From 3d860fcd6ed5e81015ad43fee722d50f765c3a81 Mon Sep 17 00:00:00 2001 From: Bruce Leidl Date: Mon, 31 Dec 2018 18:41:27 -0500 Subject: [PATCH] initramfs changes for installer/livedisk --- .../citadel-initramfs/citadel-initramfs.bb | 18 +++++++++++++ .../citadel-initramfs/files/99-grsec.conf | 9 +++++++ .../files/citadel-image.conf | 3 +++ .../citadel-install-rootfs-mount.service | 25 +++++++++++++++++++ .../citadel-install-rootfs-setup.service | 19 ++++++++++++++ .../files/citadel-rootfs-mount.path | 12 +++++++++ .../files/citadel-rootfs-mount.service | 19 ++++++++++++-- .../files/citadel-rootfs-setup.service | 14 +++++++++++ .../images/citadel-initramfs-image.bb | 8 ++++++ 9 files changed, 125 insertions(+), 2 deletions(-) create mode 100644 meta-citadel/recipes-initrd/citadel-initramfs/files/99-grsec.conf create mode 100644 meta-citadel/recipes-initrd/citadel-initramfs/files/citadel-image.conf create mode 100644 meta-citadel/recipes-initrd/citadel-initramfs/files/citadel-install-rootfs-mount.service create mode 100644 meta-citadel/recipes-initrd/citadel-initramfs/files/citadel-install-rootfs-setup.service create mode 100644 meta-citadel/recipes-initrd/citadel-initramfs/files/citadel-rootfs-setup.service diff --git a/meta-citadel/recipes-initrd/citadel-initramfs/citadel-initramfs.bb b/meta-citadel/recipes-initrd/citadel-initramfs/citadel-initramfs.bb index c242400..d1807b2 100644 --- a/meta-citadel/recipes-initrd/citadel-initramfs/citadel-initramfs.bb +++ b/meta-citadel/recipes-initrd/citadel-initramfs/citadel-initramfs.bb @@ -10,6 +10,11 @@ SRC_URI = "\ file://11-dm.rules \ file://citadel-rootfs-mount.path \ file://citadel-rootfs-mount.service \ + file://citadel-rootfs-setup.service \ + file://citadel-install-rootfs-mount.service \ + file://citadel-install-rootfs-setup.service \ + file://citadel-image.conf \ + file://99-grsec.conf \ " S = "${WORKDIR}" @@ -25,17 +30,30 @@ do_install() { install -d ${D}${systemd_system_unitdir} install -m 644 ${WORKDIR}/citadel-rootfs-mount.path ${D}${systemd_system_unitdir} install -m 644 ${WORKDIR}/citadel-rootfs-mount.service ${D}${systemd_system_unitdir} + install -m 644 ${WORKDIR}/citadel-rootfs-setup.service ${D}${systemd_system_unitdir} + install -m 644 ${WORKDIR}/citadel-install-rootfs-mount.service ${D}${systemd_system_unitdir} + install -m 644 ${WORKDIR}/citadel-install-rootfs-setup.service ${D}${systemd_system_unitdir} install -d ${D}${systemd_system_unitdir}/sysinit.target.wants ln -s ../citadel-rootfs-mount.path ${D}${systemd_system_unitdir}/sysinit.target.wants/citadel-rootfs-mount.path + ln -s ../citadel-rootfs-setup.service ${D}${systemd_system_unitdir}/sysinit.target.wants/citadel-rootfs-setup.service + ln -s ../citadel-install-rootfs-mount.service ${D}${systemd_system_unitdir}/sysinit.target.wants/citadel-install-rootfs-mount.service + + install -d ${D}${libdir}/sysctl.d/ + install -m 0644 ${WORKDIR}/99-grsec.conf ${D}${libdir}/sysctl.d/ install -d ${D}${sysconfdir} install -m 644 ${WORKDIR}/initrd-release ${D}${sysconfdir} install -m 644 ${WORKDIR}/crypttab ${D}${sysconfdir} install -d ${D}${sysconfdir}/udev/rules.d install -m 644 ${WORKDIR}/11-dm.rules ${D}${sysconfdir}/udev/rules.d + + install -d ${D}${datadir}/citadel + install -m 644 ${S}/citadel-image.conf ${D}${datadir}/citadel/ + install -d ${D}/dev mknod -m 622 ${D}/dev/console c 5 1 + mknod -m 644 ${D}/dev/loop0 b 7 0 } FILES_${PN} += "/dev/console /boot /dev /usr /etc /proc /run /sys /tmp" diff --git a/meta-citadel/recipes-initrd/citadel-initramfs/files/99-grsec.conf b/meta-citadel/recipes-initrd/citadel-initramfs/files/99-grsec.conf new file mode 100644 index 0000000..8d5131e --- /dev/null +++ b/meta-citadel/recipes-initrd/citadel-initramfs/files/99-grsec.conf @@ -0,0 +1,9 @@ + +# disable some pax and grsecurity features so that debootstrap will work +# this should be removed later + +kernel.grsecurity.chroot_caps = 0 +kernel.grsecurity.chroot_deny_chmod = 0 +kernel.grsecurity.chroot_deny_mknod = 0 +kernel.grsecurity.chroot_deny_mount = 0 +kernel.pax.softmode = 1 diff --git a/meta-citadel/recipes-initrd/citadel-initramfs/files/citadel-image.conf b/meta-citadel/recipes-initrd/citadel-initramfs/files/citadel-image.conf new file mode 100644 index 0000000..f7123f7 --- /dev/null +++ b/meta-citadel/recipes-initrd/citadel-initramfs/files/citadel-image.conf @@ -0,0 +1,3 @@ +[channel.testing] +update_server = "" +pubkey = "2adc094a709bb3f81f9b311dbd702b1d5598be8e80e2afac3b4e4eb66bbf82a4" diff --git a/meta-citadel/recipes-initrd/citadel-initramfs/files/citadel-install-rootfs-mount.service b/meta-citadel/recipes-initrd/citadel-initramfs/files/citadel-install-rootfs-mount.service new file mode 100644 index 0000000..7924846 --- /dev/null +++ b/meta-citadel/recipes-initrd/citadel-initramfs/files/citadel-install-rootfs-mount.service @@ -0,0 +1,25 @@ +[Unit] +Description=Mount citadel rootfs in install/live mode +DefaultDependencies=no + +# Only run in initramfs +ConditionPathExists=/etc/initrd-release + +# Only run in install or live mode +ConditionKernelCommandLine=|citadel.install +ConditionKernelCommandLine=|citadel.live + +# Only run if root is set to this exact path +ConditionKernelCommandLine=root=/dev/mapper/rootfs + +Wants=citadel-rootfs-setup.service citadel-install-rootfs-setup.service + +Requires=systemd-sysctl.service systemd-udev-settle.service +After=systemd-sysctl.service systemd-udev-settle.service + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStartPre=/usr/bin/plymouth message --text="Copying files from boot disk and decompressing rootfs image" +ExecStart=/usr/libexec/citadel-install copy-artifacts +ExecStart=/usr/libexec/citadel-mount rootfs diff --git a/meta-citadel/recipes-initrd/citadel-initramfs/files/citadel-install-rootfs-setup.service b/meta-citadel/recipes-initrd/citadel-initramfs/files/citadel-install-rootfs-setup.service new file mode 100644 index 0000000..52aabd5 --- /dev/null +++ b/meta-citadel/recipes-initrd/citadel-initramfs/files/citadel-install-rootfs-setup.service @@ -0,0 +1,19 @@ +[Unit] +Description=Set up citadel for install/live boot +DefaultDependencies=no +Conflicts=shutdown.target +After=sysroot.mount citadel-rootfs-setup.service +Requires=sysroot.mount +Before=initrd-root-fs.target shutdown.target +AssertPathExists=/etc/initrd-release + +# Only run in install or live modes +ConditionKernelCommandLine=|citadel.install +ConditionKernelCommandLine=|citadel.live + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStartPre=/usr/bin/plymouth message --text="Setting up filesystem in RAM for live boot" +ExecStart=/usr/libexec/citadel-install live-setup +ExecStartPost=/usr/bin/plymouth message --text="Starting desktop" diff --git a/meta-citadel/recipes-initrd/citadel-initramfs/files/citadel-rootfs-mount.path b/meta-citadel/recipes-initrd/citadel-initramfs/files/citadel-rootfs-mount.path index 85d60d4..e730764 100644 --- a/meta-citadel/recipes-initrd/citadel-initramfs/files/citadel-rootfs-mount.path +++ b/meta-citadel/recipes-initrd/citadel-initramfs/files/citadel-rootfs-mount.path @@ -1,5 +1,17 @@ [Unit] Description=Watch for new entries in /dev/mapper +DefaultDependencies=no + +# Only run in initramfs +ConditionPathExists=/etc/initrd-release + +# Only run if root is set to this exact path, since that's +# the path created by 'citadel-mount rootfs' +ConditionKernelCommandLine=root=/dev/mapper/rootfs + +# Don't run if running from installer or in live mode +ConditionKernelCommandLine=!citadel.install +ConditionKernelCommandLine=!citadel.live [Path] PathChanged=/dev/mapper diff --git a/meta-citadel/recipes-initrd/citadel-initramfs/files/citadel-rootfs-mount.service b/meta-citadel/recipes-initrd/citadel-initramfs/files/citadel-rootfs-mount.service index fe91c27..d434fc0 100644 --- a/meta-citadel/recipes-initrd/citadel-initramfs/files/citadel-rootfs-mount.service +++ b/meta-citadel/recipes-initrd/citadel-initramfs/files/citadel-rootfs-mount.service @@ -1,11 +1,26 @@ [Unit] -Description=Mount citadel rootfs +Description=Create rootfs device with citadel-mount rootfs +DefaultDependencies=no +# +# Only run after all partitions have been discovered +# ConditionPathExists=/dev/mapper/citadel-rootfsA ConditionPathExists=/dev/mapper/citadel-rootfsB ConditionPathExists=/dev/mapper/citadel-storage +# +# Pull in the unit that mounts 'extra' and 'modules' images +# +Wants=citadel-rootfs-setup.service + +# +# citadel-mount needs to run in pax soft mode +# +Requires=systemd-sysctl.service +After=systemd-sysctl.service + [Service] Type=oneshot RemainAfterExit=yes -ExecStart=/bin/sh -c 'echo "hello world"' +ExecStart=/usr/libexec/citadel-mount rootfs diff --git a/meta-citadel/recipes-initrd/citadel-initramfs/files/citadel-rootfs-setup.service b/meta-citadel/recipes-initrd/citadel-initramfs/files/citadel-rootfs-setup.service new file mode 100644 index 0000000..f21fd7c --- /dev/null +++ b/meta-citadel/recipes-initrd/citadel-initramfs/files/citadel-rootfs-setup.service @@ -0,0 +1,14 @@ +[Unit] +Description=Set up citadel rootfs by mounting 'modules' and 'extra' +DefaultDependencies=no +Conflicts=shutdown.target +After=sysroot.mount +Requires=sysroot.mount +Before=initrd-root-fs.target shutdown.target +AssertPathExists=/etc/initrd-release + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/libexec/citadel-mount modules +ExecStart=/usr/libexec/citadel-mount extra diff --git a/meta-citadel/recipes-initrd/images/citadel-initramfs-image.bb b/meta-citadel/recipes-initrd/images/citadel-initramfs-image.bb index 190e50b..8574f9a 100644 --- a/meta-citadel/recipes-initrd/images/citadel-initramfs-image.bb +++ b/meta-citadel/recipes-initrd/images/citadel-initramfs-image.bb @@ -4,6 +4,12 @@ NO_RECOMMENDATIONS = "1" PACKAGE_INSTALL = "\ citadel-initramfs \ + citadel-mount \ + citadel-install \ + strace \ + xz \ + tar \ + btrfs-tools \ base-passwd \ busybox \ kbd \ @@ -75,6 +81,7 @@ PACKAGE_INSTALL = "\ kernel-module-intel-ishtp \ kernel-module-intel-ishtp-hid \ kernel-module-intel-rng \ + kernel-module-lz4 \ kernel-module-msi-wmi \ kernel-module-mxm-wmi \ kernel-module-radeon \ @@ -87,6 +94,7 @@ PACKAGE_INSTALL = "\ kernel-module-wmi \ kernel-module-xhci-plat-hcd \ liberation-fonts \ + util-linux \ plymouth \ "