fix: ENABLE_CRYPTFS -> UBOOT, SPLITFS, EXPANDROOT - cleanupHEAD master

author: Jan Wagner <mail@jwagner.eu> 2016-04-19 15:10:50 +0200
committer: Jan Wagner <mail@jwagner.eu> 2016-04-19 15:10:50 +0200
commit: d0f91512d9ca6d361d8a4a387094c48aab00e111 (patch)
tree: b00ed220e2fa04bdb1db43475a8149d01d1be5db /files
parent: 7878e85af7748d531a64f459723dca76ee37914b (diff)
download: rpi2-gen-image-master.tar.gz
rpi2-gen-image-master.tar.bz2
rpi2-gen-image-master.zip
9 files changed, 180 insertions, 4 deletions
diff --git a/files/boot/uboot.mkimage b/files/boot/uboot.mkimage
index cd71de6..8d02431 100644
--- a/files/boot/uboot.mkimage
+++ b/files/boot/uboot.mkimage
@@ -1,3 +1,6 @@
+# Set device tree fdtfile
+setenv dtbfile bcm2709-rpi-2-b.dtb
+
 # Tell Linux that it is booting on a Raspberry Pi2
 setenv machid 0x00000c42
 
@@ -6,6 +9,7 @@ saveenv
 
 # Load the existing Linux kernel into RAM
 fatload mmc 0:1 ${kernel_addr_r} kernel7.img
+fatload mmc 0:1 ${fdt_addr_r} ${dtbfile}
+fatload mmc 0:1 ${ramdisk_addr_r} ${initramfs}
 
 # Boot the kernel we have just loaded
-bootz ${kernel_addr_r}
diff --git a/files/firstboot/21-generate-ssh-keys.sh b/files/firstboot/21-generate-ssh-keys.sh
index 928ee2e..b3345b4 100644
--- a/files/firstboot/21-generate-ssh-keys.sh
+++ b/files/firstboot/21-generate-ssh-keys.sh
@@ -1,8 +1,11 @@
 logger -t "rc.firstboot" "Generating SSH host keys"
 
 if [ -d "/etc/ssh/" ] ; then
+  # Remove ssh host keys
   rm -f /etc/ssh/ssh_host_*
   systemctl stop sshd
+
+  # Regenerate ssh host keys
   ssh-keygen -q -t rsa -N "" -f /etc/ssh/ssh_host_rsa_key
   ssh-keygen -q -t dsa -N "" -f /etc/ssh/ssh_host_dsa_key
   ssh-keygen -q -t ecdsa -N "" -f /etc/ssh/ssh_host_ecdsa_key
@@ -11,8 +14,11 @@ if [ -d "/etc/ssh/" ] ; then
 fi
 
 if [ -d "/etc/dropbear/" ] ; then
+  # Remove ssh host keys
   rm -f /etc/dropbear/dropbear_*
   systemctl stop dropbear
+
+  # Regenerate ssh host keys
   dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key
   dropbearkey -t dss -f /etc/dropbear/dropbear_dss_host_key
   dropbearkey -t ecdsa -f /etc/dropbear/dropbear_ecdsa_host_key
diff --git a/files/firstboot/22-expandroot.sh b/files/firstboot/22-expandroot.sh
index 03ec50d..235c411 100644
--- a/files/firstboot/22-expandroot.sh
+++ b/files/firstboot/22-expandroot.sh
@@ -1,10 +1,20 @@
-logger -t "rc.firstboot" "Expanding root"
+logger -t "rc.firstboot" "Expanding root partition"
+
+# Detect root partition device
 ROOT_PART=$(mount | sed -n 's|^/dev/\(.*\) on / .*|\1|p')
-PART_NUM=$(echo ${ROOT_PART} | grep -o '[1-9][0-9]*$')
+if [ -z "$ROOT_PART" ] ; then
+  log_warning_msg "unable to detect root partition device"
+  return 1
+fi
+
+# Extract root device name
 case "${ROOT_PART}" in
   mmcblk0*) ROOT_DEV=mmcblk0 ;;
   sda*)     ROOT_DEV=sda ;;
 esac
+
+# Check detected root partition name
+PART_NUM=$(echo ${ROOT_PART} | grep -o '[1-9][0-9]*$')
 if [ "$PART_NUM" = "$ROOT_PART" ] ; then
   logger -t "rc.firstboot" "$ROOT_PART is not an SD card. Don't know how to expand"
   return 0
@@ -16,6 +26,8 @@ if [ "$PART_NUM" -gt 2 ] ; then
   logger -t "rc.firstboot" "Your partition layout is not currently supported by this tool."
   return 0
 fi
+
+# Check if last partition number
 LAST_PART_NUM=$(parted /dev/${ROOT_DEV} -ms unit s p | tail -n 1 | cut -f 1 -d:)
 if [ $LAST_PART_NUM -ne $PART_NUM ]; then
   logger -t "rc.firstboot" "$ROOT_PART is not the last partition. Don't know how to expand"
@@ -53,4 +65,4 @@ EOF2
 # Reload the partition table, resize root filesystem then remove resizing code from this file
 partprobe &&
   resize2fs /dev/${ROOT_PART} &&
-  logger -t "rc.firstboot" "Root partition successfuly resized."
+  logger -t "rc.firstboot" "Root partition successfully resized."
diff --git a/files/firstboot/23-regenerate-initramfs.sh b/files/firstboot/23-regenerate-initramfs.sh
new file mode 100644
index 0000000..78e2922
--- /dev/null
+++ b/files/firstboot/23-regenerate-initramfs.sh
@@ -0,0 +1,31 @@
+logger -t "rc.firstboot" "Regenerating initramfs to remove encrypted root partition auto-expand"
+
+KERNEL_VERSION=$(uname -r)
+KERNEL_ARCH=$(uname -m)
+INITRAMFS="/boot/firmware/initramfs-${KERNEL_VERSION}"
+INITRAMFS_UBOOT="${INITRAMFS}.uboot"
+
+# Extract kernel arch
+case "${KERNEL_ARCH}" in
+  arm*) KERNEL_ARCH=arm ;;
+esac
+
+# Regenerate initramfs
+if [ -r "${INITRAMFS}" ] ; then
+  rm -f /etc/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs
+  rm -f /etc/initramfs-tools/scripts/local-premount/expand-premount
+  rm -f /etc/initramfs-tools/hooks/expand-tools
+  rm -f "${INITRAMFS}"
+  mkinitramfs -o "${INITRAMFS}" "${KERNEL_VERSION}"
+fi
+
+# Convert generated initramfs for U-Boot using mkimage
+if [ -r "${INITRAMFS_UBOOT}" ] ; then
+  rm -f /etc/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs
+  rm -f /etc/initramfs-tools/scripts/local-premount/expand-premount
+  rm -f /etc/initramfs-tools/hooks/expand-tools
+  rm -f "${INITRAMFS_UBOOT}"
+  mkinitramfs -o "${INITRAMFS}" "${KERNEL_VERSION}"
+  mkimage -A "${KERNEL_ARCH}" -T ramdisk -C none -n "initramfs-${KERNEL_VERSION}" -d "${INITRAMFS}" "${INITRAMFS_UBOOT}"
+  rm -f "${INITRAMFS}"
+fi
diff --git a/files/firstboot/23-generate-machineid.sh b/files/firstboot/24-generate-machineid.sh
index dca48b3..dca48b3 100644
--- a/files/firstboot/23-generate-machineid.sh
+++ b/files/firstboot/24-generate-machineid.sh
diff --git a/files/firstboot/24-create-resolv-symlink.sh b/files/firstboot/25-create-resolv-symlink.sh
index 8a3f00b..8a3f00b 100644
--- a/files/firstboot/24-create-resolv-symlink.sh
+++ b/files/firstboot/25-create-resolv-symlink.sh
diff --git a/files/initramfs/expand-premount b/files/initramfs/expand-premount
new file mode 100755
index 0000000..c0c5582
--- /dev/null
+++ b/files/initramfs/expand-premount
@@ -0,0 +1,19 @@
+#!/bin/sh
+
+set -e
+
+# Check for cryptdevice variable
+if [ -z "$cryptdevice" ] ; then
+  echo "unable to get cryptdevice variable (local-premount)"
+  exit 1
+fi
+
+if [ -n "$ROOT" ] ; then
+  # Resize encrypted root partition
+  cryptsetup resize "${ROOT}"
+  e2fsck -fp "${ROOT}"
+  resize2fs -f "${ROOT}"
+  e2fsck -fp "${ROOT}"
+fi
+
+exit 0
diff --git a/files/initramfs/expand-tools b/files/initramfs/expand-tools
new file mode 100755
index 0000000..ad5dea3
--- /dev/null
+++ b/files/initramfs/expand-tools
@@ -0,0 +1,19 @@
+#!/bin/sh
+
+set -e
+
+# Use initramfs utility functions
+. /usr/share/initramfs-tools/hook-functions
+
+# Add binaries required for resizing the filesystem
+copy_exec /bin/grep /bin
+copy_exec /usr/bin/awk /bin
+copy_exec /usr/bin/cut /bin
+copy_exec /usr/bin/tail /bin
+copy_exec /sbin/fdisk /sbin
+copy_exec /sbin/parted /sbin
+copy_exec /sbin/e2fsck /sbin
+copy_exec /sbin/resize2fs /sbin
+copy_exec /sbin/partprobe /sbin
+
+exit 0
diff --git a/files/initramfs/expand_encrypted_rootfs b/files/initramfs/expand_encrypted_rootfs
new file mode 100644
index 0000000..e6896ba
--- /dev/null
+++ b/files/initramfs/expand_encrypted_rootfs
@@ -0,0 +1,85 @@
+#!/bin/sh
+# expand_encrypted_rootfs initramfs-tools boot script
+
+# dependencies: grep awk cut tail fdisk parted e2fsck resize2fs
+
+set -e
+
+# Wait for USB devices to be ready
+sleep 5
+
+# Use initramfs utility functions
+if [ -r "/scripts/functions" ] ; then
+  . /scripts/functions
+fi
+
+# Check for cryptdevice variable
+if [ -z "$cryptdevice" ] ; then
+  echo "unable to get cryptdevice variable (init-premount)"
+  return 1
+fi
+
+# Detect root partition device
+ROOT_PART=$(echo $cryptdevice | awk -F"/|:" '{ print $3 }')
+if [ -z "$ROOT_PART" ] ; then
+  log_warning_msg "unable to detect encrypted root partition device (cryptdevice)"
+  return 1
+fi
+
+# Extract root device name
+case "${ROOT_PART}" in
+  mmcblk0*) ROOT_DEV=mmcblk0 ;;
+  sda*)     ROOT_DEV=sda ;;
+esac
+
+# Check detected root partition name
+PART_NUM=$(echo ${ROOT_PART} | grep -o '[1-9][0-9]*$')
+if [ "$PART_NUM" = "$ROOT_PART" ] ; then
+  log_warning_msg "$ROOT_PART is not an SD card. Don't know how to expand"
+  return 1
+fi
+
+# NOTE: the NOOBS partition layout confuses parted. For now, let's only
+# agree to work with a sufficiently simple partition layout
+if [ "$PART_NUM" -gt 2 ] ; then
+  log_warning_msg "Your partition layout is not currently supported by this tool."
+  return 1
+fi
+
+# Check if last partition number
+LAST_PART_NUM=$(parted /dev/${ROOT_DEV} -ms unit s p | tail -n 1 | cut -f 1 -d:)
+if [ $LAST_PART_NUM -ne $PART_NUM ]; then
+  log_warning_msg "$ROOT_PART is not the last partition. Don't know how to expand"
+  return 1
+fi
+
+# Get the starting offset of the root partition
+PART_START=$(parted /dev/${ROOT_DEV} -ms unit s p | grep "^${PART_NUM}" | cut -f 2 -d: | sed 's/[^0-9]//g')
+if [ -z "$PART_START" ] ; then
+  log_warning_msg "${ROOT_DEV} unable to get starting sector of the partition"
+  return 1
+fi
+
+# Get the possible last sector for the root partition
+PART_LAST=$(fdisk -l /dev/${ROOT_DEV} | grep '^Disk.*sectors' | awk '{ print $7 - 1 }')
+if [ -z "$PART_LAST" ] ; then
+  log_warning_msg "${ROOT_DEV} unable to get last sector of the partition"
+  return 1
+fi
+
+### Since rc.local is run with "sh -e", let's add "|| true" to prevent premature exit
+fdisk /dev/${ROOT_DEV} 2> /dev/null <<EOF2 || true
+p
+d
+$PART_NUM
+n
+p
+$PART_NUM
+$PART_START
+$PART_LAST
+p
+w
+EOF2
+
+partprobe
+log_success_msg "Root partition successfully resized."
author	Jan Wagner <mail@jwagner.eu>	2016-04-19 15:10:50 +0200
committer	Jan Wagner <mail@jwagner.eu>	2016-04-19 15:10:50 +0200
commit	d0f91512d9ca6d361d8a4a387094c48aab00e111 (patch)
tree	b00ed220e2fa04bdb1db43475a8149d01d1be5db /files
parent	7878e85af7748d531a64f459723dca76ee37914b (diff)
download	rpi2-gen-image-master.tar.gz rpi2-gen-image-master.tar.bz2 rpi2-gen-image-master.zip