diff options
author | David P <megver83@parabola.nu> | 2021-03-14 17:05:52 -0300 |
---|---|---|
committer | David P <megver83@parabola.nu> | 2021-03-14 17:08:04 -0300 |
commit | 5425acb5427c39ae7333435c36fa2ca08852509d (patch) | |
tree | 0758f029810da984d9e29c5dfaf6ec6a785f370b | |
parent | 48ca0e2f0d7ff3e15184dc99148de128a847f4c3 (diff) |
sync with archiso
imported changes:
bc67933 Support EROFS
711ab4c archiso/initcpio/hooks/archiso: remove redundant /sfs/ from airootfs mount point
parabolaiso:
* make reflector NM dispatcher script executable in OpenRC profiles
Signed-off-by: David P <megver83@parabola.nu>
-rw-r--r-- | README.profile.rst | 8 | ||||
-rw-r--r-- | configs/baseline/profiledef.sh | 1 | ||||
-rw-r--r-- | configs/lxde-openrc/profiledef.sh | 2 | ||||
-rw-r--r-- | configs/releng-openrc/profiledef.sh | 2 | ||||
-rw-r--r-- | configs/releng/profiledef.sh | 1 | ||||
-rw-r--r-- | parabolaiso/initcpio/hooks/parabolaiso | 52 | ||||
-rw-r--r-- | parabolaiso/initcpio/hooks/parabolaiso_pxe_http | 10 | ||||
-rwxr-xr-x | parabolaiso/mkparabolaiso | 33 |
8 files changed, 94 insertions, 15 deletions
diff --git a/README.profile.rst b/README.profile.rst index 7eb2c81..f8c3bfa 100644 --- a/README.profile.rst +++ b/README.profile.rst @@ -51,9 +51,11 @@ The image file is constructed from some of the variables in **profiledef.sh**: ` - `squashfs`: Create a squashfs image directly from the airootfs work directory - `ext4+squashfs`: Create an ext4 partition, copy the airootfs work directory to it and create a squashfs image from it -* `airootfs_image_tool_options`: An array of options to pass to the tool to create the airootfs image. Currently only - `mksquashfs` is supported - see `mksquashfs --help` for all possible options (defaults to `('-comp' 'xz')`). - - `file_permissions`: An associative array that lists files and/or directories who need specific ownership or + - `erofs`: Create an EROFS image for the airootfs work directory +* `airootfs_image_tool_options`: An array of options to pass to the tool to create the airootfs image. `mksquashfs` and + `mkfs.erofs` are supported. See `mksquashfs --help` or `mkfs.erofs --help` for all possible options (defaults to + `('-comp' 'xz')` for squashfs). +* `file_permissions`: An associative array that lists files and/or directories who need specific ownership or permissions. The array's keys contain the path and the value is a colon separated list of owner UID, owner GID and access mode. E.g. `file_permissions=(["/etc/shadow"]="0:0:400")`. diff --git a/configs/baseline/profiledef.sh b/configs/baseline/profiledef.sh index e51376d..b715404 100644 --- a/configs/baseline/profiledef.sh +++ b/configs/baseline/profiledef.sh @@ -10,6 +10,7 @@ install_dir="parabola" bootmodes=('bios.syslinux.mbr' 'bios.syslinux.eltorito' 'uefi-x64.systemd-boot.esp' 'uefi-x64.systemd-boot.eltorito') arch="x86_64" pacman_conf="pacman.conf" +airootfs_image_type="squashfs" airootfs_image_tool_options=('-comp' 'xz' '-Xbcj' 'x86' '-b' '1M' '-Xdict-size' '1M') file_permissions=( ["/etc/shadow"]="0:0:400" diff --git a/configs/lxde-openrc/profiledef.sh b/configs/lxde-openrc/profiledef.sh index 173e46f..62f60d8 100644 --- a/configs/lxde-openrc/profiledef.sh +++ b/configs/lxde-openrc/profiledef.sh @@ -10,12 +10,14 @@ install_dir="parabola" bootmodes=('bios.syslinux.mbr' 'bios.syslinux.eltorito' 'uefi-x64.refind.esp' 'uefi-x64.refind.eltorito') arch="dual" pacman_conf="pacman.conf" +airootfs_image_type="squashfs" airootfs_image_tool_options=('-comp' 'xz' '-Xbcj' 'x86' '-b' '1M' '-Xdict-size' '1M') file_permissions=( ["/etc/local.d/choose-mirror.start"]="0:0:755" ["/etc/local.d/etc-pacman.d-gnupg.start"]="0:0:755" ["/etc/local.d/livecd-talk.start"]="0:0:755" ["/etc/local.d/pacman-init.start"]="0:0:755" + ["/etc/NetworkManager/dispatcher.d/reflector"]="0:0:755" ["/etc/shadow"]="0:0:400" ["/root"]="0:0:750" ["/root/.automated_script.sh"]="0:0:755" diff --git a/configs/releng-openrc/profiledef.sh b/configs/releng-openrc/profiledef.sh index b97487b..1d01d56 100644 --- a/configs/releng-openrc/profiledef.sh +++ b/configs/releng-openrc/profiledef.sh @@ -10,12 +10,14 @@ install_dir="parabola" bootmodes=('bios.syslinux.mbr' 'bios.syslinux.eltorito' 'uefi-x64.refind.esp' 'uefi-x64.refind.eltorito') arch="dual" pacman_conf="pacman.conf" +airootfs_image_type="squashfs" airootfs_image_tool_options=('-comp' 'xz' '-Xbcj' 'x86' '-b' '1M' '-Xdict-size' '1M') file_permissions=( ["/etc/local.d/choose-mirror.start"]="0:0:755" ["/etc/local.d/etc-pacman.d-gnupg.start"]="0:0:755" ["/etc/local.d/livecd-talk.start"]="0:0:755" ["/etc/local.d/pacman-init.start"]="0:0:755" + ["/etc/NetworkManager/dispatcher.d/reflector"]="0:0:755" ["/etc/shadow"]="0:0:400" ["/root"]="0:0:750" ["/root/.automated_script.sh"]="0:0:755" diff --git a/configs/releng/profiledef.sh b/configs/releng/profiledef.sh index f55dcde..5ad616e 100644 --- a/configs/releng/profiledef.sh +++ b/configs/releng/profiledef.sh @@ -10,6 +10,7 @@ install_dir="parabola" bootmodes=('bios.syslinux.mbr' 'bios.syslinux.eltorito' 'uefi-x64.systemd-boot.esp' 'uefi-x64.systemd-boot.eltorito') arch="dual" pacman_conf="pacman.conf" +airootfs_image_type="squashfs" airootfs_image_tool_options=('-comp' 'xz' '-Xbcj' 'x86' '-b' '1M' '-Xdict-size' '1M') file_permissions=( ["/etc/shadow"]="0:0:400" diff --git a/parabolaiso/initcpio/hooks/parabolaiso b/parabolaiso/initcpio/hooks/parabolaiso index 10ba4e5..8f532c3 100644 --- a/parabolaiso/initcpio/hooks/parabolaiso +++ b/parabolaiso/initcpio/hooks/parabolaiso @@ -81,12 +81,36 @@ _mnt_sfs() { _mnt_dev "${sfs_dev}" "${mnt}" "-r" "defaults" } +# args: /path/to/image_file, mountpoint +_mnt_erofs() { + local img="${1}" + local mnt="${2}" + local img_fullname="${img##*/}" + local erofs_dev + + # shellcheck disable=SC2154 + # defined via initcpio's parse_cmdline() + if [ "${copytoram}" = "y" ]; then + msg -n ":: Copying EROFS image to RAM..." + if ! cp -- "${img}" "/run/parabolaiso/copytoram/${img_fullname}" ; then + echo "ERROR: while copy '${img}' to '/run/parabolaiso/copytoram/${img_fullname}'" + launch_interactive_shell + fi + img="/run/parabolaiso/copytoram/${img_fullname}" + msg "done." + fi + erofs_dev="$(losetup --find --show --read-only -- "${img}")" + echo "${erofs_dev}" >> /run/parabolaiso/used_block_devices + _mnt_dev "${erofs_dev}" "${mnt}" "-r" "defaults" "erofs" +} + # args: device, mountpoint, flags, opts _mnt_dev() { local dev="${1}" local mnt="${2}" local flg="${3}" local opts="${4}" + local fstype="${5:-auto}" mkdir -p "${mnt}" @@ -99,7 +123,7 @@ _mnt_dev() { launch_interactive_shell done - if mount -o "${opts}" "${flg}" "${dev}" "${mnt}"; then + if mount -t "${fstype}" -o "${opts}" "${flg}" "${dev}" "${mnt}"; then msg ":: Device '${dev}' mounted successfully." else echo "ERROR; Failed to mount '${dev}'" @@ -120,8 +144,9 @@ _verify_checksum() { _verify_signature() { local _status + local sigfile="${1}" cd "/run/parabolaiso/bootmnt/${parabolaisobasedir}/${arch}" || exit 1 - gpg --homedir /gpg --status-fd 1 --verify airootfs.sfs.sig 2>/dev/null | grep -qE '^\[GNUPG:\] GOODSIG' + gpg --homedir /gpg --status-fd 1 --verify "${sigfile}" 2>/dev/null | grep -qE '^\[GNUPG:\] GOODSIG' _status=$? cd -- "${OLDPWD}" || exit 1 return ${_status} @@ -160,6 +185,7 @@ run_hook() { # args: /path/to/newroot parabolaiso_mount_handler() { local newroot="${1}" + local sigfile if ! mountpoint -q "/run/parabolaiso/bootmnt"; then _mnt_dev "${parabolaisodevice}" "/run/parabolaiso/bootmnt" "-r" "defaults" @@ -190,15 +216,20 @@ parabolaiso_mount_handler() { # defined via initcpio's parse_cmdline() if [ "${verify}" = "y" ]; then if [ -f "/run/parabolaiso/bootmnt/${parabolaisobasedir}/${arch}/airootfs.sfs.sig" ]; then + sigfile="airootfs.sfs.sig" + elif [ -f "/run/parabolaiso/bootmnt/${parabolaisobasedir}/${arch}/airootfs.erofs.sig" ]; then + sigfile="airootfs.erofs.sig" + fi + if [ -n "${sigfile}" ]; then msg -n ":: Signature verification requested, please wait..." - if _verify_signature; then + if _verify_signature "${sigfile}"; then msg "done. Signature is OK, continue booting." else echo "ERROR: one or more files are corrupted" launch_interactive_shell fi else - echo "ERROR: verify=y option specified but ${parabolaisobasedir}/${arch}/airootfs.sfs.sig not found" + echo "ERROR: verify=y option specified but GPG signature not found in ${parabolaisobasedir}/${arch}/" launch_interactive_shell fi fi @@ -221,15 +252,20 @@ parabolaiso_mount_handler() { mkdir -p "/run/parabolaiso/cowspace/${cow_directory}" chmod 0700 "/run/parabolaiso/cowspace/${cow_directory}" - _mnt_sfs "/run/parabolaiso/bootmnt/${parabolaisobasedir}/${arch}/airootfs.sfs" "/run/parabolaiso/sfs/airootfs" - if [ -f "/run/parabolaiso/sfs/airootfs/airootfs.img" ]; then - _mnt_dmsnapshot "/run/parabolaiso/sfs/airootfs/airootfs.img" "${newroot}" "/" + if [ -f "/run/parabolaiso/bootmnt/${parabolaisobasedir}/${arch}/airootfs.sfs" ]; then + _mnt_sfs "/run/parabolaiso/bootmnt/${parabolaisobasedir}/${arch}/airootfs.sfs" "/run/parabolaiso/airootfs" + elif [ -f "/run/parabolaiso/bootmnt/${parabolaisobasedir}/${arch}/airootfs.erofs" ]; then + _mnt_erofs "/run/parabolaiso/bootmnt/${parabolaisobasedir}/${arch}/airootfs.erofs" "/run/parabolaiso/airootfs" + fi + if [ -f "/run/parabolaiso/airootfs/airootfs.img" ]; then + _mnt_dmsnapshot "/run/parabolaiso/airootfs/airootfs.img" "${newroot}" "/" else - _mnt_overlayfs "/run/parabolaiso/sfs/airootfs" "${newroot}" "/" + _mnt_overlayfs "/run/parabolaiso/airootfs" "${newroot}" "/" fi if [ "${copytoram}" = "y" ]; then umount -d /run/parabolaiso/bootmnt + rmdir /run/parabolaiso/bootmnt fi } diff --git a/parabolaiso/initcpio/hooks/parabolaiso_pxe_http b/parabolaiso/initcpio/hooks/parabolaiso_pxe_http index 1fbd921..68eaad6 100644 --- a/parabolaiso/initcpio/hooks/parabolaiso_pxe_http +++ b/parabolaiso/initcpio/hooks/parabolaiso_pxe_http @@ -39,6 +39,7 @@ _curl_get() { parabolaiso_pxe_http_mount_handler () { newroot="${1}" + local img_type="sfs" msg ":: Mounting /run/parabolaiso/httpspace (tmpfs) filesystem, size='${parabolaiso_http_spc}'" mkdir -p "/run/parabolaiso/httpspace" @@ -46,7 +47,12 @@ parabolaiso_pxe_http_mount_handler () { # shellcheck disable=SC2154 # defined via initcpio's parse_cmdline() - _curl_get "${parabolaiso_http_srv}${parabolaisobasedir}/${arch}/airootfs.sfs" "/${arch}" + if ! curl -L -f -o /dev/null -s -r 0-0 "${parabolaiso_http_srv}${parabolaisobasedir}/${arch}/airootfs.sfs"; then + if curl -L -f -o /dev/null -s -r 0-0 "${parabolaiso_http_srv}${parabolaisobasedir}/${arch}/airootfs.erofs"; then + img_type="erofs" + fi + fi + _curl_get "${parabolaiso_http_srv}${parabolaisobasedir}/${arch}/airootfs.${img_type}" "/${arch}" # shellcheck disable=SC2154 # defined via initcpio's parse_cmdline() @@ -56,7 +62,7 @@ parabolaiso_pxe_http_mount_handler () { # shellcheck disable=SC2154 # defined via initcpio's parse_cmdline() if [ "${verify}" = "y" ]; then - _curl_get "${parabolaiso_http_srv}${parabolaisobasedir}/${arch}/airootfs.sfs.sig" "/${arch}" + _curl_get "${parabolaiso_http_srv}${parabolaisobasedir}/${arch}/airootfs.${img_type}.sig" "/${arch}" fi mkdir -p "/run/parabolaiso/bootmnt" diff --git a/parabolaiso/mkparabolaiso b/parabolaiso/mkparabolaiso index 6d19778..6876396 100755 --- a/parabolaiso/mkparabolaiso +++ b/parabolaiso/mkparabolaiso @@ -211,15 +211,37 @@ _mkairootfs_squashfs() { _mkchecksum() { _msg_info "Creating checksum file for self-test..." cd -- "${isofs_dir}/${install_dir}/${arch}" - sha512sum airootfs.sfs > airootfs.sha512 + if [[ -e "${isofs_dir}/${install_dir}/${arch}/airootfs.sfs" ]]; then + sha512sum airootfs.sfs > airootfs.sha512 + elif [[ -e "${isofs_dir}/${install_dir}/${arch}/airootfs.erofs" ]]; then + sha512sum airootfs.erofs > airootfs.sha512 + fi cd -- "${OLDPWD}" _msg_info "Done!" } +# Makes an EROFS file system from a source directory. +_mkairootfs_erofs() { + local fsuuid + [[ -e "${airootfs_dir}" ]] || _msg_error "The path '${airootfs_dir}' does not exist" 1 + + install -d -m 0755 -- "${isofs_dir}/${install_dir}/${arch}" + local image_path="${isofs_dir}/${install_dir}/${arch}/airootfs.erofs" + # Generate reproducible file system UUID from SOURCE_DATE_EPOCH + fsuuid="$(uuidgen --sha1 --namespace 93a870ff-8565-4cf3-a67b-f47299271a96 --name "${SOURCE_DATE_EPOCH}")" + _msg_info "Creating EROFS image, this may take some time..." + mkfs.erofs -U "${fsuuid}" "${airootfs_image_tool_options[@]}" -- "${image_path}" "${airootfs_dir}" + _msg_info "Done!" +} + _mksignature() { _msg_info "Signing SquashFS image..." cd -- "${isofs_dir}/${install_dir}/${arch}" - gpg --detach-sign --default-key "${gpg_key}" airootfs.sfs + if [[ -e "${isofs_dir}/${install_dir}/${arch}/airootfs.sfs" ]]; then + gpg --detach-sign --default-key "${gpg_key}" airootfs.sfs + elif [[ -e "${isofs_dir}/${install_dir}/${arch}/airootfs.erofs" ]]; then + gpg --detach-sign --default-key "${gpg_key}" airootfs.erofs + fi cd -- "${OLDPWD}" _msg_info "Done!" } @@ -766,6 +788,13 @@ _validate_requirements_airootfs_image_type_ext4+squashfs() { _validate_requirements_airootfs_image_type_squashfs } +_validate_requirements_airootfs_image_type_erofs() { + if ! command -v mkfs.erofs; then + (( validation_error=validation_error+1 )) + _msg_error "Validating '${airootfs_image_type}': mkfs.erofs is not available on this host. Install 'erofs-utils'!" 0 + fi +} + # SYSLINUX El Torito _add_xorrisofs_options_bios.syslinux.eltorito() { xorrisofs_options+=( |