brl/citadel
1
0
Fork 2
Code Issues Pull Requests 2 Packages Projects Releases Wiki Activity

installer is good now

Browse Source
This commit is contained in:
Bruce Leidl 2018-02-19 12:46:59 -05:00
parent d915542a01
commit dcc7d6007e
4 changed files with 336 additions and 147 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

99
docs/howto.md Normal file
View File

@ -0,0 +1,99 @@
# How to make rootfs writable
1. Open Citadel terminal
2. Su to root
$ su
3. Remount root as read-write
# mount -o remount,rw /
# How to change timezone
1. Make rootfs writable
2. Run Setting application in Gnome, change timezone in Details -> Date & Time
# How to change Gnome lock screen passwd
1. Open Citadel terminal
2. Generate new password with openssl
$ openssl passwd
Password:
Verifying - Password:
sGYyWXqDuh64g
3. Su to root
$ su
4. Make rootfs writable
# mount -o remount,rw /
5. Copy new password hash into /etc/shadow
# vim /etc/shadow
# How to install image update
1. Open Citadel terminal
2. Su to root
3. Determine if current boot is from rootfsA or rootfsB. Make sure you don't overwrite the currently mounted rootfs partition!
# findmnt /
TARGET SOURCE FSTYPE OPTIONS
/ /dev/mapper/citadel-rootfsA ext2 rw,relatime,errors=continue,user_xattr
4. Locate the rootfs update image you want to install
# file /storage/user-data/primary-home/citadel-image-intel-corei7-64.ext2
/storage/user-data/primary-home/citadel-image-intel-corei7-64.ext2: Linux rev 1.0 ext2 filesystem data, UUID=d9dd20e9-9286-4c60-9dc3-37c68e36481c (large files)
5. Write to the correct partition with dd command.
# dd if=/storage/user-data/primary-home/citadel-image-intel-corei7-64.ext2 of=/dev/mapper/citadel-rootfsB bs=4M
255+1 records in
255+1 records out
1071823872 bytes (1.1 GB, 1022 MiB) copied, 3.01726 s, 355 MB/s
6. Sync just to be sure everything is flushed to disk, then reboot into new image.
# sync
# reboot
# How to have hardware graphics acceleration for applications
1. Open Citadel terminal
2. Su to root
3. Make rootfs writable
# mount -o remount,rw /
4. Enable /dev/dri/renderD128 bind mount in primary.nspawn file
# vim /etc/systemd/nspawn/primary.nspawn
# How to use Qemu?
1. Open Citadel terminal
2. Su to root
3. Make rootfs writable
# mount -o remount,rw /
4. Enable /dev/kvm bind mount in primary.nspawn file
# vim /etc/systemd/nspawn/primary.nspawn

59
scripts/create_install_pack Executable file
View File

@ -0,0 +1,59 @@
#!/bin/bash
SCRIPT=$(realpath ${BASH_SOURCE})
IMAGES=$(realpath $(dirname ${SCRIPT})/../build/images/)
image_file() {
local fname=$(readlink -f ${IMAGES}/${1})
if [[ ! -f ${fname} ]]; then
>&2 printf "File ${fname} does not exist\n"
exit 1
fi
printf $fname
}
EFIBOOT=$(image_file systemd-bootx64.efi)
KERNEL=$(image_file bzImage)
ROOTFS=$(image_file citadel-image-intel-corei7-64.ext2)
USER_ROOTFS=$(image_file ../debootstrap/user-rootfs.tar.xz)
HOWTO=$(image_file ../../docs/howto.md)
INSTALL_SH=$(image_file ../../scripts/install.sh)
KERNEL_CMDLINE="add_efi_memmap intel_iommu=off cryptomgr.notests rcupdate.rcu_expedited=1 rcu_nocbs=0-64 tsc=reliable no_timer_check noreplace-smp i915.fastboot=1 quiet splash"
INSTALLPACK=/tmp/installpack
BOOTPATH=${INSTALLPACK}/boot
make_loader_conf() {
echo "default bootA"
echo "timeout 5"
}
make_boot_conf() {
echo "title Subgraph OS (Citadel) [Root Partition ${1}]"
echo "linux /bzImage"
echo "options LABEL=Boot root=/dev/mapper/citadel-rootfs${1} ${KERNEL_CMDLINE}"
}
setup_boot() {
mkdir -p ${BOOTPATH}/EFI/BOOT
mkdir -p ${BOOTPATH}/loader/entries
cp ${EFIBOOT} ${BOOTPATH}/EFI/BOOT/bootx64.efi
cp ${KERNEL} ${BOOTPATH}/bzImage
make_loader_conf > ${BOOTPATH}/loader/loader.conf
make_boot_conf 'A' > ${BOOTPATH}/loader/entries/bootA.conf
make_boot_conf 'B' > ${BOOTPATH}/loader/entries/bootB.conf
}
rm -rf /tmp/installpack
mkdir -p /tmp/installpack/components
setup_boot
cp ${ROOTFS} /tmp/installpack/components/citadel-image-rootfs.ext2
cp ${USER_ROOTFS} /tmp/installpack/components/
cp ${HOWTO} /tmp/installpack/components/
cp ${INSTALL_SH} /tmp/installpack
chmod +x /tmp/installpack/install.sh
tar -C /tmp -cvf installpack.tar installpack

178
scripts/install.sh Executable file
View File

@ -0,0 +1,178 @@
#!/bin/bash
set -e
set -u
blkdev_info() {
local model=$(< /sys/block/${1}/device/model)
local size=$(printf "%sG" $(( $(</sys/block/${1}/size) >> 21 )))
printf " Device: /dev/${1}\n"
printf " Size: ${size}\n"
printf " Model: ${model}\n"
}
errormsg() {
printf "Failed: ${1}\n"
exit 1
}
info() {
printf "[+] ${1}\n"
}
passphrase=""
ask_passphrase() {
local p1 p2
for i in {1..3}
do
read -s -p "Enter passphrase for disk encryption: " p1
echo
read -s -p " Confirm passphrase: " p2
echo
if [[ ${p1} != ${p2} ]]; then
printf "THe passphrases did not match\n"
elif [[ -z ${p1} ]] ; then
printf "Passphrase cannot be empty\n"
else
passphrase=${p1}
return
fi
done
errormsg "Too many attempts, Unable to set disk encryption passphrase"
}
confirm_device() {
if [[ ! -b ${1} ]]; then
errormsg "No block device '${1}' found"
fi
local base=$(basename ${1})
if [[ ! -e /sys/block/${base}/device ]]; then
errormsg "Unable to find device path /sys/block/${base}/device"
fi
printf "Are you sure you want to overwrite this device\n\n%s\n\n" "$(blkdev_info ${base})"
read -p "Type YES (uppercase) to continue: " confirm
if [[ ${confirm} != "YES" ]]; then
echo "Install not confirmed, exiting."
exit 1
fi
}
LUKS_UUID="683a17fc-4457-42cc-a946-cde67195a101"
partition_device() {
local PARTED="parted -a optimal ${1}"
${PARTED} -s mklabel gpt
${PARTED} mkpart boot fat32 0% 512MiB
${PARTED} set 1 boot on
${PARTED} mkpart data ext4 512MiB 100%
${PARTED} set 2 lvm on
}
setup_luks() {
# /dev/sdb2
local TARGET_LVM=${1}2
printf "${passphrase}" | cryptsetup -q --uuid=${LUKS_UUID} luksFormat ${TARGET_LVM} -
printf "${passphrase}" | cryptsetup open --type luks --key-file - ${TARGET_LVM} luks-install
}
setup_lvm() {
pvcreate -ff --yes /dev/mapper/luks-install
vgcreate --yes citadel /dev/mapper/luks-install
lvcreate --yes --size 2g --name rootfsA citadel
lvcreate --yes --size 2g --name rootfsB citadel
lvcreate --yes --extents 100%VG --name storage citadel
}
setup_disk() {
[[ $# -ne 1 ]] && usage
confirm_device ${1}
ask_passphrase
info "Deactivating device ${1}"
blkdeactivate ${1} >> install.log 2>&1
info "Partitioning device ${1}"
partition_device ${1} >> install.log 2>&1
info "Setting up LUKS disk encryption on partition ${1}2"
setup_luks ${1} >> install.log 2>&1
info "Creating LVM volumes inside LUKS volume"
setup_lvm >> install.log 2>&1
info "Creating vfat filesystem on EFI system partition ${1}1"
mkfs.vfat -F 32 ${1}1 >> install.log 2>&1
info "Creating btrfs filesystem on storage volume"
mkfs.btrfs /dev/mapper/citadel-storage >> install.log 2>&1
lsblk -o NAME,SIZE,TYPE,FSTYPE ${1} >> install.log
}
unmount_disk() {
info "Closing LVM volumes"
vgchange -an citadel >> install.log 2>&1
info "Closing LUKS volume"
cryptsetup luksClose luks-install
}
install() {
local MNT="install-mnt"
mkdir -p install-mnt
info "Mounting EFI system partition ${1}1"
mount ${1}1 install-mnt
info "Installing boot tree to EFI system partition"
cp -R boot/* install-mnt
info "Unmounting EFI system partition"
umount ${1}1
local PRIMARY_HOME="${MNT}/user-data/primary-home"
local PRIMARY_ROOTFS="${MNT}/appimg/primary/rootfs"
info "Mounting storage partition"
mount /dev/mapper/citadel-storage ${MNT}
info "Installing base appimg tree"
mkdir -p ${PRIMARY_ROOTFS}
ln -s primary ${MNT}/appimg/default.appimg
tar -C ${PRIMARY_ROOTFS} -xf components/user-rootfs.tar.xz
mkdir -p ${PRIMARY_HOME}
cp components/howto.md ${PRIMARY_HOME}
cp ${PRIMARY_ROOTFS}/home/user/{.bashrc,.profile} ${PRIMARY_HOME}
chown -R 1000:1000 ${PRIMARY_HOME}
info "Unmounting storage partition"
umount /dev/mapper/citadel-storage
info "Writing citadel image to rootfsA partition"
dd if=components/citadel-image-rootfs.ext2 of=/dev/mapper/citadel-rootfsA bs=4M >> install.log 2>&1
#info "Writing citadel image to rootfsB partition"
#dd if=components/citadel-image-rootfs.ext2 of=/dev/mapper/citadel-rootfsB bs=4M >> install.log 2>&1
}
usage() {
printf "Usage:\n"
printf "\t\t./install.sh [<block device>]\n\n"
exit 1
}
if [[ $# -eq 0 ]]; then
usage
fi
setup_disk ${1}
install ${1}
unmount_disk
sync
info "Install completed successfully"

147
scripts/install_image
View File

@ -1,147 +0,0 @@
#!/bin/bash
# tips here https://github.com/systemd/systemd/issues/6381
set -u
set -e
#set -x
SCRIPT=$(realpath ${BASH_SOURCE})
IMAGES=$(realpath $(dirname ${SCRIPT})/../build/images/)
image_file() {
local fname=$(readlink -f ${IMAGES}/${1})
if [[ ! -f ${fname} ]]; then
>&2 printf "File ${fname} does not exist\n"
exit 1
fi
printf $fname
}
EFIBOOT=$(image_file systemd-bootx64.efi)
KERNEL=$(image_file bzImage)
ROOTFS=$(image_file citadel-image-intel-corei7-64.ext2)
UUID="683a17fc-4457-42cc-a946-cde67195a101"
KERNEL_CMDLINE="add_efi_memmap intel_iommu=off cryptomgr.notests rcupdate.rcu_expedited=1 rcu_nocbs=0-64 tsc=reliable no_timer_check noreplace-smp i915.fastboot=1 quiet splash"
MOUNT_PATH=/tmp/citadel-boot-mount
TARGET=/dev/sdb
TARGET_BOOT=${TARGET}1
TARGET_LVM=${TARGET}2
PARTED="parted -a optimal ${TARGET}"
is_mounted() {
echo "is mounted $1"
for mnt in $(awk '{print $1}' < /proc/self/mounts); do
[[ $mnt == $1 ]] && return 0
done
return 1
}
unmount_partition() {
echo "unmount partition $1"
if ! is_mounted $1 ; then
printf "$1 is not mounted\n"
return
fi
}
unmount_device() {
echo "unmount device"
for p in ${TARGET}*; do
is_mounted $p && unmount_partition $p
done
echo "done unmount device"
}
remove_volume() {
local vg
# find volume group name
vg=$(pvs --noheadings -o vg_name ${1})
# echo to strip whitespace
[[ -n $(echo -n ${vg}) ]] && vgremove ${vg}
pvremove ${1}
}
remove_volumes() {
echo "remove volumes"
for p in ${TARGET}*; do
pvs ${p} && remove_volume ${p}
done
return 0
}
partition_device() {
${PARTED} -s mklabel gpt
${PARTED} mkpart boot fat32 0% 512MiB
${PARTED} set 1 boot on
${PARTED} mkpart data ext4 512MiB 100%
${PARTED} set 2 lvm on
mkfs.vfat -F 32 ${TARGET_BOOT}
}
setup_luks() {
printf "subgraph" | cryptsetup -q --uuid=${UUID} luksFormat ${TARGET_LVM} -
printf "subgraph" | cryptsetup open --type luks --key-file - ${TARGET_LVM} e1
}
setup_lvm() {
pvcreate -ff --yes /dev/mapper/e1
vgcreate --yes citadel /dev/mapper/e1
#pvcreate -ff ${TARGET_LVM}
#vgcreate --yes citadel ${TARGET_LVM}
lvcreate --yes --size 2g --name rootfsA citadel
lvcreate --yes --size 2g --name rootfsB citadel
lvcreate --yes --extents 100%VG --name storage citadel
mkfs.ext4 /dev/mapper/citadel-storage
}
make_loader_conf() {
echo "default bootA"
echo "timeout 5"
}
make_boot_conf() {
echo "title Subgraph OS (Airwolf Edition) [Root Partition ${1}]"
echo "linux /bzImage"
echo "options LABEL=Boot root=/dev/mapper/citadel-rootfs${1} ${KERNEL_CMDLINE}"
}
setup_efi() {
mkdir -p ${MOUNT_PATH}
mount ${TARGET_BOOT} ${MOUNT_PATH}
mkdir -p ${MOUNT_PATH}/EFI/BOOT
mkdir -p ${MOUNT_PATH}/loader/entries
cp ${EFIBOOT} ${MOUNT_PATH}/EFI/BOOT/bootx64.efi
cp ${KERNEL} ${MOUNT_PATH}/bzImage
make_loader_conf > ${MOUNT_PATH}/loader/loader.conf
make_boot_conf 'A' > ${MOUNT_PATH}/loader/entries/bootA.conf
make_boot_conf 'B' > ${MOUNT_PATH}/loader/entries/bootB.conf
umount ${MOUNT_PATH}
rmdir ${MOUNT_PATH}
}
write_root() {
echo "writing rootfsA"
dd if=${ROOTFS} of=/dev/mapper/citadel-rootfsA bs=4M status=progress
sync
}
blkdeactivate -v ${TARGET}
unmount_device
remove_volumes
partition_device
setup_luks
setup_lvm
setup_efi
write_root
vgchange -a n citadel
cryptsetup close e1