The PPP will, in combination with tow-boot, boot with GPT on the
internal storage. We need to support that on postmarketOS and as a first
step, let's make it possible to generate GPT images and boot from that
When running `pmbootstrap install`, pmbootstrap does not unlock root
when it completes. This patch allows `pmbootstrap install` to run two or
more times (without zap).
Co-Authored-By: Oliver Smith <ollieparanoid@postmarketos.org>
This removes the hard-coded installation of osk-sdl when specifying
--fde (or using the on-device installer) and instead determines the
unlocker package by taking the most suitable provider of
postmarketos-fde-unlocker (factoring provider priority and packages
selected for installation).
With this change applied, one can manually select an unlocker package to
be installed via
pmbootstrap install --fde --add other-unlocker
Relates to: postmarketOS/pmaports#1309
when blkid returns 2 while searching for existing pmos installations,
do not abort. That might happen if there is a block device without a
filesystem.
Error given:
(1653851) [21:39:19] (native) % blkid -s LABEL -o value /dev/sdcardp1
(1653851) [21:39:19] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
(1653851) [21:39:19] NOTE: The failed command's output is above the ^^^ line in the log file: /home/andi/.local/var/pmbootstrap/log.txt
(1653851) [21:39:19] ERROR: Command failed: (native) % blkid -s LABEL -o value /dev/sdcardp1
(1653851) [21:39:19] See also: <https://postmarketos.org/troubleshooting>
(1653851) [21:39:19] Traceback (most recent call last):
File "/home/andi/.local/lib/python3.9/site-packages/pmb/__init__.py", line 49, in main
getattr(frontend, args.action)(args)
File "/home/andi/.local/lib/python3.9/site-packages/pmb/helpers/frontend.py", line 314, in install
pmb.install.install(args)
File "/home/andi/.local/lib/python3.9/site-packages/pmb/install/_install.py", line 944, in install
install_system_image(args, 0, f"rootfs_{args.device}", step, steps,
File "/home/andi/.local/lib/python3.9/site-packages/pmb/install/_install.py", line 586, in install_system_image
pmb.install.blockdevice.create(args, size_boot, size_root,
File "/home/andi/.local/lib/python3.9/site-packages/pmb/install/blockdevice.py", line 138, in create
mount_sdcard(args, sdcard)
File "/home/andi/.local/lib/python3.9/site-packages/pmb/install/blockdevice.py", line 51, in mount_sdcard
if previous_install(args, path):
File "/home/andi/.local/lib/python3.9/site-packages/pmb/install/blockdevice.py", line 27, in previous_install
label = pmb.chroot.root(args, ["blkid", "-s", "LABEL", "-o", "value",
File "/home/andi/.local/lib/python3.9/site-packages/pmb/chroot/root.py", line 76, in root
return pmb.helpers.run_core.core(args, msg, cmd_sudo, None, output,
File "/home/andi/.local/lib/python3.9/site-packages/pmb/helpers/run_core.py", line 343, in core
check_return_code(args, code, log_message)
File "/home/andi/.local/lib/python3.9/site-packages/pmb/helpers/run_core.py", line 219, in check_return_code
raise RuntimeError("Command failed: " + log_message)
RuntimeError: Command failed: (native) % blkid -s LABEL -o value /dev/sdcardp1
So I can finally run `pmbootstrap install --password 147147` and go and
make a cup of tea.
Based on MR 1919.
Co-Authored-By: Oliver Smith <ollieparanoid@postmarketos.org>
The provider selection for "pmbootstrap init" added in this commit
is a flexible way to offer UI/device-specific configuration options
in "pmbootstrap init", without hardcoding them in pmbootstrap.
Instead, the options are defined entirely in pmaports using APK's
virtual package provider mechanism. The code in pmbootstrap searches
for available providers and displays them together with their pkgdesc.
There are many possible use cases for this but I have tested two so far:
1. Selecting root provider (sudo vs doas). This can be defined entirely
in postmarketos-base, without having to handle this specifically in
pmbootstrap.
$ pmbootstrap init
[...]
Available providers for postmarketos-root (2):
* sudo: Use sudo to run root commands (**default**)
* doas: Use doas (minimal replacement for sudo) to run root commands
(Note: Does not support all functionality of sudo)
Provider [default]: doas
2. Device-specific options. My main motivation for working on this
feature is a new configuration option for the MSM8916-based devices.
It allows more control about which firmware to enable:
$ pmbootstrap init
[...]
Available providers for soc-qcom-msm8916-rproc (3):
* all: Enable all remote processors (audio goes through modem) (default)
* no-modem: Disable only modem (audio bypasses modem, ~80 MiB more RAM)
* none: Disable all remote processors (no WiFi/BT/modem, ~90 MiB more RAM)
Provider [default]: no-modem
The configuration prompts show up dynamically by defining
_pmb_select="<virtual packages>" in postmarketos-base, a UI PKGBUILD
or the device APKBUILD. Selecting "default" (just pressing enter)
means that no provider is selected. This allows APK to choose it
automatically based on the "provider_priority". It also provides
compatibility with existing installation; APK will just choose the
default provider when upgrading. The selection can still be changed
after installation by installing another provider using "apk".
Note that at the end this is just a more convenient interface for the
already existing "extra packages" prompt. When using pmbootstrap in
automated scripts the providers (e.g. "postmarketos-root-doas") can be
simply selected through the existing "extra_packages" option.
The current install code looks a bit confusing, there is an existing
if statement for the ui and ui-extras package but the recommended
packages are already installed before with a check in a completely
different file. Make this a bit more clear by moving this to the
ui if statement instead.
Calculate the end of the reserved space properly. Instead of:
from size_boot to size_reserve
it is:
from size_boot to (size_reserve + size_boot)
The reserved space is used by the on-device installer. Without this
patch, the reserved space could easily end up being too small, resulting
in no space left errors during the installation.
kernel is named /boot/vmlinuz now, looking at the filename will no
longer tell us what flavor it is. This now will look at
/usr/share/kernel, which has always contained the kernel 'flavor', and
since we currently only install 1 kernel these days, guarding this with
pmaports.cfg should be unnecessary. In the worst case (if there are
multiple kernel 'flavors' installed), it'll just grab the first one and
return it.
In order to support FAT32 as boot partition, the label is shortened from
pmOS_inst_boot to pmOS_i_boot. Read the value from pmaports.cfg and fall
back to the old value, so both are supported (-> building v21.06 and
v21.03 will use the old label).
Remove the old codepath that would set "pmOS_boot" as label for the
install partition, if the postmarketos-ondev package was older than
0.4.0. This is only the case on the long unsupported v20.05 branch.
Install osk-sdl in the installer OS's boot partition for now. I forgot
about a code path earlier, which could render an encrypted target OS
without osk-sdl in the initramfs (and being unable to boot).
The target OS gets embeded in the installer OS as image file. This can
happen in two formats:
a) a full image with partition header and the boot and root partition
This is what bpo is doing when building the official, pre-built images,
as this method allows having the exact same image available separately
without the installer. Basically:
pmbootstrap install \
--ondev \
--no-rootfs \
--cp path/to/rootfs:/var/lib/rootfs.img
b) an image with just the root partition, no partition header and no
boot partition. This is what you get when running regular
"pmbootstrap install --ondev". It's slightly smaller, as there is no
duplicate boot partition.
If b) was done, the installer will copy the contents of the installer's
boot partition to the target OS. And that means: if osk-sdl is missing
from the installer's boot partition (the initramfs generated there), it
will also be missing in the boot partition of the target OS!
I think we should get rid of the b) code path to avoid confusion in the
future/make maintenance. But until that is done, always install osk-sdl
into the installer OS.
Remove /in-pmbootstrap inside chroots in "pmbootstrap shutdown" instead
of having it at a specific part of "pmbootstrap install".
Reasoning:
* With current approach, it didn't get removed in the on-device
installer chroot.
* This is less error prone than calling it multiple times in
"pmbootstrap install"
Devices such as ODROIDs have binaries use which every single block for
embedding. Do not raise an error when binaries are touching, but not
overlapping, each other when embedding these binaries during installation.
Add a test for this scenario, which fails when reverting the change.
Co-Authored-By: Oliver Smith <ollieparanoid@postmarketos.org>
This adds osk-sdl to the rootfs when --fde is set, or when building a
rootfs for the ondev installer. Ideally the ondev installer would
selectively install osk-sdl if the user opted for fde at runtime, but
I haven't found a straight forward way to enable that yet, and this
behavior here is no different than the current behavior (where osk-sdl
is always installed in the rootfs by way of depends= in pmos-mkinitfs).
For images that are built without --fde, osk-sdl won't be installed at
all in the rootfs, once the dependency is dropped from pmos-mkinitfs.
Instead, a dummy package postmarketos-base-nofde will be installed
instead to satisfy the dependency that postmarketos-mkinitfs has on the
virtual package "postmarketos-fde-unlocker"
The option, --no-firewall, will disable nftables on boot in the image,
and print a warning message if it's being disabled in a device image
where the device's kernel should support running the firewall.
Co-Authored-By: Oliver Smith <ollieparanoid@postmarketos.org>
Touch the file /in-pmbootstrap in chroots so that we can avoid
performing automated actions that should only happen on a real device
(like flashing the kernel).
Do not attempt to install with a filesystem that is not supported by the
initramfs code in the checked out pmaports branch.
Previously we would have increased the pmaports.cfg version and require
that new version by pmbootstrap, however this will break compatibility
with release branches where we won't roll out this feature (v20.05).
Therefore don't change the version, but add a new
"supported_root_filesystems" key to pmaports.cfg, which defaults to
"ext4".
Related: https://postmarketos.org/pmaports.cfg
Install specific filesystem tools right before they are needed, instead
of installing all filesystem tools that we might need beforehand. This
is in preparation to support f2fs.
Co-Authored-By: Oliver Smith <ollieparanoid@postmarketos.org>
Made changes to limit the line length in following files for #1986,
- pmb/install/_install.py
- pmb/install/blockdevice.py
- pmb/install/losetup.py
- pmb/install/partition.py
Added the above files in E501 flake8 command list.
Substitute f-string for string concatenation.
Split images have /dev/installp1 and /dev/installp2 but no
/dev/install to place the firmware, so it will actually create that file
in devfs where it might run out of space since it's only 1MB big
Leave some visual space before the flashing and ssh daemon information
blocks, so they don't get overlooked by the user:
[12:50:31] *** (4/4) FILL INSTALL BLOCKDEVICE ***
[12:50:31] (native) copy rootfs_qemu-amd64 to /mnt/install/
[12:50:36]
[12:50:36] *** FLASHING INFORMATION ***
[12:50:36] Refer to the installation instructions of your device, or the generic install instructions in the wiki.
[12:50:36] https://wiki.postmarketos.org/wiki/Installation_guide#pmbootstrap_flash
[12:50:36]
[12:50:36] *** SSH DAEMON INFORMATION ***
[12:50:36] SSH daemon is disabled (--no-sshd).
[12:50:36]
[12:50:36] NOTE: chroot is still active (use 'pmbootstrap shutdown' as necessary)
[12:50:36] Done
Change "configured" to "valid" in the error message:
Selected kernel (mainline_modem) is not configured for device bq-paella.
Please run 'pmbootstrap init' to select a valid kernel.
"configured" makes one think of "pmbootstrap init", but the valid
kernels are defined in the APKBUILD. Therefore I think "not valid" fits
better here.
Run setup_login() while creating the installer OS too, in order to
disable passwordless root login.
Note that this may sound like a security flaw, but it isn't.
* setup_login already ran for the target OS, meaning after the
installation is done, one is not be able to login as root without
password
* root login without password was only possible via serial console (or by
attaching a keyboard), not via SSH
* getting root rights via serial in the installer OS is actually desired
for debugging, we add a debug user with sudo set up by default:
https://wiki.postmarketos.org/wiki/On-device_installer#Debug_user
So even though this isn't a problem, disable it to avoid confusion.
When unmounting SD card after `pmbootstrap install --sdcard=...`
it takes a lot of time for kernel to sync filesystem cache
before actual umounting happehs. This looks like pmbootstrap is
stuck, so before doing unmount print a message to inform user of
what's happening, in case `--sdcard` was used.
Add comments to two functions, that if they are changed, the logic also
needs to be updated in ondev-preapre-internal-storage.sh of
postmarketos-ondev.git.
With postmarketos-ondev >= 0.4.0, have a different label for the boot
partition in the installer OS, so the postmarketOS initramfs can find
the proper partition to boot. Even if the boot partition is available
twice (once installed on eMMC, once as part of installer OS on SD card).
pmOS_inst_boot instead of pmOS_install_boot because of character limit.