diff --git a/docs/howto.md b/docs/howto.md deleted file mode 100644 index 42cdb62..0000000 --- a/docs/howto.md +++ /dev/null @@ -1,99 +0,0 @@ - -# How to make rootfs writable - -1. Open Citadel terminal - -2. Su to root - - $ su - -3. Remount root as read-write - - # mount -o remount,rw / - -# How to change timezone - -1. Make rootfs writable - -2. Run Setting application in Gnome, change timezone in Details -> Date & Time - -# How to change Gnome lock screen passwd - -1. Open Citadel terminal - -2. Generate new password with openssl - - $ openssl passwd - Password: - Verifying - Password: - sGYyWXqDuh64g - -3. Su to root - - $ su - -4. Make rootfs writable - - # mount -o remount,rw / - -5. Copy new password hash into /etc/shadow - - # vim /etc/shadow - -# How to install image update - -1. Open Citadel terminal - -2. Su to root - -3. Determine if current boot is from rootfsA or rootfsB. Make sure you don't overwrite the currently mounted rootfs partition! - - # findmnt / - TARGET SOURCE FSTYPE OPTIONS - / /dev/mapper/citadel-rootfsA ext2 rw,relatime,errors=continue,user_xattr - -4. Locate the rootfs update image you want to install - - # file /storage/user-data/primary-home/citadel-image-intel-corei7-64.ext2 - /storage/user-data/primary-home/citadel-image-intel-corei7-64.ext2: Linux rev 1.0 ext2 filesystem data, UUID=d9dd20e9-9286-4c60-9dc3-37c68e36481c (large files) - -5. Write to the correct partition with dd command. - - # dd if=/storage/user-data/primary-home/citadel-image-intel-corei7-64.ext2 of=/dev/mapper/citadel-rootfsB bs=4M - 255+1 records in - 255+1 records out - 1071823872 bytes (1.1 GB, 1022 MiB) copied, 3.01726 s, 355 MB/s - -6. Sync just to be sure everything is flushed to disk, then reboot into new image. - - # sync - # reboot - -# How to have hardware graphics acceleration for applications - -1. Open Citadel terminal - -2. Su to root - -3. Make rootfs writable - - # mount -o remount,rw / - -4. Enable /dev/dri/renderD128 bind mount in primary.nspawn file - - # vim /etc/systemd/nspawn/primary.nspawn - -# How to use Qemu? - -1. Open Citadel terminal - -2. Su to root - -3. Make rootfs writable - - # mount -o remount,rw / - -4. Enable /dev/kvm bind mount in primary.nspawn file - - # vim /etc/systemd/nspawn/primary.nspawn - diff --git a/scripts/create_install_pack b/scripts/create_install_pack deleted file mode 100755 index 0cf3475..0000000 --- a/scripts/create_install_pack +++ /dev/null @@ -1,70 +0,0 @@ -#!/bin/bash - -SCRIPT=$(realpath ${BASH_SOURCE}) -IMAGES=$(realpath $(dirname ${SCRIPT})/../build/images/) - -image_file() { - local fname=$(readlink -f ${IMAGES}/${1}) - if [[ ! -f ${fname} ]]; then - >&2 printf "File ${fname} does not exist\n" - exit 1 - fi - printf $fname -} - - -EFIBOOT=$(image_file systemd-bootx64.efi) -KERNEL=$(image_file bzImage) -ROOTFS=$(image_file citadel-image-intel-corei7-64.ext2) -APPIMG_ROOTFS=$(image_file ../appimg/appimg-rootfs.tar.xz) -HOWTO=$(image_file ../../docs/howto.md) -INSTALL_SH=$(image_file ../../scripts/install.sh) - -KERNEL_CMDLINE="add_efi_memmap intel_iommu=off cryptomgr.notests rcupdate.rcu_expedited=1 rcu_nocbs=0-64 tsc=reliable no_timer_check noreplace-smp i915.fastboot=1 quiet splash" - -INSTALLPACK=/tmp/installpack -BOOTPATH=${INSTALLPACK}/boot - -make_loader_conf() { - echo "default bootA" - echo "timeout 5" -} - -make_boot_conf() { - echo "title Subgraph OS (Citadel) [Root Partition ${1}]" - echo "linux /bzImage" - echo "options LABEL=Boot root=/dev/mapper/citadel-rootfs${1} ${KERNEL_CMDLINE}" -} - -setup_boot() { - mkdir -p ${BOOTPATH}/EFI/BOOT - mkdir -p ${BOOTPATH}/loader/entries - cp ${EFIBOOT} ${BOOTPATH}/EFI/BOOT/bootx64.efi - cp ${KERNEL} ${BOOTPATH}/bzImage - make_loader_conf > ${BOOTPATH}/loader/loader.conf - make_boot_conf 'A' > ${BOOTPATH}/loader/entries/bootA.conf - make_boot_conf 'B' > ${BOOTPATH}/loader/entries/bootB.conf -} - - -rm -rf /tmp/installpack -mkdir -p /tmp/installpack/components -setup_boot -cp ${ROOTFS} /tmp/installpack/components/citadel-image-rootfs.ext2 -cp ${APPIMG_ROOTFS} /tmp/installpack/components/ -cp ${HOWTO} /tmp/installpack/components/ -cp ${INSTALL_SH} /tmp/installpack -chmod +x /tmp/installpack/install.sh - -( -echo "Date : $(date)" -echo "Git : $(git rev-parse HEAD)" -pushd /tmp/installpack > /dev/null -echo -echo " $(sha256sum components/citadel-image-rootfs.ext2)" -echo " $(sha256sum components/appimg-rootfs.tar.xz)" -popd > /dev/null -) > /tmp/installpack/build.info - -tar -C /tmp -cvf installpack.tar installpack -#rm -rf /tmp/installpack diff --git a/scripts/install.sh b/scripts/install.sh deleted file mode 100755 index 82abd1e..0000000 --- a/scripts/install.sh +++ /dev/null @@ -1,189 +0,0 @@ -#!/bin/bash - -set -e -set -u - -blkdev_info() { - local model=$(< /sys/block/${1}/device/model) - local size=$(printf "%sG" $(( $(> 21 ))) - printf " Device: /dev/${1}\n" - printf " Size: ${size}\n" - printf " Model: ${model}\n" -} - -errormsg() { - printf "Failed: ${1}\n" - exit 1 -} - -info() { - printf "[+] ${1}\n" -} - -passphrase="" - -ask_passphrase() { - local p1 p2 - for i in {1..3} - do - read -s -p "Enter passphrase for disk encryption: " p1 - echo - read -s -p " Confirm passphrase: " p2 - echo - - if [[ ${p1} != ${p2} ]]; then - printf "THe passphrases did not match\n" - elif [[ -z ${p1} ]] ; then - printf "Passphrase cannot be empty\n" - else - passphrase=${p1} - return - fi - done - errormsg "Too many attempts, Unable to set disk encryption passphrase" -} - -confirm_device() { - if [[ ! -b ${1} ]]; then - errormsg "No block device '${1}' found" - fi - - local base=$(basename ${1}) - - if [[ ! -e /sys/block/${base}/device ]]; then - errormsg "Unable to find device path /sys/block/${base}/device" - fi - - printf "Are you sure you want to overwrite this device\n\n%s\n\n" "$(blkdev_info ${base})" - read -p "Type YES (uppercase) to continue: " confirm - if [[ ${confirm} != "YES" ]]; then - echo "Install not confirmed, exiting." - exit 1 - fi -} - -LUKS_UUID="683a17fc-4457-42cc-a946-cde67195a101" - -partition_device() { - local PARTED="parted -a optimal ${1}" - ${PARTED} -s mklabel gpt - ${PARTED} mkpart boot fat32 0% 512MiB - ${PARTED} set 1 boot on - ${PARTED} mkpart data ext4 512MiB 100% - ${PARTED} set 2 lvm on -} - -setup_luks() { - # /dev/sdb2 - local TARGET_LVM=${1}2 - printf "${passphrase}" | cryptsetup -q --uuid=${LUKS_UUID} luksFormat ${TARGET_LVM} - - printf "${passphrase}" | cryptsetup open --type luks --key-file - ${TARGET_LVM} luks-install -} - -setup_lvm() { - pvcreate -ff --yes /dev/mapper/luks-install - vgcreate --yes citadel /dev/mapper/luks-install - lvcreate --yes --size 2g --name rootfsA citadel - lvcreate --yes --size 2g --name rootfsB citadel - lvcreate --yes --extents 100%VG --name storage citadel -} - -setup_disk() { - [[ $# -ne 1 ]] && usage - confirm_device ${1} - ask_passphrase - - info "Deactivating device ${1}" - blkdeactivate ${1} >> install.log 2>&1 - - info "Partitioning device ${1}" - partition_device ${1} >> install.log 2>&1 - - info "Setting up LUKS disk encryption on partition ${1}2" - setup_luks ${1} >> install.log 2>&1 - - info "Creating LVM volumes inside LUKS volume" - setup_lvm >> install.log 2>&1 - - info "Creating vfat filesystem on EFI system partition ${1}1" - mkfs.vfat -F 32 ${1}1 >> install.log 2>&1 - - info "Creating btrfs filesystem on storage volume" - mkfs.btrfs /dev/mapper/citadel-storage >> install.log 2>&1 - - lsblk -o NAME,SIZE,TYPE,FSTYPE ${1} >> install.log - -} - -unmount_disk() { - info "Closing LVM volumes" - vgchange -an citadel >> install.log 2>&1 - info "Closing LUKS volume" - cryptsetup luksClose luks-install -} - -install() { - local MNT="install-mnt" - mkdir -p install-mnt - info "Mounting EFI system partition ${1}1" - mount ${1}1 install-mnt - info "Installing boot tree to EFI system partition" - cp -R boot/* install-mnt - info "Unmounting EFI system partition" - umount ${1}1 - - local PRIMARY_APPIMG="${MNT}/appimg" - local PRIMARY_HOME="${MNT}/user-data/primary-home" - local PRIMARY_REALM="${MNT}/realms/realm-main" - - info "Mounting storage partition" - mount /dev/mapper/citadel-storage ${MNT} - - mkdir -p ${PRIMARY_APPIMG} - info "Creating new btrfs subvolume for base appimg" - btrfs subvolume create ${MNT}/appimg/base.appimg - - info "Installing base appimg tree" - tar -C ${PRIMARY_APPIMG}/base.appimg -xf components/appimg-rootfs.tar.xz - - mkdir -p ${PRIMARY_HOME} - cp components/howto.md ${PRIMARY_HOME} - cp ${PRIMARY_APPIMG}/base.appimg/home/user/{.bashrc,.profile} ${PRIMARY_HOME} - chown -R 1000:1000 ${PRIMARY_HOME} - - info "Creating main realm" - mkdir -p ${PRIMARY_REALM} - btrfs subvolume snapshot ${PRIMARY_APPIMG}/base.appimg ${PRIMARY_REALM}/rootfs - ln -s realm-main ${MNT}/realms/default.realm - ln -s /storage/user-data/primary-home ${PRIMARY_REALM}/home - - info "Creating shared directory" - mkdir ${MNT}/realms/Shared - chown 1000:1000 ${MNT}/realms/Shared - - info "Unmounting storage partition" - umount /dev/mapper/citadel-storage - - info "Writing citadel image to rootfsA partition" - dd if=components/citadel-image-rootfs.ext2 of=/dev/mapper/citadel-rootfsA bs=4M >> install.log 2>&1 - - #info "Writing citadel image to rootfsB partition" - #dd if=components/citadel-image-rootfs.ext2 of=/dev/mapper/citadel-rootfsB bs=4M >> install.log 2>&1 -} - -usage() { - printf "Usage:\n" - printf "\t\t./install.sh []\n\n" - exit 1 -} - - -if [[ $# -eq 0 ]]; then - usage -fi - -setup_disk ${1} -install ${1} -unmount_disk -sync -info "Install completed successfully"