kernel is named /boot/vmlinuz now, looking at the filename will no
longer tell us what flavor it is. This now will look at
/usr/share/kernel, which has always contained the kernel 'flavor', and
since we currently only install 1 kernel these days, guarding this with
pmaports.cfg should be unnecessary. In the worst case (if there are
multiple kernel 'flavors' installed), it'll just grab the first one and
return it.
In order to support FAT32 as boot partition, the label is shortened from
pmOS_inst_boot to pmOS_i_boot. Read the value from pmaports.cfg and fall
back to the old value, so both are supported (-> building v21.06 and
v21.03 will use the old label).
Remove the old codepath that would set "pmOS_boot" as label for the
install partition, if the postmarketos-ondev package was older than
0.4.0. This is only the case on the long unsupported v20.05 branch.
Install osk-sdl in the installer OS's boot partition for now. I forgot
about a code path earlier, which could render an encrypted target OS
without osk-sdl in the initramfs (and being unable to boot).
The target OS gets embeded in the installer OS as image file. This can
happen in two formats:
a) a full image with partition header and the boot and root partition
This is what bpo is doing when building the official, pre-built images,
as this method allows having the exact same image available separately
without the installer. Basically:
pmbootstrap install \
--ondev \
--no-rootfs \
--cp path/to/rootfs:/var/lib/rootfs.img
b) an image with just the root partition, no partition header and no
boot partition. This is what you get when running regular
"pmbootstrap install --ondev". It's slightly smaller, as there is no
duplicate boot partition.
If b) was done, the installer will copy the contents of the installer's
boot partition to the target OS. And that means: if osk-sdl is missing
from the installer's boot partition (the initramfs generated there), it
will also be missing in the boot partition of the target OS!
I think we should get rid of the b) code path to avoid confusion in the
future/make maintenance. But until that is done, always install osk-sdl
into the installer OS.
Remove /in-pmbootstrap inside chroots in "pmbootstrap shutdown" instead
of having it at a specific part of "pmbootstrap install".
Reasoning:
* With current approach, it didn't get removed in the on-device
installer chroot.
* This is less error prone than calling it multiple times in
"pmbootstrap install"
Devices such as ODROIDs have binaries use which every single block for
embedding. Do not raise an error when binaries are touching, but not
overlapping, each other when embedding these binaries during installation.
Add a test for this scenario, which fails when reverting the change.
Co-Authored-By: Oliver Smith <ollieparanoid@postmarketos.org>
This adds osk-sdl to the rootfs when --fde is set, or when building a
rootfs for the ondev installer. Ideally the ondev installer would
selectively install osk-sdl if the user opted for fde at runtime, but
I haven't found a straight forward way to enable that yet, and this
behavior here is no different than the current behavior (where osk-sdl
is always installed in the rootfs by way of depends= in pmos-mkinitfs).
For images that are built without --fde, osk-sdl won't be installed at
all in the rootfs, once the dependency is dropped from pmos-mkinitfs.
Instead, a dummy package postmarketos-base-nofde will be installed
instead to satisfy the dependency that postmarketos-mkinitfs has on the
virtual package "postmarketos-fde-unlocker"
The option, --no-firewall, will disable nftables on boot in the image,
and print a warning message if it's being disabled in a device image
where the device's kernel should support running the firewall.
Co-Authored-By: Oliver Smith <ollieparanoid@postmarketos.org>
Touch the file /in-pmbootstrap in chroots so that we can avoid
performing automated actions that should only happen on a real device
(like flashing the kernel).
Do not attempt to install with a filesystem that is not supported by the
initramfs code in the checked out pmaports branch.
Previously we would have increased the pmaports.cfg version and require
that new version by pmbootstrap, however this will break compatibility
with release branches where we won't roll out this feature (v20.05).
Therefore don't change the version, but add a new
"supported_root_filesystems" key to pmaports.cfg, which defaults to
"ext4".
Related: https://postmarketos.org/pmaports.cfg
Install specific filesystem tools right before they are needed, instead
of installing all filesystem tools that we might need beforehand. This
is in preparation to support f2fs.
Co-Authored-By: Oliver Smith <ollieparanoid@postmarketos.org>
Made changes to limit the line length in following files for #1986,
- pmb/install/_install.py
- pmb/install/blockdevice.py
- pmb/install/losetup.py
- pmb/install/partition.py
Added the above files in E501 flake8 command list.
Substitute f-string for string concatenation.
Split images have /dev/installp1 and /dev/installp2 but no
/dev/install to place the firmware, so it will actually create that file
in devfs where it might run out of space since it's only 1MB big
Leave some visual space before the flashing and ssh daemon information
blocks, so they don't get overlooked by the user:
[12:50:31] *** (4/4) FILL INSTALL BLOCKDEVICE ***
[12:50:31] (native) copy rootfs_qemu-amd64 to /mnt/install/
[12:50:36]
[12:50:36] *** FLASHING INFORMATION ***
[12:50:36] Refer to the installation instructions of your device, or the generic install instructions in the wiki.
[12:50:36] https://wiki.postmarketos.org/wiki/Installation_guide#pmbootstrap_flash
[12:50:36]
[12:50:36] *** SSH DAEMON INFORMATION ***
[12:50:36] SSH daemon is disabled (--no-sshd).
[12:50:36]
[12:50:36] NOTE: chroot is still active (use 'pmbootstrap shutdown' as necessary)
[12:50:36] Done
Change "configured" to "valid" in the error message:
Selected kernel (mainline_modem) is not configured for device bq-paella.
Please run 'pmbootstrap init' to select a valid kernel.
"configured" makes one think of "pmbootstrap init", but the valid
kernels are defined in the APKBUILD. Therefore I think "not valid" fits
better here.
Run setup_login() while creating the installer OS too, in order to
disable passwordless root login.
Note that this may sound like a security flaw, but it isn't.
* setup_login already ran for the target OS, meaning after the
installation is done, one is not be able to login as root without
password
* root login without password was only possible via serial console (or by
attaching a keyboard), not via SSH
* getting root rights via serial in the installer OS is actually desired
for debugging, we add a debug user with sudo set up by default:
https://wiki.postmarketos.org/wiki/On-device_installer#Debug_user
So even though this isn't a problem, disable it to avoid confusion.
When unmounting SD card after `pmbootstrap install --sdcard=...`
it takes a lot of time for kernel to sync filesystem cache
before actual umounting happehs. This looks like pmbootstrap is
stuck, so before doing unmount print a message to inform user of
what's happening, in case `--sdcard` was used.
Add comments to two functions, that if they are changed, the logic also
needs to be updated in ondev-preapre-internal-storage.sh of
postmarketos-ondev.git.
With postmarketos-ondev >= 0.4.0, have a different label for the boot
partition in the installer OS, so the postmarketOS initramfs can find
the proper partition to boot. Even if the boot partition is available
twice (once installed on eMMC, once as part of installer OS on SD card).
pmOS_inst_boot instead of pmOS_install_boot because of character limit.
Adds a list of locales user can choose from on init step.
If locale isn't default, then "lang" package is installed
and LANG is changed to the chosen locale.
Get rid of hardcoded step numbers, even for the currently common steps.
With the upcoming --ondev --no-rootfs, we will need to skip the
hardcoded step 2 (create device rootfs).
Move related code from pmb/install/_install.py:install() to a new
create_device_rootfs() function in the same file, so it can be skipped
with the upcoming --no-rootfs parameter.
Create an empty home dir if /etc/skel does not exist in the target
rootfs. Due to changes in packaging, this can happen now, previously
/etc/skel would always have existed.
Embed the firmware from the right chroot suffix. Previously it would
always use the rootfs_{args.device} chroot, which does not work anymore
with upcoming 'pmbootstrap install --ondev --no-rootfs' as there will
only be the installer_{args.device} chroot.
Change 'cryptsetup luksFormat' arguments to use --use-random instead of
--use-urandom. urandom is not recommended for the generation of long-term
cryptographic keys, as it may generate weak keys in low entropy
situations.
With the default argument values removed, the step logic is more
centralized in the install method which makes the code a bit less
brittle and easier to follow.
This adds a new commandline flag -E / --extra-space for
specifying the amount of additional space to be added to
the image size to work around cases where the automatically
determined size turns out to not actually be enough.
The value is also asked for in the "Additional options"
section of the interactive mode.
Fixes: #1904