initramfs changes for installer/livedisk

2018-12-31 18:41:27 -05:00 · 2018-12-31 18:41:27 -05:00 · 3d860fcd6e
commit 3d860fcd6e
parent 97385889a3
9 changed files with 125 additions and 2 deletions
--- a/meta-citadel/recipes-initrd/citadel-initramfs/citadel-initramfs.bb
+++ b/meta-citadel/recipes-initrd/citadel-initramfs/citadel-initramfs.bb
@ -10,6 +10,11 @@ SRC_URI = "\
    file://11-dm.rules \
    file://citadel-rootfs-mount.path \
    file://citadel-rootfs-mount.service \
+    file://citadel-rootfs-setup.service \
+    file://citadel-install-rootfs-mount.service \
+    file://citadel-install-rootfs-setup.service \
+    file://citadel-image.conf \
+    file://99-grsec.conf \
 "

 S = "${WORKDIR}"
@ -25,17 +30,30 @@ do_install() {
    install -d ${D}${systemd_system_unitdir}
    install -m 644 ${WORKDIR}/citadel-rootfs-mount.path ${D}${systemd_system_unitdir}
    install -m 644 ${WORKDIR}/citadel-rootfs-mount.service ${D}${systemd_system_unitdir}
+    install -m 644 ${WORKDIR}/citadel-rootfs-setup.service ${D}${systemd_system_unitdir}
+    install -m 644 ${WORKDIR}/citadel-install-rootfs-mount.service ${D}${systemd_system_unitdir}
+    install -m 644 ${WORKDIR}/citadel-install-rootfs-setup.service ${D}${systemd_system_unitdir}

    install -d ${D}${systemd_system_unitdir}/sysinit.target.wants
    ln -s ../citadel-rootfs-mount.path ${D}${systemd_system_unitdir}/sysinit.target.wants/citadel-rootfs-mount.path
+    ln -s ../citadel-rootfs-setup.service ${D}${systemd_system_unitdir}/sysinit.target.wants/citadel-rootfs-setup.service
+    ln -s ../citadel-install-rootfs-mount.service ${D}${systemd_system_unitdir}/sysinit.target.wants/citadel-install-rootfs-mount.service
+
+    install -d ${D}${libdir}/sysctl.d/
+    install -m 0644 ${WORKDIR}/99-grsec.conf ${D}${libdir}/sysctl.d/

    install -d ${D}${sysconfdir}
    install -m 644 ${WORKDIR}/initrd-release ${D}${sysconfdir}
    install -m 644 ${WORKDIR}/crypttab ${D}${sysconfdir}
    install -d ${D}${sysconfdir}/udev/rules.d
    install -m 644 ${WORKDIR}/11-dm.rules ${D}${sysconfdir}/udev/rules.d
+
+    install -d ${D}${datadir}/citadel
+    install -m 644 ${S}/citadel-image.conf ${D}${datadir}/citadel/
+
    install -d ${D}/dev
    mknod -m 622 ${D}/dev/console c 5 1
+    mknod -m 644 ${D}/dev/loop0 b 7 0
 }

 FILES_${PN} += "/dev/console /boot /dev /usr /etc /proc /run /sys /tmp"
--- a/meta-citadel/recipes-initrd/citadel-initramfs/files/99-grsec.conf
+++ b/meta-citadel/recipes-initrd/citadel-initramfs/files/99-grsec.conf
@ -0,0 +1,9 @@
+
+# disable some pax and grsecurity features so that debootstrap will work
+# this should be removed later
+
+kernel.grsecurity.chroot_caps = 0
+kernel.grsecurity.chroot_deny_chmod = 0
+kernel.grsecurity.chroot_deny_mknod = 0
+kernel.grsecurity.chroot_deny_mount = 0
+kernel.pax.softmode = 1
--- a/meta-citadel/recipes-initrd/citadel-initramfs/files/citadel-image.conf
+++ b/meta-citadel/recipes-initrd/citadel-initramfs/files/citadel-image.conf
@ -0,0 +1,3 @@
+[channel.testing]
+update_server = ""
+pubkey = "2adc094a709bb3f81f9b311dbd702b1d5598be8e80e2afac3b4e4eb66bbf82a4"
--- a/meta-citadel/recipes-initrd/citadel-initramfs/files/citadel-install-rootfs-mount.service
+++ b/meta-citadel/recipes-initrd/citadel-initramfs/files/citadel-install-rootfs-mount.service
@ -0,0 +1,25 @@
+[Unit]
+Description=Mount citadel rootfs in install/live mode
+DefaultDependencies=no
+
+# Only run in initramfs
+ConditionPathExists=/etc/initrd-release
+
+# Only run in install or live mode
+ConditionKernelCommandLine=|citadel.install
+ConditionKernelCommandLine=|citadel.live
+
+# Only run if root is set to this exact path
+ConditionKernelCommandLine=root=/dev/mapper/rootfs
+
+Wants=citadel-rootfs-setup.service citadel-install-rootfs-setup.service
+
+Requires=systemd-sysctl.service systemd-udev-settle.service
+After=systemd-sysctl.service systemd-udev-settle.service
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStartPre=/usr/bin/plymouth message --text="Copying files from boot disk and decompressing rootfs image"
+ExecStart=/usr/libexec/citadel-install copy-artifacts
+ExecStart=/usr/libexec/citadel-mount rootfs
--- a/meta-citadel/recipes-initrd/citadel-initramfs/files/citadel-install-rootfs-setup.service
+++ b/meta-citadel/recipes-initrd/citadel-initramfs/files/citadel-install-rootfs-setup.service
@ -0,0 +1,19 @@
+[Unit]
+Description=Set up citadel for install/live boot
+DefaultDependencies=no
+Conflicts=shutdown.target
+After=sysroot.mount citadel-rootfs-setup.service
+Requires=sysroot.mount
+Before=initrd-root-fs.target shutdown.target
+AssertPathExists=/etc/initrd-release
+
+# Only run in install or live modes 
+ConditionKernelCommandLine=|citadel.install
+ConditionKernelCommandLine=|citadel.live
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStartPre=/usr/bin/plymouth message --text="Setting up filesystem in RAM for live boot"
+ExecStart=/usr/libexec/citadel-install live-setup
+ExecStartPost=/usr/bin/plymouth message --text="Starting desktop"
--- a/meta-citadel/recipes-initrd/citadel-initramfs/files/citadel-rootfs-mount.path
+++ b/meta-citadel/recipes-initrd/citadel-initramfs/files/citadel-rootfs-mount.path
@ -1,5 +1,17 @@
 [Unit]
 Description=Watch for new entries in /dev/mapper
+DefaultDependencies=no
+
+# Only run in initramfs
+ConditionPathExists=/etc/initrd-release
+
+# Only run if root is set to this exact path, since that's
+# the path created by 'citadel-mount rootfs'
+ConditionKernelCommandLine=root=/dev/mapper/rootfs
+
+# Don't run if running from installer or in live mode
+ConditionKernelCommandLine=!citadel.install
+ConditionKernelCommandLine=!citadel.live

 [Path]
 PathChanged=/dev/mapper
--- a/meta-citadel/recipes-initrd/citadel-initramfs/files/citadel-rootfs-mount.service
+++ b/meta-citadel/recipes-initrd/citadel-initramfs/files/citadel-rootfs-mount.service
@ -1,11 +1,26 @@
 [Unit]
-Description=Mount citadel rootfs
+Description=Create rootfs device with citadel-mount rootfs
+DefaultDependencies=no

+#
+# Only run after all partitions have been discovered
+#
 ConditionPathExists=/dev/mapper/citadel-rootfsA
 ConditionPathExists=/dev/mapper/citadel-rootfsB
 ConditionPathExists=/dev/mapper/citadel-storage

+#
+# Pull in the unit that mounts 'extra' and 'modules' images
+#
+Wants=citadel-rootfs-setup.service
+
+#
+# citadel-mount needs to run in pax soft mode
+#
+Requires=systemd-sysctl.service
+After=systemd-sysctl.service
+
 [Service]
 Type=oneshot
 RemainAfterExit=yes
-ExecStart=/bin/sh -c 'echo "hello world"'
+ExecStart=/usr/libexec/citadel-mount rootfs
--- a/meta-citadel/recipes-initrd/citadel-initramfs/files/citadel-rootfs-setup.service
+++ b/meta-citadel/recipes-initrd/citadel-initramfs/files/citadel-rootfs-setup.service
@ -0,0 +1,14 @@
+[Unit]
+Description=Set up citadel rootfs by mounting 'modules' and 'extra'
+DefaultDependencies=no
+Conflicts=shutdown.target
+After=sysroot.mount
+Requires=sysroot.mount
+Before=initrd-root-fs.target shutdown.target
+AssertPathExists=/etc/initrd-release
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/libexec/citadel-mount modules
+ExecStart=/usr/libexec/citadel-mount extra 
--- a/meta-citadel/recipes-initrd/images/citadel-initramfs-image.bb
+++ b/meta-citadel/recipes-initrd/images/citadel-initramfs-image.bb
@ -4,6 +4,12 @@ NO_RECOMMENDATIONS = "1"

 PACKAGE_INSTALL = "\
    citadel-initramfs \
+    citadel-mount \
+    citadel-install \
+    strace \
+    xz \
+    tar \
+    btrfs-tools \
    base-passwd \
    busybox \
    kbd \
@ -75,6 +81,7 @@ PACKAGE_INSTALL = "\
    kernel-module-intel-ishtp \
    kernel-module-intel-ishtp-hid \
    kernel-module-intel-rng \
+    kernel-module-lz4 \
    kernel-module-msi-wmi \
    kernel-module-mxm-wmi \
    kernel-module-radeon \
@ -87,6 +94,7 @@ PACKAGE_INSTALL = "\
    kernel-module-wmi \
    kernel-module-xhci-plat-hcd \
    liberation-fonts \
+    util-linux \
    plymouth \
 "