forked from brl/citadel
Not used anymore
This commit is contained in:
parent
f9c9514f96
commit
aafe29e2dd
@ -1,99 +0,0 @@
|
|||||||
|
|
||||||
# How to make rootfs writable
|
|
||||||
|
|
||||||
1. Open Citadel terminal
|
|
||||||
|
|
||||||
2. Su to root
|
|
||||||
|
|
||||||
$ su
|
|
||||||
|
|
||||||
3. Remount root as read-write
|
|
||||||
|
|
||||||
# mount -o remount,rw /
|
|
||||||
|
|
||||||
# How to change timezone
|
|
||||||
|
|
||||||
1. Make rootfs writable
|
|
||||||
|
|
||||||
2. Run Setting application in Gnome, change timezone in Details -> Date & Time
|
|
||||||
|
|
||||||
# How to change Gnome lock screen passwd
|
|
||||||
|
|
||||||
1. Open Citadel terminal
|
|
||||||
|
|
||||||
2. Generate new password with openssl
|
|
||||||
|
|
||||||
$ openssl passwd
|
|
||||||
Password:
|
|
||||||
Verifying - Password:
|
|
||||||
sGYyWXqDuh64g
|
|
||||||
|
|
||||||
3. Su to root
|
|
||||||
|
|
||||||
$ su
|
|
||||||
|
|
||||||
4. Make rootfs writable
|
|
||||||
|
|
||||||
# mount -o remount,rw /
|
|
||||||
|
|
||||||
5. Copy new password hash into /etc/shadow
|
|
||||||
|
|
||||||
# vim /etc/shadow
|
|
||||||
|
|
||||||
# How to install image update
|
|
||||||
|
|
||||||
1. Open Citadel terminal
|
|
||||||
|
|
||||||
2. Su to root
|
|
||||||
|
|
||||||
3. Determine if current boot is from rootfsA or rootfsB. Make sure you don't overwrite the currently mounted rootfs partition!
|
|
||||||
|
|
||||||
# findmnt /
|
|
||||||
TARGET SOURCE FSTYPE OPTIONS
|
|
||||||
/ /dev/mapper/citadel-rootfsA ext2 rw,relatime,errors=continue,user_xattr
|
|
||||||
|
|
||||||
4. Locate the rootfs update image you want to install
|
|
||||||
|
|
||||||
# file /storage/user-data/primary-home/citadel-image-intel-corei7-64.ext2
|
|
||||||
/storage/user-data/primary-home/citadel-image-intel-corei7-64.ext2: Linux rev 1.0 ext2 filesystem data, UUID=d9dd20e9-9286-4c60-9dc3-37c68e36481c (large files)
|
|
||||||
|
|
||||||
5. Write to the correct partition with dd command.
|
|
||||||
|
|
||||||
# dd if=/storage/user-data/primary-home/citadel-image-intel-corei7-64.ext2 of=/dev/mapper/citadel-rootfsB bs=4M
|
|
||||||
255+1 records in
|
|
||||||
255+1 records out
|
|
||||||
1071823872 bytes (1.1 GB, 1022 MiB) copied, 3.01726 s, 355 MB/s
|
|
||||||
|
|
||||||
6. Sync just to be sure everything is flushed to disk, then reboot into new image.
|
|
||||||
|
|
||||||
# sync
|
|
||||||
# reboot
|
|
||||||
|
|
||||||
# How to have hardware graphics acceleration for applications
|
|
||||||
|
|
||||||
1. Open Citadel terminal
|
|
||||||
|
|
||||||
2. Su to root
|
|
||||||
|
|
||||||
3. Make rootfs writable
|
|
||||||
|
|
||||||
# mount -o remount,rw /
|
|
||||||
|
|
||||||
4. Enable /dev/dri/renderD128 bind mount in primary.nspawn file
|
|
||||||
|
|
||||||
# vim /etc/systemd/nspawn/primary.nspawn
|
|
||||||
|
|
||||||
# How to use Qemu?
|
|
||||||
|
|
||||||
1. Open Citadel terminal
|
|
||||||
|
|
||||||
2. Su to root
|
|
||||||
|
|
||||||
3. Make rootfs writable
|
|
||||||
|
|
||||||
# mount -o remount,rw /
|
|
||||||
|
|
||||||
4. Enable /dev/kvm bind mount in primary.nspawn file
|
|
||||||
|
|
||||||
# vim /etc/systemd/nspawn/primary.nspawn
|
|
||||||
|
|
@ -1,70 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
SCRIPT=$(realpath ${BASH_SOURCE})
|
|
||||||
IMAGES=$(realpath $(dirname ${SCRIPT})/../build/images/)
|
|
||||||
|
|
||||||
image_file() {
|
|
||||||
local fname=$(readlink -f ${IMAGES}/${1})
|
|
||||||
if [[ ! -f ${fname} ]]; then
|
|
||||||
>&2 printf "File ${fname} does not exist\n"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
printf $fname
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
EFIBOOT=$(image_file systemd-bootx64.efi)
|
|
||||||
KERNEL=$(image_file bzImage)
|
|
||||||
ROOTFS=$(image_file citadel-image-intel-corei7-64.ext2)
|
|
||||||
APPIMG_ROOTFS=$(image_file ../appimg/appimg-rootfs.tar.xz)
|
|
||||||
HOWTO=$(image_file ../../docs/howto.md)
|
|
||||||
INSTALL_SH=$(image_file ../../scripts/install.sh)
|
|
||||||
|
|
||||||
KERNEL_CMDLINE="add_efi_memmap intel_iommu=off cryptomgr.notests rcupdate.rcu_expedited=1 rcu_nocbs=0-64 tsc=reliable no_timer_check noreplace-smp i915.fastboot=1 quiet splash"
|
|
||||||
|
|
||||||
INSTALLPACK=/tmp/installpack
|
|
||||||
BOOTPATH=${INSTALLPACK}/boot
|
|
||||||
|
|
||||||
make_loader_conf() {
|
|
||||||
echo "default bootA"
|
|
||||||
echo "timeout 5"
|
|
||||||
}
|
|
||||||
|
|
||||||
make_boot_conf() {
|
|
||||||
echo "title Subgraph OS (Citadel) [Root Partition ${1}]"
|
|
||||||
echo "linux /bzImage"
|
|
||||||
echo "options LABEL=Boot root=/dev/mapper/citadel-rootfs${1} ${KERNEL_CMDLINE}"
|
|
||||||
}
|
|
||||||
|
|
||||||
setup_boot() {
|
|
||||||
mkdir -p ${BOOTPATH}/EFI/BOOT
|
|
||||||
mkdir -p ${BOOTPATH}/loader/entries
|
|
||||||
cp ${EFIBOOT} ${BOOTPATH}/EFI/BOOT/bootx64.efi
|
|
||||||
cp ${KERNEL} ${BOOTPATH}/bzImage
|
|
||||||
make_loader_conf > ${BOOTPATH}/loader/loader.conf
|
|
||||||
make_boot_conf 'A' > ${BOOTPATH}/loader/entries/bootA.conf
|
|
||||||
make_boot_conf 'B' > ${BOOTPATH}/loader/entries/bootB.conf
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
rm -rf /tmp/installpack
|
|
||||||
mkdir -p /tmp/installpack/components
|
|
||||||
setup_boot
|
|
||||||
cp ${ROOTFS} /tmp/installpack/components/citadel-image-rootfs.ext2
|
|
||||||
cp ${APPIMG_ROOTFS} /tmp/installpack/components/
|
|
||||||
cp ${HOWTO} /tmp/installpack/components/
|
|
||||||
cp ${INSTALL_SH} /tmp/installpack
|
|
||||||
chmod +x /tmp/installpack/install.sh
|
|
||||||
|
|
||||||
(
|
|
||||||
echo "Date : $(date)"
|
|
||||||
echo "Git : $(git rev-parse HEAD)"
|
|
||||||
pushd /tmp/installpack > /dev/null
|
|
||||||
echo
|
|
||||||
echo " $(sha256sum components/citadel-image-rootfs.ext2)"
|
|
||||||
echo " $(sha256sum components/appimg-rootfs.tar.xz)"
|
|
||||||
popd > /dev/null
|
|
||||||
) > /tmp/installpack/build.info
|
|
||||||
|
|
||||||
tar -C /tmp -cvf installpack.tar installpack
|
|
||||||
#rm -rf /tmp/installpack
|
|
@ -1,189 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
set -e
|
|
||||||
set -u
|
|
||||||
|
|
||||||
blkdev_info() {
|
|
||||||
local model=$(< /sys/block/${1}/device/model)
|
|
||||||
local size=$(printf "%sG" $(( $(</sys/block/${1}/size) >> 21 )))
|
|
||||||
printf " Device: /dev/${1}\n"
|
|
||||||
printf " Size: ${size}\n"
|
|
||||||
printf " Model: ${model}\n"
|
|
||||||
}
|
|
||||||
|
|
||||||
errormsg() {
|
|
||||||
printf "Failed: ${1}\n"
|
|
||||||
exit 1
|
|
||||||
}
|
|
||||||
|
|
||||||
info() {
|
|
||||||
printf "[+] ${1}\n"
|
|
||||||
}
|
|
||||||
|
|
||||||
passphrase=""
|
|
||||||
|
|
||||||
ask_passphrase() {
|
|
||||||
local p1 p2
|
|
||||||
for i in {1..3}
|
|
||||||
do
|
|
||||||
read -s -p "Enter passphrase for disk encryption: " p1
|
|
||||||
echo
|
|
||||||
read -s -p " Confirm passphrase: " p2
|
|
||||||
echo
|
|
||||||
|
|
||||||
if [[ ${p1} != ${p2} ]]; then
|
|
||||||
printf "THe passphrases did not match\n"
|
|
||||||
elif [[ -z ${p1} ]] ; then
|
|
||||||
printf "Passphrase cannot be empty\n"
|
|
||||||
else
|
|
||||||
passphrase=${p1}
|
|
||||||
return
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
errormsg "Too many attempts, Unable to set disk encryption passphrase"
|
|
||||||
}
|
|
||||||
|
|
||||||
confirm_device() {
|
|
||||||
if [[ ! -b ${1} ]]; then
|
|
||||||
errormsg "No block device '${1}' found"
|
|
||||||
fi
|
|
||||||
|
|
||||||
local base=$(basename ${1})
|
|
||||||
|
|
||||||
if [[ ! -e /sys/block/${base}/device ]]; then
|
|
||||||
errormsg "Unable to find device path /sys/block/${base}/device"
|
|
||||||
fi
|
|
||||||
|
|
||||||
printf "Are you sure you want to overwrite this device\n\n%s\n\n" "$(blkdev_info ${base})"
|
|
||||||
read -p "Type YES (uppercase) to continue: " confirm
|
|
||||||
if [[ ${confirm} != "YES" ]]; then
|
|
||||||
echo "Install not confirmed, exiting."
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
LUKS_UUID="683a17fc-4457-42cc-a946-cde67195a101"
|
|
||||||
|
|
||||||
partition_device() {
|
|
||||||
local PARTED="parted -a optimal ${1}"
|
|
||||||
${PARTED} -s mklabel gpt
|
|
||||||
${PARTED} mkpart boot fat32 0% 512MiB
|
|
||||||
${PARTED} set 1 boot on
|
|
||||||
${PARTED} mkpart data ext4 512MiB 100%
|
|
||||||
${PARTED} set 2 lvm on
|
|
||||||
}
|
|
||||||
|
|
||||||
setup_luks() {
|
|
||||||
# /dev/sdb2
|
|
||||||
local TARGET_LVM=${1}2
|
|
||||||
printf "${passphrase}" | cryptsetup -q --uuid=${LUKS_UUID} luksFormat ${TARGET_LVM} -
|
|
||||||
printf "${passphrase}" | cryptsetup open --type luks --key-file - ${TARGET_LVM} luks-install
|
|
||||||
}
|
|
||||||
|
|
||||||
setup_lvm() {
|
|
||||||
pvcreate -ff --yes /dev/mapper/luks-install
|
|
||||||
vgcreate --yes citadel /dev/mapper/luks-install
|
|
||||||
lvcreate --yes --size 2g --name rootfsA citadel
|
|
||||||
lvcreate --yes --size 2g --name rootfsB citadel
|
|
||||||
lvcreate --yes --extents 100%VG --name storage citadel
|
|
||||||
}
|
|
||||||
|
|
||||||
setup_disk() {
|
|
||||||
[[ $# -ne 1 ]] && usage
|
|
||||||
confirm_device ${1}
|
|
||||||
ask_passphrase
|
|
||||||
|
|
||||||
info "Deactivating device ${1}"
|
|
||||||
blkdeactivate ${1} >> install.log 2>&1
|
|
||||||
|
|
||||||
info "Partitioning device ${1}"
|
|
||||||
partition_device ${1} >> install.log 2>&1
|
|
||||||
|
|
||||||
info "Setting up LUKS disk encryption on partition ${1}2"
|
|
||||||
setup_luks ${1} >> install.log 2>&1
|
|
||||||
|
|
||||||
info "Creating LVM volumes inside LUKS volume"
|
|
||||||
setup_lvm >> install.log 2>&1
|
|
||||||
|
|
||||||
info "Creating vfat filesystem on EFI system partition ${1}1"
|
|
||||||
mkfs.vfat -F 32 ${1}1 >> install.log 2>&1
|
|
||||||
|
|
||||||
info "Creating btrfs filesystem on storage volume"
|
|
||||||
mkfs.btrfs /dev/mapper/citadel-storage >> install.log 2>&1
|
|
||||||
|
|
||||||
lsblk -o NAME,SIZE,TYPE,FSTYPE ${1} >> install.log
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
unmount_disk() {
|
|
||||||
info "Closing LVM volumes"
|
|
||||||
vgchange -an citadel >> install.log 2>&1
|
|
||||||
info "Closing LUKS volume"
|
|
||||||
cryptsetup luksClose luks-install
|
|
||||||
}
|
|
||||||
|
|
||||||
install() {
|
|
||||||
local MNT="install-mnt"
|
|
||||||
mkdir -p install-mnt
|
|
||||||
info "Mounting EFI system partition ${1}1"
|
|
||||||
mount ${1}1 install-mnt
|
|
||||||
info "Installing boot tree to EFI system partition"
|
|
||||||
cp -R boot/* install-mnt
|
|
||||||
info "Unmounting EFI system partition"
|
|
||||||
umount ${1}1
|
|
||||||
|
|
||||||
local PRIMARY_APPIMG="${MNT}/appimg"
|
|
||||||
local PRIMARY_HOME="${MNT}/user-data/primary-home"
|
|
||||||
local PRIMARY_REALM="${MNT}/realms/realm-main"
|
|
||||||
|
|
||||||
info "Mounting storage partition"
|
|
||||||
mount /dev/mapper/citadel-storage ${MNT}
|
|
||||||
|
|
||||||
mkdir -p ${PRIMARY_APPIMG}
|
|
||||||
info "Creating new btrfs subvolume for base appimg"
|
|
||||||
btrfs subvolume create ${MNT}/appimg/base.appimg
|
|
||||||
|
|
||||||
info "Installing base appimg tree"
|
|
||||||
tar -C ${PRIMARY_APPIMG}/base.appimg -xf components/appimg-rootfs.tar.xz
|
|
||||||
|
|
||||||
mkdir -p ${PRIMARY_HOME}
|
|
||||||
cp components/howto.md ${PRIMARY_HOME}
|
|
||||||
cp ${PRIMARY_APPIMG}/base.appimg/home/user/{.bashrc,.profile} ${PRIMARY_HOME}
|
|
||||||
chown -R 1000:1000 ${PRIMARY_HOME}
|
|
||||||
|
|
||||||
info "Creating main realm"
|
|
||||||
mkdir -p ${PRIMARY_REALM}
|
|
||||||
btrfs subvolume snapshot ${PRIMARY_APPIMG}/base.appimg ${PRIMARY_REALM}/rootfs
|
|
||||||
ln -s realm-main ${MNT}/realms/default.realm
|
|
||||||
ln -s /storage/user-data/primary-home ${PRIMARY_REALM}/home
|
|
||||||
|
|
||||||
info "Creating shared directory"
|
|
||||||
mkdir ${MNT}/realms/Shared
|
|
||||||
chown 1000:1000 ${MNT}/realms/Shared
|
|
||||||
|
|
||||||
info "Unmounting storage partition"
|
|
||||||
umount /dev/mapper/citadel-storage
|
|
||||||
|
|
||||||
info "Writing citadel image to rootfsA partition"
|
|
||||||
dd if=components/citadel-image-rootfs.ext2 of=/dev/mapper/citadel-rootfsA bs=4M >> install.log 2>&1
|
|
||||||
|
|
||||||
#info "Writing citadel image to rootfsB partition"
|
|
||||||
#dd if=components/citadel-image-rootfs.ext2 of=/dev/mapper/citadel-rootfsB bs=4M >> install.log 2>&1
|
|
||||||
}
|
|
||||||
|
|
||||||
usage() {
|
|
||||||
printf "Usage:\n"
|
|
||||||
printf "\t\t./install.sh [<block device>]\n\n"
|
|
||||||
exit 1
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
if [[ $# -eq 0 ]]; then
|
|
||||||
usage
|
|
||||||
fi
|
|
||||||
|
|
||||||
setup_disk ${1}
|
|
||||||
install ${1}
|
|
||||||
unmount_disk
|
|
||||||
sync
|
|
||||||
info "Install completed successfully"
|
|
Loading…
Reference in New Issue
Block a user