Mount unencrypted root partition (close #86)

- Do not decrypt if not necessary - Do not launch telnetd if partition is unencrypted - Basic initramfs logging to /tmp/boot.log
2017-06-22 19:36:44 +02:00 · 2017-06-22 19:36:44 +02:00 · 920d4c8198
parent 0346b7a77a
commit 920d4c8198
6 changed files with 34 additions and 13 deletions
--- a/aports/postmarketos-mkinitfs/10-usb-unlock.sh
+++ b/aports/postmarketos-mkinitfs/10-usb-unlock.sh
@ -2,6 +2,10 @@
 IP=172.16.42.1
 TELNET_PORT=23

+. /init_functions.sh
+
+log "info" "show_splash $partition"
+
 usb_setup_android() {
 	SYS=/sys/class/android_usb/android0
 	[ -e "$SYS" ] || return
@ -46,6 +50,13 @@ telnetd_start()
 	telnetd -b "${IP}:${TELNET_PORT}" -l /telnet_connect.sh
 }

+partition=$(find_root_partition)
+
 usb_setup_android
 dhcpcd_start
-telnetd_start
+
+if $(cryptsetup isLuks "$partition"); then
+	log "info" "password needed to decrypt $partition, launching telnetd"
+	telnetd_start
+fi
+
--- a/aports/postmarketos-mkinitfs/APKBUILD
+++ b/aports/postmarketos-mkinitfs/APKBUILD
@ -1,6 +1,6 @@
 pkgname=postmarketos-mkinitfs
 pkgver=0.0.5
-pkgrel=4
+pkgrel=5
 pkgdesc="Tool to generate initramfs images for postmarketOS"
 url="https://github.com/postmarketOS"
 # multipath-tools: kpartx
@ -27,9 +27,9 @@ package() {
 	install -Dm644 "$srcdir/10-usb-unlock.sh" \
 		"$pkgdir/etc/postmarketos-mkinitfs/hooks/"
 }
-sha512sums="2f45dee1ad9ef75166d614774e0ee2a6856950990c063bce7d0e98ed27599d2f8040c6118a9381aab4a69c79f96a30eb044b6b29ef2afb2a9374bac5f5a398da  init.sh.in
-3ebc5fa2220a8da920ebca67f14c38b0c296eafdbcf312997b442a020d1683bd622a42a946a61b4d80cbecf28853c915480e26ffe59eda57769855303b67bbdf  init_functions.sh
+sha512sums="6f4d96b5b5e19811d7b03a5f20e6ee766d22047c182e9b21c56e99634b2300978d8c98f42f9a889e356a295bb968053d1d289a8ebddf52a696b4630df6839b45  init.sh.in
+6795e225e0576b003ea492a05d83d28092753af7cc4dd6a8b75ae2d2ca3555f951d632c7ee5ee7db3a7b606bb77cc9a035804a81a1f5b4fdad6a7aac5a0ee6b4  init_functions.sh
 dd3c86c6ba4f91e20b72f4180049960a58dc01002f69ad9e5d98c752da3b34711c2bbe6e0c7d003eb6a4a8d9e185796aa2fe84c0231a3057b204912c439140f7  mkinitfs.sh
-82f0b9927bfef919c6561d67283a0e77c36ef8f8d11000a6153b52e39731ceaa65b9a34c682e737881dc676cc8bfc97dfbbfdeb2ca03594b8f9beef9e49a754d  10-usb-unlock.sh
+bea0eae6852f4a401347bbbd6c376ea8cc5bfa4817d2c87170a4f2a916e25f155769eb8e97e16d39bf2eac84e3fdaf6f8c7a0564ec561a96e32407daa1d71e1c  10-usb-unlock.sh
 35a8eabad947347afec7e3f5860d31ab9e3534972c0960ccf553c7e1cc9262316bfdddb8d61d3588db1ee2261077597617806080b9956798b3e5088d6f9b596b  splash1.ppm.gz
 bf11d8b3a50db984cfbb2cafe6687de327242c1f6f56c6fdd02ca579b05213f9c886aa1c0527530fdec21b16e65e68962e40a600c4ce155819df2f610b435087  splash2.ppm.gz"
--- a/aports/postmarketos-mkinitfs/TODO
+++ b/aports/postmarketos-mkinitfs/TODO
@ -1,6 +1,3 @@
- use device labels or uuids inside init to properly detect the right
-	partition
-
 - support for adding files/modules in hooks (one file per hook):
 	- add build() function
 		- should have add_module and add_file functions
--- a/aports/postmarketos-mkinitfs/init.sh.in
+++ b/aports/postmarketos-mkinitfs/init.sh.in
@ -30,7 +30,7 @@ unlock_root_partition
 # switch root
 show_splash /splash2.ppm.gz
 killall telnetd mdev 2&> /dev/null
-mount -w -t ext4 /dev/mapper/root /sysroot
+mount -w -t ext4 $(find_root_partition) /sysroot
 umount /proc
 umount /sys
 umount /dev/pts
--- a/aports/postmarketos-mkinitfs/init_functions.sh
+++ b/aports/postmarketos-mkinitfs/init_functions.sh
@ -1,6 +1,11 @@
 #!/bin/sh
 # This file will be in /init_functions.sh inside the initramfs.

+log()
+{
+	echo "[$1] $2" >> /tmp/boot.log
+}
+
 mount_subpartitions()
 {
 	for i in /dev/mmcblk*; do
@ -32,15 +37,22 @@ find_root_partition()

 unlock_root_partition()
 {
+	log "info" "unlock_root_partition()"
 	while ! [ -e /dev/mapper/root ]; do
 		partition="$(find_root_partition)"
 		if [ -z "$partition" ]; then
-			echo "Could not find cryptsetup partition."
+			echo "Could not find the root partition."
 			echo "Maybe you need to insert the sdcard, if your device has"
 			echo "any? Trying again in one second..."
 			sleep 1
 		else
-			cryptsetup luksOpen "$partition" root
+			if $(cryptsetup isLuks "$partition"); then
+				cryptsetup luksOpen "$partition" root
+				log "info" "decrypted $partition"
+			else
+				log "info" "unencrypted $partition"
+				break
+			fi
 		fi
 	done
 }
@ -48,6 +60,7 @@ unlock_root_partition()
 # $1: path to ppm.gz file
 show_splash()
 {
+	log "info" "show_splash $1"
 	gzip -c -d "$1" > /tmp/splash.ppm
 	fbsplash -s /tmp/splash.ppm
 }
--- a/pmb/install/format.py
+++ b/pmb/install/format.py
@ -38,9 +38,9 @@ def format_and_mount_root(args):
        logging.info("(native) format " + device + " (root, luks), mount to " +
                     mountpoint)
        pmb.chroot.root(args, ["cryptsetup", "luksFormat", "--use-urandom",
-                            "--cipher", args.cipher, "-q", device], log=False)
+                        "--cipher", args.cipher, "-q", device], log=False)
        pmb.chroot.root(args, ["cryptsetup", "luksOpen", device,
-                            "pm_crypt"], log=False)
+                        "pm_crypt"], log=False)
        if not os.path.exists(args.work + "/chroot_native" + mountpoint):
            raise RuntimeError("Failed to open cryptdevice!")