msw/CISS.debian.live.builder
SHA256
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity
Files
3c502c4078a2b0609bd304592135d400cc839fcdfd3fd6468bdcaaaef5f6a28f
CISS.debian.live.builder/config/includes.chroot/usr/lib/live/boot/9990-main.sh
Marc S. Weidner b8abd17237
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m4s
Details
V8.13.528.2025.12.03 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-12-03 14:30:25 +01:00

273 lines
7.8 KiB
Bash
Raw Blame History

#!/bin/sh
# bashsupport disable=BP5007
# shellcheck disable=SC2249
# shellcheck shell=sh
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-11-12; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: GPL-3.0-or-later
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
### Modified Version of the original file:
### https://salsa.debian.org/live-team/live-boot 'components/9990-main.sh'
### Change the behavior so that the ciss_rootfs.crypt (0024-ciss-crypt-squash) is mounted when it is opened.
# set -e
printf "\e[95m[INFO] Sourcing : [/usr/lib/live/boot/9990-main.sh] \n\e[0m"
Live ()
{
printf "\e[95m[INFO] Starting : [/usr/lib/live/boot/9990-main.sh] \n\e[0m"
if [ -x /scripts/local-top/cryptroot ]
then
/scripts/local-top/cryptroot
fi
exec 6>&1
exec 7>&2
exec > boot.log
exec 2>&1
tail -f boot.log >&7 &
tailpid="${!}"
# shellcheck disable=SC2034
LIVE_BOOT_CMDLINE="${LIVE_BOOT_CMDLINE:-$(cat /proc/cmdline)}"
Cmdline_old
Debug
Read_only
Select_eth_device
if [ -e /conf/param.conf ]
then
. /conf/param.conf
fi
# Needed here too because some things (*cough* udev *cough*)
# change the timeout
if [ -n "${NETBOOT}" ] || [ -n "${FETCH}" ] || [ -n "${HTTPFS}" ] || [ -n "${FTPFS}" ]
then
if do_netmount
then
livefs_root="${mountpoint?}"
else
panic "Unable to find a live file system on the network"
fi
else
if [ -n "${ISCSI_PORTAL}" ]
then
do_iscsi && livefs_root="${mountpoint}"
elif [ -n "${PLAIN_ROOT}" ] && [ -n "${ROOT}" ]
then
# Do a local boot from hd
livefs_root=${ROOT}
else
Setup_Memdisk
# If the live media location is given via command line and access to it
# involves LVM volumes, the corresponding volumes need to be activated.
IFS=','
# shellcheck disable=SC2116
for dev in $(echo "${LIVE_MEDIA}")
do
case "${dev}" in
/dev/mapper/*)
# shellcheck disable=SC2046,SC2312
eval $(dmsetup splitname --nameprefixes --noheadings --rows "${dev#/dev/mapper/}")
# shellcheck disable=SC2244
if [ "${DM_VG_NAME}" ] && [ "${DM_LV_NAME}" ]
then
lvm lvchange -aay -y --sysinit --ignoreskippedcluster "${DM_VG_NAME}/${DM_LV_NAME}"
fi
;;
/dev/*/*)
# Could be /dev/VG/LV; use lvs to check
if lvm lvs -- "${dev}" >/dev/null 2>&1
then
lvm lvchange -aay -y --sysinit --ignoreskippedcluster "${dev}"
fi
;;
esac
done
unset IFS
### Skip autodetection, '$livefs_root' was pre-seeded by '0024-ciss-crypt-squash'. ---------------------------------------
if [ -n "${livefs_root:-}" ]; then
printf "\e[92m[INFO] live() : Using preseeded [livefs_root=%s] skipping autodetect. \e[0m\n" "${livefs_root}"
else
### Scan local devices for the image.
i=0
while [ "${i}" -lt 60 ]; do
# shellcheck disable=SC2086
livefs_root=$(find_livefs ${i})
if [ -n "${livefs_root}" ]; then
break
fi
sleep 1
i=$((i + 1))
done
fi
fi
fi
printf "\e[93m[DEBUG] live(): [%s] -> livefs_root. \e[0m\n" "${livefs_root}"
if [ -z "${livefs_root}" ]; then
printf "\e[91m[FATAL] live() : Unable to find a medium containing a live file system. \e[0m\n"
sleep 60
log "[FATAL] live() : Unable to find a medium containing a live file system."
panic "[FATAL] live() : Unable to find a medium containing a live file system."
fi
Verify_checksums "${livefs_root}"
# shellcheck disable=SC2244
if [ "${TORAM}" ]; then
live_dest="ram"
elif [ "${TODISK}" ]; then
live_dest="${TODISK}"
fi
# shellcheck disable=SC2244
if [ "${live_dest}" ]; then
log_begin_msg "Copying live media to ${live_dest}"
copy_live_to "${livefs_root}" "${live_dest}"
log_end_msg
fi
# if we do not unmount the ISO, we can't run "fsck /dev/ice" later on
# because the mountpoint is left behind in /proc/mounts, so let's get
# rid of it when running from RAM
# shellcheck disable=SC2244
if [ -n "${FROMISO}" ] && [ "${TORAM}" ]; then
losetup -d /dev/loop0
if is_mountpoint /run/live/fromiso; then
umount /run/live/fromiso
rmdir --ignore-fail-on-non-empty /run/live/fromiso >/dev/null 2>&1 || true
fi
fi
if [ -n "${MODULETORAMFILE}" ] || [ -n "${PLAIN_ROOT}" ]
then
printf "\e[92m[INFO] Live() : [setup_unionfs livefs_root=%s rootmnt=%s] \e[0m\n" "${livefs_root}" "${rootmnt?}"
setup_unionfs "${livefs_root}" "${rootmnt?}"
else
mac="$(get_mac)"
mac="$(echo "${mac}" | sed 's/-//g')"
printf "\e[92m[INFO] Live() : [mount_images_in_directory livefs_root=%s rootmnt=%s mac=%s] \e[0m\n" "${livefs_root}" "${rootmnt}" "${mac}"
mount_images_in_directory "${livefs_root}" "${rootmnt}" "${mac}"
fi
if [ -n "${ROOT_PID}" ]
then
echo "${ROOT_PID}" > "${rootmnt}"/lib/live/root.pid
fi
log_end_msg
# aufs2 in kernel versions around 2.6.33 has a regression:
# directories can't be accessed when read for the first time,
# causing a failure, for example, when accessing /var/lib/fai
# when booting FAI, this simple workaround solves it
ls /root/* >/dev/null 2>&1
# if we do not unmount the ISO, we can't run "fsck /dev/ice" later on
# because the mountpoint is left behind in /proc/mounts, so let's get
# rid of it when running from RAM
# shellcheck disable=SC2244
if [ -n "${FINDISO}" ] && [ "${TORAM}" ]
then
losetup -d /dev/loop0
if is_mountpoint /run/live/findiso
then
umount /run/live/findiso
rmdir --ignore-fail-on-non-empty /run/live/findiso \
>/dev/null 2>&1 || true
fi
fi
if [ -f /etc/hostname ] && ! grep -E -q -v '^[[:space:]]*(#|$)' "${rootmnt}/etc/hostname"
then
log_begin_msg "Copying /etc/hostname to ${rootmnt}/etc/hostname"
cp -v /etc/hostname "${rootmnt}/etc/hostname"
log_end_msg
fi
if [ -f /etc/hosts ] && ! grep -E -q -v '^[[:space:]]*(#|$|(127.0.0.1|::1|ff02::[12])[[:space:]])' "${rootmnt}/etc/hosts"
then
log_begin_msg "Copying /etc/hosts to ${rootmnt}/etc/hosts"
cp -v /etc/hosts "${rootmnt}/etc/hosts"
log_end_msg
fi
### CISS override for systemd-networkd stack ---------------------------------------------------------------------------------
#if [ -L /root/etc/resolv.conf ] ; then
# # assume we have resolvconf
# DNSFILE="${rootmnt}/etc/resolvconf/resolv.conf.d/base"
#else
# DNSFILE="${rootmnt}/etc/resolv.conf"
#fi
#if [ -f /etc/resolv.conf ] && ! grep -E -q -v '^[[:space:]]*(#|$)' "${DNSFILE}"
#then
# log_begin_msg "Copying /etc/resolv.conf to ${DNSFILE}"
# cp -v /etc/resolv.conf "${DNSFILE}"
# log_end_msg
#fi
### CISS override for systemd-networkd stack ---------------------------------------------------------------------------------
if ! [ -d "/lib/live/boot" ]
then
panic "A wrong rootfs was mounted."
fi
Fstab
Netbase
Swap
exec 1>&6 6>&-
exec 2>&7 7>&-
kill "${tailpid}"
[ -w "${rootmnt}/var/log/" ] && mkdir -p "${rootmnt}/var/log/live" && ( \
cp boot.log "${rootmnt}/var/log/live" 2>/dev/null; \
cp fsck.log "${rootmnt}/var/log/live" 2>/dev/null )
sleep 3
printf "\e[92m[INFO] Successfully applied : [/usr/lib/live/boot/9990-main.sh] \n\e[0m"
}
Reference in New Issue View Git Blame Copy Permalink