forked from brl/citadel
installer is good now
This commit is contained in:
parent
d915542a01
commit
dcc7d6007e
99
docs/howto.md
Normal file
99
docs/howto.md
Normal file
@ -0,0 +1,99 @@
|
|||||||
|
|
||||||
|
# How to make rootfs writable
|
||||||
|
|
||||||
|
1. Open Citadel terminal
|
||||||
|
|
||||||
|
2. Su to root
|
||||||
|
|
||||||
|
$ su
|
||||||
|
|
||||||
|
3. Remount root as read-write
|
||||||
|
|
||||||
|
# mount -o remount,rw /
|
||||||
|
|
||||||
|
# How to change timezone
|
||||||
|
|
||||||
|
1. Make rootfs writable
|
||||||
|
|
||||||
|
2. Run Setting application in Gnome, change timezone in Details -> Date & Time
|
||||||
|
|
||||||
|
# How to change Gnome lock screen passwd
|
||||||
|
|
||||||
|
1. Open Citadel terminal
|
||||||
|
|
||||||
|
2. Generate new password with openssl
|
||||||
|
|
||||||
|
$ openssl passwd
|
||||||
|
Password:
|
||||||
|
Verifying - Password:
|
||||||
|
sGYyWXqDuh64g
|
||||||
|
|
||||||
|
3. Su to root
|
||||||
|
|
||||||
|
$ su
|
||||||
|
|
||||||
|
4. Make rootfs writable
|
||||||
|
|
||||||
|
# mount -o remount,rw /
|
||||||
|
|
||||||
|
5. Copy new password hash into /etc/shadow
|
||||||
|
|
||||||
|
# vim /etc/shadow
|
||||||
|
|
||||||
|
# How to install image update
|
||||||
|
|
||||||
|
1. Open Citadel terminal
|
||||||
|
|
||||||
|
2. Su to root
|
||||||
|
|
||||||
|
3. Determine if current boot is from rootfsA or rootfsB. Make sure you don't overwrite the currently mounted rootfs partition!
|
||||||
|
|
||||||
|
# findmnt /
|
||||||
|
TARGET SOURCE FSTYPE OPTIONS
|
||||||
|
/ /dev/mapper/citadel-rootfsA ext2 rw,relatime,errors=continue,user_xattr
|
||||||
|
|
||||||
|
4. Locate the rootfs update image you want to install
|
||||||
|
|
||||||
|
# file /storage/user-data/primary-home/citadel-image-intel-corei7-64.ext2
|
||||||
|
/storage/user-data/primary-home/citadel-image-intel-corei7-64.ext2: Linux rev 1.0 ext2 filesystem data, UUID=d9dd20e9-9286-4c60-9dc3-37c68e36481c (large files)
|
||||||
|
|
||||||
|
5. Write to the correct partition with dd command.
|
||||||
|
|
||||||
|
# dd if=/storage/user-data/primary-home/citadel-image-intel-corei7-64.ext2 of=/dev/mapper/citadel-rootfsB bs=4M
|
||||||
|
255+1 records in
|
||||||
|
255+1 records out
|
||||||
|
1071823872 bytes (1.1 GB, 1022 MiB) copied, 3.01726 s, 355 MB/s
|
||||||
|
|
||||||
|
6. Sync just to be sure everything is flushed to disk, then reboot into new image.
|
||||||
|
|
||||||
|
# sync
|
||||||
|
# reboot
|
||||||
|
|
||||||
|
# How to have hardware graphics acceleration for applications
|
||||||
|
|
||||||
|
1. Open Citadel terminal
|
||||||
|
|
||||||
|
2. Su to root
|
||||||
|
|
||||||
|
3. Make rootfs writable
|
||||||
|
|
||||||
|
# mount -o remount,rw /
|
||||||
|
|
||||||
|
4. Enable /dev/dri/renderD128 bind mount in primary.nspawn file
|
||||||
|
|
||||||
|
# vim /etc/systemd/nspawn/primary.nspawn
|
||||||
|
|
||||||
|
# How to use Qemu?
|
||||||
|
|
||||||
|
1. Open Citadel terminal
|
||||||
|
|
||||||
|
2. Su to root
|
||||||
|
|
||||||
|
3. Make rootfs writable
|
||||||
|
|
||||||
|
# mount -o remount,rw /
|
||||||
|
|
||||||
|
4. Enable /dev/kvm bind mount in primary.nspawn file
|
||||||
|
|
||||||
|
# vim /etc/systemd/nspawn/primary.nspawn
|
||||||
|
|
59
scripts/create_install_pack
Executable file
59
scripts/create_install_pack
Executable file
@ -0,0 +1,59 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
SCRIPT=$(realpath ${BASH_SOURCE})
|
||||||
|
IMAGES=$(realpath $(dirname ${SCRIPT})/../build/images/)
|
||||||
|
|
||||||
|
image_file() {
|
||||||
|
local fname=$(readlink -f ${IMAGES}/${1})
|
||||||
|
if [[ ! -f ${fname} ]]; then
|
||||||
|
>&2 printf "File ${fname} does not exist\n"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
printf $fname
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
EFIBOOT=$(image_file systemd-bootx64.efi)
|
||||||
|
KERNEL=$(image_file bzImage)
|
||||||
|
ROOTFS=$(image_file citadel-image-intel-corei7-64.ext2)
|
||||||
|
USER_ROOTFS=$(image_file ../debootstrap/user-rootfs.tar.xz)
|
||||||
|
HOWTO=$(image_file ../../docs/howto.md)
|
||||||
|
INSTALL_SH=$(image_file ../../scripts/install.sh)
|
||||||
|
|
||||||
|
KERNEL_CMDLINE="add_efi_memmap intel_iommu=off cryptomgr.notests rcupdate.rcu_expedited=1 rcu_nocbs=0-64 tsc=reliable no_timer_check noreplace-smp i915.fastboot=1 quiet splash"
|
||||||
|
|
||||||
|
INSTALLPACK=/tmp/installpack
|
||||||
|
BOOTPATH=${INSTALLPACK}/boot
|
||||||
|
|
||||||
|
make_loader_conf() {
|
||||||
|
echo "default bootA"
|
||||||
|
echo "timeout 5"
|
||||||
|
}
|
||||||
|
|
||||||
|
make_boot_conf() {
|
||||||
|
echo "title Subgraph OS (Citadel) [Root Partition ${1}]"
|
||||||
|
echo "linux /bzImage"
|
||||||
|
echo "options LABEL=Boot root=/dev/mapper/citadel-rootfs${1} ${KERNEL_CMDLINE}"
|
||||||
|
}
|
||||||
|
|
||||||
|
setup_boot() {
|
||||||
|
mkdir -p ${BOOTPATH}/EFI/BOOT
|
||||||
|
mkdir -p ${BOOTPATH}/loader/entries
|
||||||
|
cp ${EFIBOOT} ${BOOTPATH}/EFI/BOOT/bootx64.efi
|
||||||
|
cp ${KERNEL} ${BOOTPATH}/bzImage
|
||||||
|
make_loader_conf > ${BOOTPATH}/loader/loader.conf
|
||||||
|
make_boot_conf 'A' > ${BOOTPATH}/loader/entries/bootA.conf
|
||||||
|
make_boot_conf 'B' > ${BOOTPATH}/loader/entries/bootB.conf
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
rm -rf /tmp/installpack
|
||||||
|
mkdir -p /tmp/installpack/components
|
||||||
|
setup_boot
|
||||||
|
cp ${ROOTFS} /tmp/installpack/components/citadel-image-rootfs.ext2
|
||||||
|
cp ${USER_ROOTFS} /tmp/installpack/components/
|
||||||
|
cp ${HOWTO} /tmp/installpack/components/
|
||||||
|
cp ${INSTALL_SH} /tmp/installpack
|
||||||
|
chmod +x /tmp/installpack/install.sh
|
||||||
|
|
||||||
|
tar -C /tmp -cvf installpack.tar installpack
|
178
scripts/install.sh
Executable file
178
scripts/install.sh
Executable file
@ -0,0 +1,178 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
set -e
|
||||||
|
set -u
|
||||||
|
|
||||||
|
blkdev_info() {
|
||||||
|
local model=$(< /sys/block/${1}/device/model)
|
||||||
|
local size=$(printf "%sG" $(( $(</sys/block/${1}/size) >> 21 )))
|
||||||
|
printf " Device: /dev/${1}\n"
|
||||||
|
printf " Size: ${size}\n"
|
||||||
|
printf " Model: ${model}\n"
|
||||||
|
}
|
||||||
|
|
||||||
|
errormsg() {
|
||||||
|
printf "Failed: ${1}\n"
|
||||||
|
exit 1
|
||||||
|
}
|
||||||
|
|
||||||
|
info() {
|
||||||
|
printf "[+] ${1}\n"
|
||||||
|
}
|
||||||
|
|
||||||
|
passphrase=""
|
||||||
|
|
||||||
|
ask_passphrase() {
|
||||||
|
local p1 p2
|
||||||
|
for i in {1..3}
|
||||||
|
do
|
||||||
|
read -s -p "Enter passphrase for disk encryption: " p1
|
||||||
|
echo
|
||||||
|
read -s -p " Confirm passphrase: " p2
|
||||||
|
echo
|
||||||
|
|
||||||
|
if [[ ${p1} != ${p2} ]]; then
|
||||||
|
printf "THe passphrases did not match\n"
|
||||||
|
elif [[ -z ${p1} ]] ; then
|
||||||
|
printf "Passphrase cannot be empty\n"
|
||||||
|
else
|
||||||
|
passphrase=${p1}
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
errormsg "Too many attempts, Unable to set disk encryption passphrase"
|
||||||
|
}
|
||||||
|
|
||||||
|
confirm_device() {
|
||||||
|
if [[ ! -b ${1} ]]; then
|
||||||
|
errormsg "No block device '${1}' found"
|
||||||
|
fi
|
||||||
|
|
||||||
|
local base=$(basename ${1})
|
||||||
|
|
||||||
|
if [[ ! -e /sys/block/${base}/device ]]; then
|
||||||
|
errormsg "Unable to find device path /sys/block/${base}/device"
|
||||||
|
fi
|
||||||
|
|
||||||
|
printf "Are you sure you want to overwrite this device\n\n%s\n\n" "$(blkdev_info ${base})"
|
||||||
|
read -p "Type YES (uppercase) to continue: " confirm
|
||||||
|
if [[ ${confirm} != "YES" ]]; then
|
||||||
|
echo "Install not confirmed, exiting."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
LUKS_UUID="683a17fc-4457-42cc-a946-cde67195a101"
|
||||||
|
|
||||||
|
partition_device() {
|
||||||
|
local PARTED="parted -a optimal ${1}"
|
||||||
|
${PARTED} -s mklabel gpt
|
||||||
|
${PARTED} mkpart boot fat32 0% 512MiB
|
||||||
|
${PARTED} set 1 boot on
|
||||||
|
${PARTED} mkpart data ext4 512MiB 100%
|
||||||
|
${PARTED} set 2 lvm on
|
||||||
|
}
|
||||||
|
|
||||||
|
setup_luks() {
|
||||||
|
# /dev/sdb2
|
||||||
|
local TARGET_LVM=${1}2
|
||||||
|
printf "${passphrase}" | cryptsetup -q --uuid=${LUKS_UUID} luksFormat ${TARGET_LVM} -
|
||||||
|
printf "${passphrase}" | cryptsetup open --type luks --key-file - ${TARGET_LVM} luks-install
|
||||||
|
}
|
||||||
|
|
||||||
|
setup_lvm() {
|
||||||
|
pvcreate -ff --yes /dev/mapper/luks-install
|
||||||
|
vgcreate --yes citadel /dev/mapper/luks-install
|
||||||
|
lvcreate --yes --size 2g --name rootfsA citadel
|
||||||
|
lvcreate --yes --size 2g --name rootfsB citadel
|
||||||
|
lvcreate --yes --extents 100%VG --name storage citadel
|
||||||
|
}
|
||||||
|
|
||||||
|
setup_disk() {
|
||||||
|
[[ $# -ne 1 ]] && usage
|
||||||
|
confirm_device ${1}
|
||||||
|
ask_passphrase
|
||||||
|
|
||||||
|
info "Deactivating device ${1}"
|
||||||
|
blkdeactivate ${1} >> install.log 2>&1
|
||||||
|
|
||||||
|
info "Partitioning device ${1}"
|
||||||
|
partition_device ${1} >> install.log 2>&1
|
||||||
|
|
||||||
|
info "Setting up LUKS disk encryption on partition ${1}2"
|
||||||
|
setup_luks ${1} >> install.log 2>&1
|
||||||
|
|
||||||
|
info "Creating LVM volumes inside LUKS volume"
|
||||||
|
setup_lvm >> install.log 2>&1
|
||||||
|
|
||||||
|
info "Creating vfat filesystem on EFI system partition ${1}1"
|
||||||
|
mkfs.vfat -F 32 ${1}1 >> install.log 2>&1
|
||||||
|
|
||||||
|
info "Creating btrfs filesystem on storage volume"
|
||||||
|
mkfs.btrfs /dev/mapper/citadel-storage >> install.log 2>&1
|
||||||
|
|
||||||
|
lsblk -o NAME,SIZE,TYPE,FSTYPE ${1} >> install.log
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
unmount_disk() {
|
||||||
|
info "Closing LVM volumes"
|
||||||
|
vgchange -an citadel >> install.log 2>&1
|
||||||
|
info "Closing LUKS volume"
|
||||||
|
cryptsetup luksClose luks-install
|
||||||
|
}
|
||||||
|
|
||||||
|
install() {
|
||||||
|
local MNT="install-mnt"
|
||||||
|
mkdir -p install-mnt
|
||||||
|
info "Mounting EFI system partition ${1}1"
|
||||||
|
mount ${1}1 install-mnt
|
||||||
|
info "Installing boot tree to EFI system partition"
|
||||||
|
cp -R boot/* install-mnt
|
||||||
|
info "Unmounting EFI system partition"
|
||||||
|
umount ${1}1
|
||||||
|
|
||||||
|
local PRIMARY_HOME="${MNT}/user-data/primary-home"
|
||||||
|
local PRIMARY_ROOTFS="${MNT}/appimg/primary/rootfs"
|
||||||
|
|
||||||
|
info "Mounting storage partition"
|
||||||
|
mount /dev/mapper/citadel-storage ${MNT}
|
||||||
|
|
||||||
|
info "Installing base appimg tree"
|
||||||
|
mkdir -p ${PRIMARY_ROOTFS}
|
||||||
|
ln -s primary ${MNT}/appimg/default.appimg
|
||||||
|
tar -C ${PRIMARY_ROOTFS} -xf components/user-rootfs.tar.xz
|
||||||
|
|
||||||
|
mkdir -p ${PRIMARY_HOME}
|
||||||
|
cp components/howto.md ${PRIMARY_HOME}
|
||||||
|
cp ${PRIMARY_ROOTFS}/home/user/{.bashrc,.profile} ${PRIMARY_HOME}
|
||||||
|
chown -R 1000:1000 ${PRIMARY_HOME}
|
||||||
|
|
||||||
|
info "Unmounting storage partition"
|
||||||
|
umount /dev/mapper/citadel-storage
|
||||||
|
|
||||||
|
info "Writing citadel image to rootfsA partition"
|
||||||
|
dd if=components/citadel-image-rootfs.ext2 of=/dev/mapper/citadel-rootfsA bs=4M >> install.log 2>&1
|
||||||
|
|
||||||
|
#info "Writing citadel image to rootfsB partition"
|
||||||
|
#dd if=components/citadel-image-rootfs.ext2 of=/dev/mapper/citadel-rootfsB bs=4M >> install.log 2>&1
|
||||||
|
}
|
||||||
|
|
||||||
|
usage() {
|
||||||
|
printf "Usage:\n"
|
||||||
|
printf "\t\t./install.sh [<block device>]\n\n"
|
||||||
|
exit 1
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
if [[ $# -eq 0 ]]; then
|
||||||
|
usage
|
||||||
|
fi
|
||||||
|
|
||||||
|
setup_disk ${1}
|
||||||
|
install ${1}
|
||||||
|
unmount_disk
|
||||||
|
sync
|
||||||
|
info "Install completed successfully"
|
||||||
|
|
||||||
|
|
@ -1,147 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
# tips here https://github.com/systemd/systemd/issues/6381
|
|
||||||
|
|
||||||
set -u
|
|
||||||
set -e
|
|
||||||
#set -x
|
|
||||||
|
|
||||||
|
|
||||||
SCRIPT=$(realpath ${BASH_SOURCE})
|
|
||||||
IMAGES=$(realpath $(dirname ${SCRIPT})/../build/images/)
|
|
||||||
|
|
||||||
image_file() {
|
|
||||||
local fname=$(readlink -f ${IMAGES}/${1})
|
|
||||||
if [[ ! -f ${fname} ]]; then
|
|
||||||
>&2 printf "File ${fname} does not exist\n"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
printf $fname
|
|
||||||
}
|
|
||||||
|
|
||||||
EFIBOOT=$(image_file systemd-bootx64.efi)
|
|
||||||
KERNEL=$(image_file bzImage)
|
|
||||||
ROOTFS=$(image_file citadel-image-intel-corei7-64.ext2)
|
|
||||||
|
|
||||||
UUID="683a17fc-4457-42cc-a946-cde67195a101"
|
|
||||||
|
|
||||||
|
|
||||||
KERNEL_CMDLINE="add_efi_memmap intel_iommu=off cryptomgr.notests rcupdate.rcu_expedited=1 rcu_nocbs=0-64 tsc=reliable no_timer_check noreplace-smp i915.fastboot=1 quiet splash"
|
|
||||||
|
|
||||||
MOUNT_PATH=/tmp/citadel-boot-mount
|
|
||||||
|
|
||||||
TARGET=/dev/sdb
|
|
||||||
TARGET_BOOT=${TARGET}1
|
|
||||||
TARGET_LVM=${TARGET}2
|
|
||||||
PARTED="parted -a optimal ${TARGET}"
|
|
||||||
|
|
||||||
is_mounted() {
|
|
||||||
echo "is mounted $1"
|
|
||||||
for mnt in $(awk '{print $1}' < /proc/self/mounts); do
|
|
||||||
[[ $mnt == $1 ]] && return 0
|
|
||||||
done
|
|
||||||
return 1
|
|
||||||
}
|
|
||||||
|
|
||||||
unmount_partition() {
|
|
||||||
echo "unmount partition $1"
|
|
||||||
if ! is_mounted $1 ; then
|
|
||||||
printf "$1 is not mounted\n"
|
|
||||||
return
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
unmount_device() {
|
|
||||||
echo "unmount device"
|
|
||||||
for p in ${TARGET}*; do
|
|
||||||
is_mounted $p && unmount_partition $p
|
|
||||||
done
|
|
||||||
echo "done unmount device"
|
|
||||||
}
|
|
||||||
|
|
||||||
remove_volume() {
|
|
||||||
local vg
|
|
||||||
# find volume group name
|
|
||||||
vg=$(pvs --noheadings -o vg_name ${1})
|
|
||||||
# echo to strip whitespace
|
|
||||||
[[ -n $(echo -n ${vg}) ]] && vgremove ${vg}
|
|
||||||
pvremove ${1}
|
|
||||||
}
|
|
||||||
|
|
||||||
remove_volumes() {
|
|
||||||
echo "remove volumes"
|
|
||||||
for p in ${TARGET}*; do
|
|
||||||
pvs ${p} && remove_volume ${p}
|
|
||||||
done
|
|
||||||
return 0
|
|
||||||
}
|
|
||||||
|
|
||||||
partition_device() {
|
|
||||||
${PARTED} -s mklabel gpt
|
|
||||||
${PARTED} mkpart boot fat32 0% 512MiB
|
|
||||||
${PARTED} set 1 boot on
|
|
||||||
${PARTED} mkpart data ext4 512MiB 100%
|
|
||||||
${PARTED} set 2 lvm on
|
|
||||||
mkfs.vfat -F 32 ${TARGET_BOOT}
|
|
||||||
}
|
|
||||||
|
|
||||||
setup_luks() {
|
|
||||||
printf "subgraph" | cryptsetup -q --uuid=${UUID} luksFormat ${TARGET_LVM} -
|
|
||||||
printf "subgraph" | cryptsetup open --type luks --key-file - ${TARGET_LVM} e1
|
|
||||||
}
|
|
||||||
|
|
||||||
setup_lvm() {
|
|
||||||
pvcreate -ff --yes /dev/mapper/e1
|
|
||||||
vgcreate --yes citadel /dev/mapper/e1
|
|
||||||
#pvcreate -ff ${TARGET_LVM}
|
|
||||||
#vgcreate --yes citadel ${TARGET_LVM}
|
|
||||||
lvcreate --yes --size 2g --name rootfsA citadel
|
|
||||||
lvcreate --yes --size 2g --name rootfsB citadel
|
|
||||||
lvcreate --yes --extents 100%VG --name storage citadel
|
|
||||||
mkfs.ext4 /dev/mapper/citadel-storage
|
|
||||||
}
|
|
||||||
|
|
||||||
make_loader_conf() {
|
|
||||||
echo "default bootA"
|
|
||||||
echo "timeout 5"
|
|
||||||
}
|
|
||||||
|
|
||||||
make_boot_conf() {
|
|
||||||
echo "title Subgraph OS (Airwolf Edition) [Root Partition ${1}]"
|
|
||||||
echo "linux /bzImage"
|
|
||||||
echo "options LABEL=Boot root=/dev/mapper/citadel-rootfs${1} ${KERNEL_CMDLINE}"
|
|
||||||
}
|
|
||||||
|
|
||||||
setup_efi() {
|
|
||||||
mkdir -p ${MOUNT_PATH}
|
|
||||||
mount ${TARGET_BOOT} ${MOUNT_PATH}
|
|
||||||
mkdir -p ${MOUNT_PATH}/EFI/BOOT
|
|
||||||
mkdir -p ${MOUNT_PATH}/loader/entries
|
|
||||||
cp ${EFIBOOT} ${MOUNT_PATH}/EFI/BOOT/bootx64.efi
|
|
||||||
cp ${KERNEL} ${MOUNT_PATH}/bzImage
|
|
||||||
make_loader_conf > ${MOUNT_PATH}/loader/loader.conf
|
|
||||||
make_boot_conf 'A' > ${MOUNT_PATH}/loader/entries/bootA.conf
|
|
||||||
make_boot_conf 'B' > ${MOUNT_PATH}/loader/entries/bootB.conf
|
|
||||||
umount ${MOUNT_PATH}
|
|
||||||
rmdir ${MOUNT_PATH}
|
|
||||||
}
|
|
||||||
|
|
||||||
write_root() {
|
|
||||||
echo "writing rootfsA"
|
|
||||||
dd if=${ROOTFS} of=/dev/mapper/citadel-rootfsA bs=4M status=progress
|
|
||||||
sync
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
blkdeactivate -v ${TARGET}
|
|
||||||
unmount_device
|
|
||||||
remove_volumes
|
|
||||||
partition_device
|
|
||||||
setup_luks
|
|
||||||
setup_lvm
|
|
||||||
setup_efi
|
|
||||||
write_root
|
|
||||||
|
|
||||||
vgchange -a n citadel
|
|
||||||
cryptsetup close e1
|
|
Loading…
Reference in New Issue
Block a user