diff --git a/config/includes.chroot/usr/lib/live/boot/0024-ciss-crypt-squash b/config/includes.chroot/usr/lib/live/boot/0024-ciss-crypt-squash index 5fed337..0b5b502 100644 --- a/config/includes.chroot/usr/lib/live/boot/0024-ciss-crypt-squash +++ b/config/includes.chroot/usr/lib/live/boot/0024-ciss-crypt-squash @@ -267,16 +267,19 @@ PID_BROKER="$!" fi - printf "\e[93m[INFO] Enter LUKS passphrase on console: \n\e[0m" >/dev/console 2>/dev/null || break + #printf "\e[93m[INFO] Enter LUKS passphrase on console: \n\e[0m" >/dev/console 2>/dev/null || break - if ! IFS= read -r PASS /dev/null; then + #if ! IFS= read -r PASS /dev/null; then - break + # break - fi + #fi [ -n "${PASS}" ] || continue + # shellcheck disable=SC2310 + PASS="$(ask_pass_console)" || continue + printf '%s\n' "${PASS}" >| /lib/cryptsetup/passfifo 2>/dev/null || : done diff --git a/config/includes.chroot/usr/lib/live/boot/9990-main.sh b/config/includes.chroot/usr/lib/live/boot/9990-main.sh new file mode 100644 index 0000000..fc2b97c --- /dev/null +++ b/config/includes.chroot/usr/lib/live/boot/9990-main.sh @@ -0,0 +1,254 @@ +#!/bin/sh +# bashsupport disable=BP5007 +# shellcheck disable=SC2249 +# shellcheck shell=sh + +# SPDX-Version: 3.0 +# SPDX-CreationInfo: 2025-11-12; WEIDNER, Marc S.; +# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git +# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency +# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; +# SPDX-FileType: SOURCE +# SPDX-License-Identifier: GPL-3.0-or-later +# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework. +# SPDX-PackageName: CISS.debian.live.builder +# SPDX-Security-Contact: security@coresecret.eu + +### Modified Version of the original file: +### https://salsa.debian.org/live-team/live-boot 'components/9990-main.shh' +### Change behavior to mount already opened ciss_rootfs.crypt (0024-ciss-crypt-squash). + +# set -e + +Live () +{ + printf "\e[95m[INFO] Starting: [/usr/lib/live/boot/9990-main.sh] ... \n\e[0m" + + if [ -x /scripts/local-top/cryptroot ] + then + /scripts/local-top/cryptroot + fi + + exec 6>&1 + exec 7>&2 + exec > boot.log + exec 2>&1 + tail -f boot.log >&7 & + tailpid="${!}" + + # shellcheck disable=SC2034 + LIVE_BOOT_CMDLINE="${LIVE_BOOT_CMDLINE:-$(cat /proc/cmdline)}" + Cmdline_old + + Debug + + Read_only + + Select_eth_device + + if [ -e /conf/param.conf ] + then + . /conf/param.conf + fi + + # Needed here too because some things (*cough* udev *cough*) + # change the timeout + + printf "\e[93m[DEBUG] live(): Before do_netmount() pp. \e[0m\n" >&2 + if [ -n "${NETBOOT}" ] || [ -n "${FETCH}" ] || [ -n "${HTTPFS}" ] || [ -n "${FTPFS}" ] + then + if do_netmount + then + printf "\e[93m[DEBUG] live(): [livefs_root=%s] \e[0m\n" "${mountpoint?}" >&2 + livefs_root="${mountpoint?}" + else + panic "Unable to find a live file system on the network" + fi + else + if [ -n "${ISCSI_PORTAL}" ] + then + printf "\e[93m[DEBUG] live(): [do_iscsi && livefs_root=%s] \e[0m\n" "${mountpoint?}" >&2 + do_iscsi && livefs_root="${mountpoint}" + elif [ -n "${PLAIN_ROOT}" ] && [ -n "${ROOT}" ] + then + # Do a local boot from hd + printf "\e[93m[DEBUG] live(): Do a local boot from hd [livefs_root=%s] \e[0m\n" "${ROOT?}" >&2 + livefs_root=${ROOT} + else + printf "\e[93m[DEBUG] live(): [Setup_Memdisk] \e[0m\n" >&2 + Setup_Memdisk + + # If the live media location is given via command line and access to it + # involves LVM volumes, the corresponding volumes need to be activated. + IFS=',' + # shellcheck disable=SC2116 + for dev in $(echo "${LIVE_MEDIA}") + do + case "${dev}" in + /dev/mapper/*) + # shellcheck disable=SC2046,SC2312 + eval $(dmsetup splitname --nameprefixes --noheadings --rows "${dev#/dev/mapper/}") + # shellcheck disable=SC2244 + if [ "${DM_VG_NAME}" ] && [ "${DM_LV_NAME}" ] + then + lvm lvchange -aay -y --sysinit --ignoreskippedcluster "${DM_VG_NAME}/${DM_LV_NAME}" + fi + ;; + /dev/*/*) + # Could be /dev/VG/LV; use lvs to check + if lvm lvs -- "${dev}" >/dev/null 2>&1 + then + lvm lvchange -aay -y --sysinit --ignoreskippedcluster "${dev}" + fi + ;; + esac + done + unset IFS + + # Scan local devices for the image + i=0 + while [ "${i}" -lt 60 ] + do + # shellcheck disable=SC2086 + livefs_root=$(find_livefs ${i}) + + if [ -n "${livefs_root}" ] + then + break + fi + + sleep 1 + i=$((i + 1)) + done + fi + fi + + if [ -z "${livefs_root}" ] + then + panic "Unable to find a medium containing a live file system" + fi + + printf "\e[93m[DEBUG] live(): Before [Verify_checksums %s] \e[0m\n" "${livefs_root}" >&2 + Verify_checksums "${livefs_root}" + + # shellcheck disable=SC2244 + if [ "${TORAM}" ] + then + live_dest="ram" + elif [ "${TODISK}" ] + then + live_dest="${TODISK}" + fi + + # shellcheck disable=SC2244 + if [ "${live_dest}" ] + then + log_begin_msg "Copying live media to ${live_dest}" + copy_live_to "${livefs_root}" "${live_dest}" + log_end_msg + fi + + # if we do not unmount the ISO, we can't run "fsck /dev/ice" later on + # because the mountpoint is left behind in /proc/mounts, so let's get + # rid of it when running from RAM + # shellcheck disable=SC2244 + if [ -n "${FROMISO}" ] && [ "${TORAM}" ] + then + losetup -d /dev/loop0 + + if is_mountpoint /run/live/fromiso + then + umount /run/live/fromiso + rmdir --ignore-fail-on-non-empty /run/live/fromiso \ + >/dev/null 2>&1 || true + fi + fi + + printf "\e[93m[DBG] Live(): before overlay, live_dest=%s \e[0m\n" "${live_dest:-}" >&2 + printf "\e[93m[DBG] Live(): MODULETORAMFILE=%s PLAIN_ROOT=%s \e[0m\n" "${MODULETORAMFILE}" "${PLAIN_ROOT}" >&2 + if [ -n "${MODULETORAMFILE}" ] || [ -n "${PLAIN_ROOT}" ] + then + printf "\e[93m[DBG] Live(): setup_unionfs livefs_root=%s rootmnt=%s \e[0m\n" "${livefs_root}" "${rootmnt?}" >&2 + setup_unionfs "${livefs_root}" "${rootmnt?}" + else + mac="$(get_mac)" + mac="$(echo "${mac}" | sed 's/-//g')" + printf "\e[93m[DBG] Live(): mount_images_in_directory livefs_root=%s rootmnt=%s mac=%s \e[0m\n" "${livefs_root}" "${rootmnt}" "${mac}" >&2 + mount_images_in_directory "${livefs_root}" "${rootmnt}" "${mac}" + fi + + if [ -n "${ROOT_PID}" ] + then + echo "${ROOT_PID}" > "${rootmnt}"/lib/live/root.pid + fi + + log_end_msg + + # aufs2 in kernel versions around 2.6.33 has a regression: + # directories can't be accessed when read for the first time, + # causing a failure, for example, when accessing /var/lib/fai + # when booting FAI, this simple workaround solves it + ls /root/* >/dev/null 2>&1 + + # if we do not unmount the ISO, we can't run "fsck /dev/ice" later on + # because the mountpoint is left behind in /proc/mounts, so let's get + # rid of it when running from RAM + # shellcheck disable=SC2244 + if [ -n "${FINDISO}" ] && [ "${TORAM}" ] + then + losetup -d /dev/loop0 + + if is_mountpoint /run/live/findiso + then + umount /run/live/findiso + rmdir --ignore-fail-on-non-empty /run/live/findiso \ + >/dev/null 2>&1 || true + fi + fi + + if [ -f /etc/hostname ] && ! grep -E -q -v '^[[:space:]]*(#|$)' "${rootmnt}/etc/hostname" + then + log_begin_msg "Copying /etc/hostname to ${rootmnt}/etc/hostname" + cp -v /etc/hostname "${rootmnt}/etc/hostname" + log_end_msg + fi + + if [ -f /etc/hosts ] && ! grep -E -q -v '^[[:space:]]*(#|$|(127.0.0.1|::1|ff02::[12])[[:space:]])' "${rootmnt}/etc/hosts" + then + log_begin_msg "Copying /etc/hosts to ${rootmnt}/etc/hosts" + cp -v /etc/hosts "${rootmnt}/etc/hosts" + log_end_msg + fi + + if [ -L /root/etc/resolv.conf ] ; then + # assume we have resolvconf + DNSFILE="${rootmnt}/etc/resolvconf/resolv.conf.d/base" + else + DNSFILE="${rootmnt}/etc/resolv.conf" + fi + if [ -f /etc/resolv.conf ] && ! grep -E -q -v '^[[:space:]]*(#|$)' "${DNSFILE}" + then + log_begin_msg "Copying /etc/resolv.conf to ${DNSFILE}" + cp -v /etc/resolv.conf "${DNSFILE}" + log_end_msg + fi + + if ! [ -d "/lib/live/boot" ] + then + panic "A wrong rootfs was mounted." + fi + + Fstab + Netbase + + Swap + + exec 1>&6 6>&- + exec 2>&7 7>&- + kill "${tailpid}" + [ -w "${rootmnt}/var/log/" ] && mkdir -p "${rootmnt}/var/log/live" && ( \ + cp boot.log "${rootmnt}/var/log/live" 2>/dev/null; \ + cp fsck.log "${rootmnt}/var/log/live" 2>/dev/null ) + + printf "\e[92m[INFO] Successfully applied: [/usr/lib/live/boot/9990-main.sh] ... \n\e[0m" +}