pass1=${pass1%% *} + encryptedname=${device//\//_}_encrypted + encryptedname=${encryptedname#_} + echo -n "Setting up encryption now ... " + echo 0 `/sbin/blockdev --getsize ${device}` crypt aes-plain ${pass1} 0 ${device} 0 | /sbin/dmsetup create ${encryptedname} + echo "done" + echo "I will now do a sanity check of the harddisk. This means" + echo "that the encryption process will be simulated by writing" + echo "to /dev/null instead of the encrypted partition." + echo "This ensures that the whole disk is readable and the" + echo "copy process won't fail because of a bad harddisk." + echo + echo -n "Press enter to continue ... " + read /dev/null ; then + echo "Starting dd, this will take some time. Go have some coffee :-)" + dd if=${device} of=/dev/null bs=1k conv=stat # conv=stat is my personal patch -- BRS + error=${?} + else + echo "Starting dd, this will take some time. No output will happen" + echo "while this is running. Go have some coffee :-)" + dd if=${device} of=/dev/null bs=1k + error=${?} + fi + if [ ${error} != 0 ] ; then + echo "An error occured!" + echo "Cowardly refusing to encrypt ${device}!" + /sbin/dmsetup remove ${encryptedname} + echo "Starting a shell" + echo + exec /bin/bash + continue + fi + echo "Now the critical part of the encryption process starts." + echo "I'm now copying the data bytewise from the unencrypted device to the" + echo "encrypted loopdevice. Make absolutely sure that this process won't be" + echo "interrupted!" + echo + echo -n "Press enter to start encrypting ... " + read < /dev/console + if /bin/dd if=/dev/zero of=/dev/null conv=stat count=1 2>/dev/null ; then + echo "Starting dd, this will take some time. Go have some coffee :-)" + dd if=${device} of=/dev/mapper/${encryptedname} bs=1k conv=stat # conv=stat is my personal patch -- BRS + else + echo "Starting dd, this will take some time. No output will happen" + echo "while this is running. Go have some coffee :-)" + dd if=${device} of=/dev/mapper/${encryptedname} bs=1k + fi + echo "Encrypting the data is done." + echo -n "Mounting encrypted ${device} on ${mountpoint} now ... " + if ! initrd_mount /dev/mapper/${encryptedname} /root/${mountpoint} ; then + echo "FAILED" + echo "Couldn't mount /dev/mapper/${encryptedname} on ${mountpoint}" + echo "Starting a shell" + echo + exec /bin/bash + fi + [ "${mountpoint}" == "/" ] && rootfsmounted=1 + echo "done" + echo "Remember to change the status of ${device} to encrypted using stone." + echo "Press enter to continue" + read < /dev/console + continue + fi # }}} + if [ "${status}" == "decrypt" ] ; then # {{{ + echo "Decrypting ${device} on ${mountpoint}" + echo + echo "WARNING! Although this is usually safe you should make sure that your backups" + echo "are recent and working. Just in case something happens (power loss, ...)." + echo "If this process is interrupted your filesystem WILL BE INACCESSIBLE!" + echo + pass1="MEEP" + pass2="MOOP" + while [ "${pass1}" != "${pass2}" ] ; do + echo -n "Please enter the passphrase for decryption: " + read -s pass1 < /dev/console + echo + echo -n "Please confirm the passphrase: " + read -s pass2 < /dev/console + echo + [ "${pass1}" != "${pass2}" ] && echo "The passphrases do not match!" + done + pass1="`echo ${pass1} | md5sum`" + pass1=${pass1%% *} + encryptedname=${device//\//_}_encrypted + encryptedname=${encryptedname#_} + + echo -n "Setting up decryption now ... " + echo 0 `/sbin/blockdev --getsize ${device}` crypt aes-plain ${pass1} 0 ${device} 0 | /sbin/dmsetup create ${encryptedname} + echo "done" + echo "I will now do a sanity check of the harddisk. This means" + echo "that the encryption process will be simulated by writing" + echo "to /dev/null instead of the encrypted partition." + echo "This ensures that the whole disk is readable and the" + echo "copy process won't fail because of a bad harddisk." + echo + echo -n "Press enter to continue ... " + read /dev/null ; then + echo "Starting dd, this will take some time. Go have some coffee :-)" + dd if=${device} of=/dev/null bs=1k conv=stat # conv=stat is my personal patch -- BRS + error=${?} + else + echo "Starting dd, this will take some time. No output will happen" + echo "while this is running. Go have some coffee :-)" + dd if=${device} of=/dev/null bs=1k + error=${?} + fi + if [ ${error} != 0 ] ; then + echo "An error occured!" + echo "Cowardly refusing to decrypt ${device}!" + echo "Starting a shell." + echo + exec /bin/bash + continue + fi + echo "Now the critical part of the decryption process starts." + echo "I'm now copying the data bytewise from the encrypted device to the" + echo "unencrypted loopdevice. Make absolutely sure that this process won't be" + echo "interrupted!" + echo + echo -n "Press enter to start decrypting ... " + read < /dev/console + if /bin/dd if=/dev/zero of=/dev/null conv=stat count=1 2>/dev/null ; then + echo "Starting dd, this will take some time. Go have some coffee :-)" + dd if=/dev/mapper/${encryptedname} of=${device} bs=1k conv=stat # conv=stat is my personal patch + else + echo "Starting dd, this will take some time. No output will happen" + echo "while this is running. Go have some coffee :-)" + dd if=/dev/mapper/${encryptedname} of=${device} bs=1k + fi + echo "Decrypting the data is done." + echo -n "Shutting down encryption ... " + /sbin/dmsetup remove ${encryptedname} + echo -n "done" + echo -n "Mounting ${device} on ${mountpoint} now ... " + if ! initrd_mount ${device} /root/${mountpoint} ; then + echo "FAILED" + echo "Couldn't mount ${device} on ${mountpoint}" + echo "Starting a shell" + echo + exec /bin/bash + fi + [ "${mountpoint}" == "/" ] && rootfsmounted=1 + echo "done" + echo "Remember to change the status of ${device} to 'plain' using stone." + echo "Press enter to continue" + read < /dev/console + continue + fi # }}} + if [ "${status}" == "swap" ] ; then # {{{ + echo "Creating encrypted swap on ${device}" + echo "setting up encryption" + echo -n "gathering entropy ... " + ent="" + while [ -z "${ent:128}" ] ; do + read -n 1 e < /dev/random + [ "${e}" == "\n" ] && continue + ent="${ent}${e}" + echo -n "." + done + ent="`echo ${ent} | md5sum`" + ent=${ent%% *} + echo + echo -n "setting up encryption ... " + encryptedname=${device//\//_}_encrypted + encryptedname=${encryptedname#_} + echo 0 `/sbin/blockdev --getsize ${device}` crypt aes-plain ${ent} 0 ${device} 0 | /sbin/dmsetup create ${encryptedname} + echo "done" + echo -n "creating swapspace ... " + if /sbin/mkswap /dev/mapper/${encryptedname} >/dev/null 2>&1 ; then + echo "success" + echo -n "activating swapspace ... " + if /sbin/swapon /dev/mapper/${encryptedname} ; then + echo "success" + else + echo "failed" + echo "booting without swap!" + fi + else + echo "failed" + echo "booting without swap!" + fi + fi # }}} + if [ "${status}" == "encrypted" ] ; then # {{{ + run=1 + while [ ${run} -eq 1 ] ; do + echo "Please enter the passphrase for ${device} on ${mountpoint}" + echo -n "Passphrase: " + read -s passphrase < /dev/console + echo + passphrase="`echo ${passphrase} | md5sum`" + passphrase=${passphrase%% *} + encryptedname=${device//\//_}_encrypted + encryptedname=${encryptedname#_} + echo 0 `/sbin/blockdev --getsize ${device}` crypt aes-plain ${passphrase} 0 ${device} 0 | /sbin/dmsetup create ${encryptedname} + if initrd_mount /dev/mapper/${encryptedname} /root/${mountpoint} < /dev/console ; then + run=0 + echo "Success" + else + /sbin/dmsetup remove ${encryptedname} + echo "Couldn't mount ${device} on ${mountpoint}" + echo -n "Continue without it [y/n] ? " + read -n 1 yn < /dev/console + echo + [ "${yn}" == "y" ] && run=0 + fi + done + + [ "${mountpoint}" == "/" ] && rootfsmounted=1 + continue + fi # }}} +done < /etc/dm/mounts diff --git a/package/base/device-mapper/etc_conf_initrd_initrd_dm b/package/base/device-mapper/etc_conf_initrd_initrd_dm new file mode 100644 index 000000000..c84f2b0ab --- /dev/null +++ b/package/base/device-mapper/etc_conf_initrd_initrd_dm @@ -0,0 +1,11 @@ +/etc/conf/dm/initrd_dm /etc/conf/dm +/etc/conf/dm/mounts /etc/dm/mounts +/bin/dd /bin/dd +/sbin/swapon /sbin/swapon +/sbin/mkswap /sbin/mkswap +/bin/grep /bin/grep +/bin/sed /bin/sed +/bin/cat /bin/cat +/usr/bin/md5sum /bin/md5sum +/sbin/blockdev /sbin/blockdev +/sbin/dmsetup /sbin/dmsetup diff --git a/package/blindcoder/rockinitrd/initrd_base.txt b/package/blindcoder/rockinitrd/initrd_base.txt new file mode 100644 index 000000000..e079fc119 --- /dev/null +++ b/package/blindcoder/rockinitrd/initrd_base.txt @@ -0,0 +1,7 @@ +/etc/conf/initrd/linuxrc /linuxrc +/bin/ln /bin/ln +/bin/rm /bin/rm +/sbin/udev /sbin/udev +/sbin/udevstart /sbin/udevstart +/sbin/udevd /sbin/udevd +/etc/udev /etc/udev diff --git a/package/blindcoder/rockinitrd/linuxrc b/package/blindcoder/rockinitrd/linuxrc new file mode 100644 index 000000000..70785c5ff --- /dev/null +++ b/package/blindcoder/rockinitrd/linuxrc @@ -0,0 +1,76 @@ +#!/bin/bash + +initrd_mount() { # {{{ + dev=${1} + mntpoint=${2} + + /sbin/fsck -C -a ${dev} + fsckrc=${?} + if [ ${fsckrc} -eq 8 ] ; then + return 1 + fi + if [ $(( ${fsckrc} & ~3 )) != 0 ] ; then + echo " **" + echo " ** Filesystem ${dev} || error=${?} failed (returncode=${fsckrc})." + echo " ** Please repair the broken disk(s) manually." + echo " **" + exec /bin/bash + elif [ $(( ${fsckrc} & 2 )) != 0 ] ; then + echo " **" + echo " ** fsck has requested the system to be rebooted." + echo " ** Running a shell." + echo " **" + echo + exec /bin/bash + fi + + mount -n ${dev} ${mntpoint} + return ${?} +} # }}} + +PATH="/sbin:/usr/sbin:/bin/:/usr/bin" + +rootfs="" +rootfsmounted=0 + +mount -n -t tmpfs none /tmp +mount -n -t proc none /proc +mount -n -t sysfs none /sys +mount -n -t ramfs none /dev +/sbin/udevd & +/sbin/udevstart +cd /dev +rm -rf fd +ln -sf /proc/self/fd +cd / + +while read dev mntpoint fstype options fsck1 fsck2 ; do + [ "${mntpoint}" == "/" ] && rootfs=${dev} + [ -n "${rootfs}" ] && break +done < /etc/fstab + +echo "loading kernel modules" +. /etc/conf/kernel + +for x in /etc/conf/* ; do + [ "${x}" == "/etc/conf/kernel" ] && continue + echo "Running ${x} ..." + . ${x} +done + +if [ ${rootfsmounted} -eq 0 ] ; then + echo "Mounting rootfs (${rootfs}) on /root" + initrd_mount ${rootfs} /root + rootfsmounted=1 +fi + +echo "starting init in /root" +echo "parameters passed to init: ${@}" +cd /root +mkdir -p /root/initrd +mount -n --move /tmp /root/tmp +mount -n --move /proc /root/proc +mount -n --move /sys /root/sys +mount -n --move /dev /root/dev +/sbin/pivot_root . initrd +exec chroot . /sbin/init "${@}" diff --git a/package/blindcoder/rockinitrd/mkinitrdnew.sh b/package/blindcoder/rockinitrd/mkinitrdnew.sh new file mode 100644 index 000000000..3d9460957 --- /dev/null +++ b/package/blindcoder/rockinitrd/mkinitrdnew.sh @@ -0,0 +1,99 @@ +#!/bin/sh + +kernel=`uname -r` +tmpdir=`mktemp -d` + +if [ -n "$1" ]; then + if [ -d "/lib/modules/$1" ]; then + kernel="$1" + else + echo "Can't open /lib/modules/$1: No such directory." + echo "Usage: $0 [ kernel-version ]" + exit 1 + fi +fi + +echo "Creating /boot/initrdnew-${kernel}.img ..." +mkdir -p $tmpdir/etc/conf +grep '^modprobe ' /etc/conf/kernel | grep -v 'no-initrd' | \ + sed 's,[ ]#.*,,' | \ + while read a b ; do + b="`find /lib/modules/$kernel -name "$b.o" -o -name "$b.ko"`" +#b=${b//`uname -r`/$kernel} # substitute autodetected value by correct value + echo "Adding $b." + mkdir -p $tmpdir/${b%/*} + cp $b $tmpdir/$b + echo "/sbin/insmod $b $c" >> $tmpdir/etc/conf/kernel + done +mkdir -p $tmpdir/dev $tmpdir/root $tmpdir/tmp $tmpdir/proc $tmpdir/sys +mknod $tmpdir/dev/ram0 b 1 0 +mknod $tmpdir/dev/null c 1 3 +mknod $tmpdir/dev/zero c 1 5 +mknod $tmpdir/dev/tty c 5 0 +mknod $tmpdir/dev/console c 5 1 +# this copies a set of programs and the necessary libraries into a +# chroot environment + +targetdir=$tmpdir +programs="/bin/bash /bin/bash2 /bin/sh /bin/ls /sbin/pivot_root /sbin/insmod /sbin/insmod.old /bin/mount /bin/umount /usr/bin/chroot /etc/fstab /bin/mkdir" + +libs="" +for x in $programs ; do + [ -e $x ] || continue + mkdir -p $targetdir/${x%/*} + cp -a $x $targetdir/$x + file $x | grep -q ELF || continue + libs="$libs `ldd $x 2>/dev/null | grep -v 'not a dynamic executable' | sed -e 's,^[\t ]*,,g' | cut -f 3 -d' '`" +done + +for x in /etc/conf/initrd/initrd_* ; do + [ -f $x ] || continue + while read file target ; do + if [ -d $file ] ; then + find $file -type f | while read f ; do + tfile=${targetdir}/${target}/${f#$file} + [ -e $tfile ] && continue + mkdir -p ${tfile%/*} + cp $f $tfile + libs="$libs `ldd $f 2>/dev/null | grep -v 'not a dynamic executable' | sed -e 's,^[\t ]*,,g' | cut -f 3 -d' '`" + done + fi + [ -f $file ] || continue + mkdir -p $targetdir/${target%/*} + cp $file $targetdir/$target + file $file | grep -q ELF || continue + libs="$libs `ldd $file 2>/dev/null | grep -v 'not a dynamic executable' | sed -e 's,^[\t ]*,,g' | cut -f 3 -d' '`" + done < $x +done + +while [ -n "$libs" ] ; do + oldlibs=$libs + libs="" + for x in $oldlibs ; do + mkdir -p $targetdir/${x%/*} + cp $x $targetdir/$x + file $x | grep -q ELF || continue + for y in `ldd $x 2>/dev/null | grep -v 'not a dynamic executable' | sed -e 's,^[\t ]*,,g' | cut -f 3 -d' '` ; do + [ ! -e "$targetdir/$y" ] && libs="$libs $y" + done + done +done + +# This works, but only for initrd images < 4 MB +itmp=`mktemp` +#/boot/initrdnew-${kernel}.img.tmp \ +dd if=/dev/zero of=${itmp} count=8192 bs=1024 > /dev/null 2>&1 +mke2fs -m 0 -N 5120 -F ${itmp} > /dev/null 2>&1 +mntpoint="`mktemp -d`" +mount -o loop ${itmp} $mntpoint +rmdir $mntpoint/lost+found/ +cp -a $tmpdir/* $mntpoint/ +umount -d $mntpoint +rmdir $mntpoint + +gzip -9 < ${itmp} > /boot/initrdnew-${kernel}.img +rm -f ${itmp} + +rm -rf $tmpdir +echo "Done." + diff --git a/package/blindcoder/rockinitrd/rockinitrd.conf b/package/blindcoder/rockinitrd/rockinitrd.conf new file mode 100644 index 000000000..534690ab1 --- /dev/null +++ b/package/blindcoder/rockinitrd/rockinitrd.conf @@ -0,0 +1,10 @@ +rockinitrd_main() { + mkdir -p $root/etc/conf/initrd + install -m 644 ${confdir}/initrd_base.txt $root/etc/conf/initrd/initrd_base + install -m 755 ${confdir}/linuxrc $root/etc/conf/initrd/linuxrc + install -m 755 ${confdir}/mkinitrdnew.sh $root/sbin/mkinitrdnew.sh +} + +autoextract=0 +srctar="none" +custmain="rockinitrd_main" diff --git a/package/blindcoder/rockinitrd/rockinitrd.desc b/package/blindcoder/rockinitrd/rockinitrd.desc new file mode 100644 index 000000000..0eb85c288 --- /dev/null +++ b/package/blindcoder/rockinitrd/rockinitrd.desc @@ -0,0 +1,43 @@ + +[COPY] --- ROCK-COPYRIGHT-NOTE-BEGIN --- +[COPY] +[COPY] This copyright note is auto-generated by ./scripts/Create-CopyPatch. +[COPY] Please add additional copyright information _after_ the line containing +[COPY] the ROCK-COPYRIGHT-NOTE-END tag. Otherwise it might get removed by +[COPY] the ./scripts/Create-CopyPatch script. Do not edit this copyright text! +[COPY] +[COPY] ROCK Linux: rock-src/package/blindcoder/rockinitrd/rockinitrd.desc +[COPY] ROCK Linux is Copyright (C) 1998 - 2005 Clifford Wolf +[COPY] +[COPY] This program is free software; you can redistribute it and/or modify +[COPY] it under the terms of the GNU General Public License as published by +[COPY] the Free Software Foundation; either version 2 of the License, or +[COPY] (at your option) any later version. A copy of the GNU General Public +[COPY] License can be found at Documentation/COPYING. +[COPY] +[COPY] Many people helped and are helping developing ROCK Linux. Please +[COPY] have a look at http://www.rocklinux.org/ and the Documentation/TEAM +[COPY] file for details. +[COPY] +[COPY] --- ROCK-COPYRIGHT-NOTE-END --- + +[I] The new ROCK initrd code + +[T] The new ROCK initrd is designed to ease the creation of an initrd based +[T] upon some ideas discussed on the RLML early 2005. These include: +[T] - fsck of rootfs and starting of network, sshd and sending of email in +[T] case of error +[T] - encrypted rootfs + +[U] http://www.rocklinux.org/ + +[A] Benjamin Schieder +[M] Benjamin Schieder + +[C] base/boot + +[L] GPL +[S] Beta +[V] 20050720 +[P] X -----5---9 800.000 +