diff --git a/Makefile b/Makefile index 06b2913e6..570defe39 100644 --- a/Makefile +++ b/Makefile @@ -519,6 +519,8 @@ bin_modules-$(CONFIG_POWERPC_UTILS) += powerpc-utils bin_modules-$(CONFIG_IO386) += io386 bin_modules-$(CONFIG_IOPORT) += ioport bin_modules-$(CONFIG_ZSTD) += zstd +bin_modules-$(CONFIG_E2FSPROGS) += e2fsprogs +bin_modules-$(CONFIG_EXFATPROGS) += exfatprogs $(foreach m, $(bin_modules-y), \ $(call map,initrd_bin_add,$(call bins,$m)) \ diff --git a/boards/z220-cmt-maximized/z220-cmt-maximized.config b/boards/z220-cmt-maximized/z220-cmt-maximized.config index c35992408..d081922ec 100644 --- a/boards/z220-cmt-maximized/z220-cmt-maximized.config +++ b/boards/z220-cmt-maximized/z220-cmt-maximized.config @@ -72,4 +72,4 @@ $(pwd)/blobs/z220/me.bin: $(pwd)/blobs/z220/ifd.bin: COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \ - $(pwd)/blobs/z220/download_BIOS_clean.sh \ No newline at end of file + $(pwd)/blobs/z220/download_BIOS_clean.sh diff --git a/config/busybox.config b/config/busybox.config index c5891f256..3701311c9 100644 --- a/config/busybox.config +++ b/config/busybox.config @@ -1,7 +1,7 @@ # # Automatically generated make config: don't edit -# Busybox version: 1.33.2 -# Mon Jul 3 16:24:44 2023 +# Busybox version: 1.36.1 +# Fri Jul 21 14:38:54 2023 # CONFIG_HAVE_DOT_CONFIG=y @@ -93,10 +93,16 @@ CONFIG_FEATURE_BUFFERS_USE_MALLOC=y # CONFIG_FEATURE_BUFFERS_GO_IN_BSS is not set CONFIG_PASSWORD_MINLEN=6 CONFIG_MD5_SMALL=1 +CONFIG_SHA1_SMALL=3 +CONFIG_SHA1_HWACCEL=y +CONFIG_SHA256_HWACCEL=y CONFIG_SHA3_SMALL=1 -# CONFIG_FEATURE_FAST_TOP is not set -# CONFIG_FEATURE_ETC_NETWORKS is not set -# CONFIG_FEATURE_ETC_SERVICES is not set +CONFIG_FEATURE_NON_POSIX_CP=y +# CONFIG_FEATURE_VERBOSE_CP_MESSAGE is not set +CONFIG_FEATURE_USE_SENDFILE=y +CONFIG_FEATURE_COPYBUF_KB=4 +CONFIG_MONOTONIC_SYSCALL=y +CONFIG_IOCTL_HEX2STR_ERROR=y CONFIG_FEATURE_EDITING=y CONFIG_FEATURE_EDITING_MAX_LEN=1024 # CONFIG_FEATURE_EDITING_VI is not set @@ -120,14 +126,9 @@ CONFIG_LAST_SUPPORTED_WCHAR=767 # CONFIG_UNICODE_BIDI_SUPPORT is not set # CONFIG_UNICODE_NEUTRAL_TABLE is not set # CONFIG_UNICODE_PRESERVE_BROKEN is not set -CONFIG_FEATURE_NON_POSIX_CP=y -# CONFIG_FEATURE_VERBOSE_CP_MESSAGE is not set -CONFIG_FEATURE_USE_SENDFILE=y -CONFIG_FEATURE_COPYBUF_KB=4 -CONFIG_FEATURE_SKIP_ROOTFS=y -CONFIG_MONOTONIC_SYSCALL=y -CONFIG_IOCTL_HEX2STR_ERROR=y -CONFIG_FEATURE_HWIB=y +# CONFIG_LOOP_CONFIGURE is not set +# CONFIG_NO_LOOP_CONFIGURE is not set +CONFIG_TRY_LOOP_CONFIGURE=y # # Applets @@ -162,6 +163,8 @@ CONFIG_FEATURE_BZIP2_DECOMPRESS=y CONFIG_CPIO=y CONFIG_FEATURE_CPIO_O=y CONFIG_FEATURE_CPIO_P=y +CONFIG_FEATURE_CPIO_IGNORE_DEVNO=y +CONFIG_FEATURE_CPIO_RENUMBER_INODES=y # CONFIG_DPKG is not set # CONFIG_DPKG_DEB is not set CONFIG_GZIP=y @@ -197,6 +200,22 @@ CONFIG_FEATURE_LZMA_FAST=y # # Coreutils # +CONFIG_FEATURE_VERBOSE=y + +# +# Common options for date and touch +# +# CONFIG_FEATURE_TIMEZONE is not set + +# +# Common options for cp and mv +# +CONFIG_FEATURE_PRESERVE_HARDLINKS=y + +# +# Common options for df, du, ls +# +CONFIG_FEATURE_HUMAN_READABLE=y CONFIG_BASENAME=y CONFIG_CAT=y CONFIG_FEATURE_CATN=y @@ -207,11 +226,13 @@ CONFIG_CHMOD=y # CONFIG_FEATURE_CHOWN_LONG_OPTIONS is not set CONFIG_CHROOT=y # CONFIG_CKSUM is not set +CONFIG_CRC32=y # CONFIG_COMM is not set CONFIG_CP=y CONFIG_FEATURE_CP_LONG_OPTIONS=y CONFIG_FEATURE_CP_REFLINK=y CONFIG_CUT=y +CONFIG_FEATURE_CUT_REGEX=y CONFIG_DATE=y CONFIG_FEATURE_DATE_ISOFMT=y # CONFIG_FEATURE_DATE_NANO is not set @@ -223,6 +244,7 @@ CONFIG_FEATURE_DD_IBS_OBS=y CONFIG_FEATURE_DD_STATUS=y CONFIG_DF=y CONFIG_FEATURE_DF_FANCY=y +CONFIG_FEATURE_SKIP_ROOTFS=y CONFIG_DIRNAME=y # CONFIG_DOS2UNIX is not set # CONFIG_UNIX2DOS is not set @@ -316,13 +338,13 @@ CONFIG_TEST2=y CONFIG_FEATURE_TEST_64=y # CONFIG_TIMEOUT is not set CONFIG_TOUCH=y -CONFIG_FEATURE_TOUCH_NODEREF=y CONFIG_FEATURE_TOUCH_SUSV3=y CONFIG_TR=y CONFIG_FEATURE_TR_CLASSES=y CONFIG_FEATURE_TR_EQUIV=y CONFIG_TRUE=y CONFIG_TRUNCATE=y +CONFIG_TSORT=y CONFIG_TTY=y CONFIG_UNAME=y CONFIG_UNAME_OSNAME="GNU/Linux" @@ -342,21 +364,6 @@ CONFIG_FEATURE_WC_LARGE=y # CONFIG_WHOAMI is not set # CONFIG_YES is not set -# -# Common options -# -CONFIG_FEATURE_VERBOSE=y - -# -# Common options for cp and mv -# -CONFIG_FEATURE_PRESERVE_HARDLINKS=y - -# -# Common options for df, du, ls -# -CONFIG_FEATURE_HUMAN_READABLE=y - # # Console Utilities # @@ -420,6 +427,7 @@ CONFIG_VI=y CONFIG_FEATURE_VI_MAX_LEN=4096 # CONFIG_FEATURE_VI_8BIT is not set CONFIG_FEATURE_VI_COLON=y +CONFIG_FEATURE_VI_COLON_EXPAND=y CONFIG_FEATURE_VI_YANKMARK=y CONFIG_FEATURE_VI_SEARCH=y # CONFIG_FEATURE_VI_REGEX_SEARCH is not set @@ -433,6 +441,7 @@ CONFIG_FEATURE_VI_ASK_TERMINAL=y CONFIG_FEATURE_VI_UNDO=y CONFIG_FEATURE_VI_UNDO_QUEUE=y CONFIG_FEATURE_VI_UNDO_QUEUE_MAX=256 +CONFIG_FEATURE_VI_VERBOSE_STATUS=y CONFIG_FEATURE_ALLOW_EXEC=y # @@ -441,7 +450,11 @@ CONFIG_FEATURE_ALLOW_EXEC=y CONFIG_FIND=y CONFIG_FEATURE_FIND_PRINT0=y CONFIG_FEATURE_FIND_MTIME=y +CONFIG_FEATURE_FIND_ATIME=y +CONFIG_FEATURE_FIND_CTIME=y CONFIG_FEATURE_FIND_MMIN=y +CONFIG_FEATURE_FIND_AMIN=y +CONFIG_FEATURE_FIND_CMIN=y CONFIG_FEATURE_FIND_PERM=y CONFIG_FEATURE_FIND_TYPE=y CONFIG_FEATURE_FIND_EXECUTABLE=y @@ -449,6 +462,7 @@ CONFIG_FEATURE_FIND_XDEV=y CONFIG_FEATURE_FIND_MAXDEPTH=y CONFIG_FEATURE_FIND_NEWER=y CONFIG_FEATURE_FIND_INUM=y +CONFIG_FEATURE_FIND_SAMEFILE=y CONFIG_FEATURE_FIND_EXEC=y CONFIG_FEATURE_FIND_EXEC_PLUS=y CONFIG_FEATURE_FIND_USER=y @@ -641,7 +655,7 @@ CONFIG_LSUSB=y # CONFIG_FEATURE_MDEV_DAEMON is not set # CONFIG_MESG is not set # CONFIG_FEATURE_MESG_ENABLE_ONLY_GROUP is not set -CONFIG_MKE2FS=y +# CONFIG_MKE2FS is not set # CONFIG_MKFS_EXT2 is not set # CONFIG_MKFS_MINIX is not set # CONFIG_FEATURE_MINIX2 is not set @@ -739,6 +753,7 @@ CONFIG_FEATURE_VOLUMEID_XFS=y # Miscellaneous Utilities # # CONFIG_ADJTIMEX is not set +CONFIG_ASCII=y # CONFIG_BBCONFIG is not set # CONFIG_FEATURE_COMPRESS_BBCONFIG is not set # CONFIG_BC is not set @@ -819,10 +834,12 @@ CONFIG_PARTPROBE=y # CONFIG_RFKILL is not set # CONFIG_RUNLEVEL is not set # CONFIG_RX is not set +CONFIG_SEEDRNG=y CONFIG_SETFATTR=y CONFIG_SETSERIAL=y CONFIG_STRINGS=y CONFIG_TIME=y +CONFIG_TREE=y # CONFIG_TS is not set # CONFIG_TTYSIZE is not set # CONFIG_UBIATTACH is not set @@ -834,6 +851,7 @@ CONFIG_TIME=y # CONFIG_UBIRENAME is not set # CONFIG_VOLNAME is not set # CONFIG_WATCHDOG is not set +# CONFIG_FEATURE_WATCHDOG_OPEN_TWICE is not set # # Networking Utilities @@ -842,6 +860,9 @@ CONFIG_TIME=y # CONFIG_FEATURE_UNIX_LOCAL is not set # CONFIG_FEATURE_PREFER_IPV4_ADDRESS is not set # CONFIG_VERBOSE_RESOLUTION_ERRORS is not set +# CONFIG_FEATURE_ETC_NETWORKS is not set +# CONFIG_FEATURE_ETC_SERVICES is not set +CONFIG_FEATURE_HWIB=y # CONFIG_FEATURE_TLS_SHA1 is not set CONFIG_ARP=y # CONFIG_ARPING is not set @@ -860,6 +881,7 @@ CONFIG_ARP=y # CONFIG_HOSTNAME is not set # CONFIG_DNSDOMAINNAME is not set # CONFIG_HTTPD is not set +CONFIG_FEATURE_HTTPD_PORT_DEFAULT=0 # CONFIG_FEATURE_HTTPD_RANGES is not set # CONFIG_FEATURE_HTTPD_SETUID is not set # CONFIG_FEATURE_HTTPD_BASIC_AUTH is not set @@ -952,6 +974,7 @@ CONFIG_SSL_CLIENT=y # CONFIG_FEATURE_TELNET_WIDTH is not set # CONFIG_TELNETD is not set # CONFIG_FEATURE_TELNETD_STANDALONE is not set +CONFIG_FEATURE_TELNETD_PORT_DEFAULT=0 # CONFIG_FEATURE_TELNETD_INETD_WAIT is not set CONFIG_TFTP=y CONFIG_FEATURE_TFTP_PROGRESS_BAR=y @@ -972,6 +995,7 @@ CONFIG_VCONFIG=y CONFIG_WGET=y CONFIG_FEATURE_WGET_LONG_OPTIONS=y # CONFIG_FEATURE_WGET_STATUSBAR is not set +CONFIG_FEATURE_WGET_FTP=y # CONFIG_FEATURE_WGET_AUTHENTICATION is not set CONFIG_FEATURE_WGET_TIMEOUT=y CONFIG_FEATURE_WGET_HTTPS=y @@ -988,6 +1012,7 @@ CONFIG_UDHCPC=y CONFIG_FEATURE_UDHCPC_ARPING=y CONFIG_FEATURE_UDHCPC_SANITIZEOPT=y CONFIG_UDHCPC_DEFAULT_SCRIPT="/sbin/config-dhcp.sh" +CONFIG_UDHCPC6_DEFAULT_SCRIPT="" # CONFIG_UDHCPC6 is not set # CONFIG_FEATURE_UDHCPC6_RFC3646 is not set # CONFIG_FEATURE_UDHCPC6_RFC4704 is not set @@ -997,6 +1022,7 @@ CONFIG_UDHCPC_DEFAULT_SCRIPT="/sbin/config-dhcp.sh" # # Common options for DHCP applets # +CONFIG_UDHCPC_DEFAULT_INTERFACE="eth0" # CONFIG_FEATURE_UDHCP_PORT is not set CONFIG_UDHCP_DEBUG=9 CONFIG_UDHCPC_SLACK_FOR_BUGGY_SERVERS=80 @@ -1014,17 +1040,19 @@ CONFIG_IFUPDOWN_UDHCPC_CMD_OPTIONS="" # # Mail Utilities # +CONFIG_FEATURE_MIME_CHARSET="" # CONFIG_MAKEMIME is not set # CONFIG_POPMAILDIR is not set # CONFIG_FEATURE_POPMAILDIR_DELIVERY is not set # CONFIG_REFORMIME is not set # CONFIG_FEATURE_REFORMIME_COMPAT is not set # CONFIG_SENDMAIL is not set -CONFIG_FEATURE_MIME_CHARSET="" # # Process Utilities # +# CONFIG_FEATURE_FAST_TOP is not set +CONFIG_FEATURE_SHOW_THREADS=y # CONFIG_FREE is not set # CONFIG_FUSER is not set # CONFIG_IOSTAT is not set @@ -1063,7 +1091,6 @@ CONFIG_FEATURE_TOPMEM=y # CONFIG_UPTIME is not set # CONFIG_FEATURE_UPTIME_UTMP_SUPPORT is not set # CONFIG_WATCH is not set -CONFIG_FEATURE_SHOW_THREADS=y # # Runit Utilities @@ -1120,6 +1147,7 @@ CONFIG_ASH_EXPAND_PRMT=y CONFIG_ASH_ECHO=y CONFIG_ASH_PRINTF=y CONFIG_ASH_TEST=y +CONFIG_ASH_SLEEP=y CONFIG_ASH_HELP=y CONFIG_ASH_GETOPTS=y CONFIG_ASH_CMDCMD=y @@ -1128,8 +1156,8 @@ CONFIG_ASH_CMDCMD=y # CONFIG_SHELL_HUSH is not set # CONFIG_HUSH_BASH_COMPAT is not set # CONFIG_HUSH_BRACE_EXPANSION is not set -# CONFIG_HUSH_LINENO_VAR is not set # CONFIG_HUSH_BASH_SOURCE_CURDIR is not set +# CONFIG_HUSH_LINENO_VAR is not set # CONFIG_HUSH_INTERACTIVE is not set # CONFIG_HUSH_SAVEHISTORY is not set # CONFIG_HUSH_JOB is not set diff --git a/config/linux-talos-2.config b/config/linux-talos-2.config index b22324272..9c1fabadd 100644 --- a/config/linux-talos-2.config +++ b/config/linux-talos-2.config @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/powerpc 5.5.0-openpower1 Kernel Configuration +# Linux/powerpc 5.5.0 Kernel Configuration # # @@ -415,24 +415,6 @@ CONFIG_ARCH_RANDOM=y # CONFIG_VIRTUALIZATION is not set CONFIG_HAVE_LIVEPATCH=y -# -# Firmware Drivers -# -# CONFIG_FIRMWARE_MEMMAP is not set -CONFIG_GOOGLE_FIRMWARE=y -CONFIG_GOOGLE_COREBOOT_TABLE=y -CONFIG_GOOGLE_COREBOOT_CBMEM=y -CONFIG_GOOGLE_MEMCONSOLE=y -CONFIG_GOOGLE_MEMCONSOLE_COREBOOT=y -# CONFIG_GOOGLE_VPD is not set -CONFIG_EFI_EARLYCON=y - -# -# Tegra firmware driver -# -# end of Tegra firmware driver -# end of Firmware Drivers - # # General architecture-dependent options # @@ -504,7 +486,6 @@ CONFIG_ARCH_OPTIONAL_KERNEL_RWX=y CONFIG_ARCH_HAS_STRICT_KERNEL_RWX=y CONFIG_STRICT_KERNEL_RWX=y CONFIG_ARCH_HAS_PHYS_TO_DMA=y -CONFIG_ARCH_USE_MEMREMAP_PROT=y # CONFIG_LOCK_EVENT_COUNTS is not set # @@ -2431,7 +2412,44 @@ CONFIG_VIRTIO_PCI_LEGACY=y # end of Microsoft Hyper-V guest support # CONFIG_GREYBUS is not set -# CONFIG_STAGING is not set +CONFIG_STAGING=y +# CONFIG_COMEDI is not set +# CONFIG_RTS5208 is not set +# CONFIG_FB_SM750 is not set + +# +# Speakup console speech +# +# CONFIG_SPEAKUP is not set +# end of Speakup console speech + +# CONFIG_STAGING_MEDIA is not set + +# +# Android +# +# end of Android + +# CONFIG_LTE_GDM724X is not set +# CONFIG_GS_FPGABOOT is not set +# CONFIG_UNISYSSPAR is not set + +# +# Gasket devices +# +# end of Gasket devices + +# CONFIG_XIL_AXIS_FIFO is not set +# CONFIG_FIELDBUS_DEV is not set +# CONFIG_USB_WUSB_CBAF is not set +# CONFIG_UWB is not set +CONFIG_EXFAT_FS=y +CONFIG_EXFAT_DISCARD=y +# CONFIG_EXFAT_DELAYED_SYNC is not set +# CONFIG_EXFAT_KERNEL_DEBUG is not set +# CONFIG_EXFAT_DEBUG_MSG is not set +CONFIG_EXFAT_DEFAULT_CODEPAGE=437 +CONFIG_EXFAT_DEFAULT_IOCHARSET="utf8" # CONFIG_GOLDFISH is not set # CONFIG_HWSPINLOCK is not set diff --git a/initrd/bin/mount-usb b/initrd/bin/mount-usb index 35e81f07f..a5e8b4bf7 100755 --- a/initrd/bin/mount-usb +++ b/initrd/bin/mount-usb @@ -1,16 +1,84 @@ #!/bin/bash # Mount a USB device . /etc/functions +. /etc/luks-functions TRACE "Under /bin/mount-usb" +function usage() { + cat < <--device device> <--mountpoint mountpoint> <--pass passphrase> + $0 --help + +parameters: + --mode: ro or rw (default ro) + --device: device to mount (default: first USB device found) + --mountpoint: where to mount the device (default: /media) + --pass: passphrase for LUKS device (default: none) + --help: Show this help +USAGE_END +} + +MODE="ro" +DEVICE="" +MOUNTPOINT="/media" +PASS="" + + +#Only assign --mode, --device, --mountpoint and --pass parameters only if variables following them are not empty +while [ $# -gt 0 ]; do + case "$1" in + --mode) + if [ -n "$2" ]; then + MODE="$2" + shift + shift + fi + ;; + --device) + if [ -n "$2" ]; then + DEVICE="$2" + shift + shift + fi + ;; + --mountpoint) + if [ -n "$2" ]; then + MOUNTPOINT="$2" + shift + shift + fi + ;; + --pass) + if [ -n "$2" ]; then + PASS="$2" + shift + shift + fi + ;; + *) + usage + exit 1 + ;; + esac +done + + +#Show parameters content but not LUKS passphrase: if empty, show "empty", if provided, show "provided" +DEBUG "Parameters: --mode="$MODE", --device=${DEVICE:-empty}, --mountpoint="$MOUNTPOINT", --pass=${PASS:+provided}" + enable_usb enable_usb_storage -if [ ! -d /media ]; then - mkdir /media +if [ ! -d "$MOUNTPOINT" ]; then + DEBUG "Creating "$MOUNTPOINT" directory" + mkdir -p "$MOUNTPOINT" > /dev/null 2>&1 +else + DEBUG "Cleaning "$MOUNTPOINT" directory" + umount "$MOUNTPOINT" > /dev/null 2>&1 || true fi + list_usb_storage > /tmp/usb_block_devices if [ -z "$(cat /tmp/usb_block_devices)" ]; then if [ -x /bin/whiptail ]; then @@ -34,56 +102,100 @@ if [ -z "$(cat /tmp/usb_block_devices)" ]; then fi USB_MOUNT_DEVICE="" -# Check for the common case: a single USB disk with one partition -if [ `cat /tmp/usb_block_devices | wc -l` -eq 1 ]; then - USB_MOUNT_DEVICE=`cat /tmp/usb_block_devices` -fi -# otherwise, let the user pick -if [ -z ${USB_MOUNT_DEVICE} ]; then - > /tmp/usb_disk_list - for i in `cat /tmp/usb_block_devices`; do - echo $i $(blkid | grep $i | grep -o 'LABEL=".*"' | cut -f2 -d '"') >> /tmp/usb_disk_list - done +# Check if the user has specified a USB device +if [ -n "$DEVICE" ]; then + DEBUG "Checking if "$DEVICE" is a USB device" + if grep -q "$DEVICE" /tmp/usb_block_devices; then + DEBUG "Selected device is a USB device" + USB_MOUNT_DEVICE="$DEVICE" + fi +else + # Check for the common case: a single USB disk with one partition + if [ $(cat /tmp/usb_block_devices | wc -l) -eq 1 ]; then + USB_MOUNT_DEVICE="$(cat /tmp/usb_block_devices)" + fi + # otherwise, let the user pick + if [ -z ${USB_MOUNT_DEVICE} ]; then + > /tmp/usb_disk_list + for i in $(cat /tmp/usb_block_devices); do + #appends label to the device name + echo $i $(blkid | grep $i | grep -o 'LABEL=".*"' | cut -f2 -d '"') >> /tmp/usb_disk_list + done - if [ -x /bin/whiptail ]; then - MENU_OPTIONS="" - n=0 - while read option - do - n=`expr $n + 1` - option=$(echo $option | tr " " "_") - MENU_OPTIONS="$MENU_OPTIONS $n ${option}" - done < /tmp/usb_disk_list - - MENU_OPTIONS="$MENU_OPTIONS a Abort" - whiptail $BG_COLOR --title "Select your USB disk" \ - --menu "Choose your USB disk [1-$n, a to abort]:" 0 80 8 \ - -- $MENU_OPTIONS \ - 2>/tmp/whiptail - - option_index=$(cat /tmp/whiptail) - else - echo "+++ Select your USB disk:" - n=0 - while read option - do - n=`expr $n + 1` - echo "$n. $option" - done < /tmp/usb_disk_list - - read \ - -p "Choose your USB disk [1-$n, a to abort]: " \ - option_index + if [ -x /bin/whiptail ]; then + MENU_OPTIONS="" + n=0 + while read option + do + n=$(expr $n + 1) + option=$(echo $option | tr " " "_") + MENU_OPTIONS="$MENU_OPTIONS $n ${option}" + done < /tmp/usb_disk_list + + MENU_OPTIONS="$MENU_OPTIONS a Abort" + whiptail $BG_COLOR --title "Select your USB disk" \ + --menu "Choose your USB disk [1-$n, a to abort]:" 0 80 8 \ + -- $MENU_OPTIONS \ + 2>/tmp/whiptail + if [ $? -ne 0 ]; then + die "Selecting USB disk/partition aborted." + fi + option_index=$(cat /tmp/whiptail) + else + echo "+++ Select your USB disk:" + n=0 + while read option + do + n=$(expr $n + 1) + echo "$n. $option" + done < /tmp/usb_disk_list + + read \ + -p "Choose your USB disk [1-$n, a to abort]: " \ + option_index + fi + + if [ "$option_index" = "a" ]; then + exit 5 + fi + USB_MOUNT_DEVICE=$(head -n $option_index /tmp/usb_disk_list | tail -1 | sed 's/\ .*$//') fi +fi - if [ "$option_index" = "a" ]; then - exit 5 +DEBUG "Checking if "$USB_MOUNT_DEVICE" is a LUKS device/partition" +if cryptsetup isLuks "$USB_MOUNT_DEVICE"; then + DEBUG "Selected USB partition is a LUKS device" + #Selected USB partition is a LUKS device + if [ -e /dev/mapper/"usb_mount_$(basename "$USB_MOUNT_DEVICE")" ]; then + DEBUG "Closing currently mapped LUKS device" + cryptsetup close "usb_mount_$(basename "$USB_MOUNT_DEVICE")" + fi + DEBUG "Opening LUKS device $USB_MOUNT_DEVICE" + #Pass LUKS passphrase to cryptsetup only if we received one + if [ -z "$PASS" ]; then + #We haven't received a passphrase + cryptsetup open "$USB_MOUNT_DEVICE" "usb_mount_$(basename "$USB_MOUNT_DEVICE")" \ + || die "Failed to open ${USB_MOUNT_DEVICE} LUKS device" + else + #We received a pasphrase + cryptsetup open "$USB_MOUNT_DEVICE" "usb_mount_$(basename "$USB_MOUNT_DEVICE")" --key-file <(echo -n "${PASS}") \ + || die "Failed to open ${USB_MOUNT_DEVICE} LUKS device" fi - USB_MOUNT_DEVICE=`head -n $option_index /tmp/usb_disk_list | tail -1 | sed 's/\ .*$//'` + + warn "Note that you cannot boot from a mounted encrypted device." + DEBUG "Setting USB_MOUNT_DEVICE=/dev/mapper/"usb_mount_$(basename "$USB_MOUNT_DEVICE")"" + USB_MOUNT_DEVICE="/dev/mapper/"usb_mount_$(basename "$USB_MOUNT_DEVICE")"" +else + # Selected USB partition is not a LUKS device + DEBUG "Selected USB partition is not a LUKS device, continuing..." fi -if [ "$1" = "rw" ]; then - mount -o rw $USB_MOUNT_DEVICE /media + +# Mount the USB device +if [ "$MODE" = "rw" ]; then + DEBUG "Mounting $USB_MOUNT_DEVICE as read-write" + mount -o rw "$USB_MOUNT_DEVICE" "$MOUNTPOINT" || die "Failed to mount ${USB_MOUNT_DEVICE} as read-write" else - mount -o ro $USB_MOUNT_DEVICE /media + DEBUG "Mounting $USB_MOUNT_DEVICE as read-only" + mount -o ro "$USB_MOUNT_DEVICE" "$MOUNTPOINT" || die "Failed to mount ${USB_MOUNT_DEVICE} as read-only" fi diff --git a/initrd/bin/oem-factory-reset b/initrd/bin/oem-factory-reset index 9c90732fc..74378fa08 100755 --- a/initrd/bin/oem-factory-reset +++ b/initrd/bin/oem-factory-reset @@ -546,7 +546,7 @@ if [ "$prompt_output" == "y" \ # mount USB over /media only if not already mounted if ! grep -q /media /proc/mounts ; then # mount USB in rw - if ! mount-usb rw 2>/tmp/error; then + if ! mount-usb -mode rw 2>/tmp/error; then ERROR=$(tail -n 1 /tmp/error | fold -s) whiptail_error_die "Unable to mount USB on /media:\n\n${ERROR}" fi diff --git a/initrd/bin/root-hashes-gui.sh b/initrd/bin/root-hashes-gui.sh index d4bcab448..94533bcb0 100755 --- a/initrd/bin/root-hashes-gui.sh +++ b/initrd/bin/root-hashes-gui.sh @@ -171,7 +171,7 @@ detect_root_device() # check $CONFIG_ROOT_DEV if set/valid if [ -e "$CONFIG_ROOT_DEV" ]; then if cryptsetup isLuks $CONFIG_ROOT_DEV >/dev/null 2>&1; then - if cryptsetup luksOpen $CONFIG_ROOT_DEV rootdisk; then + if cryptsetup open $CONFIG_ROOT_DEV rootdisk; then if mount -o ro /dev/mapper/rootdisk $ROOT_MOUNT >/dev/null 2>&1; then if cd $ROOT_MOUNT && ls -d $CONFIG_ROOT_DIRLIST >/dev/null 2>&1; then # CONFIG_ROOT_DEV is valid device and contains an installed OS return 0 @@ -199,7 +199,7 @@ detect_root_device() # iterate thru possible options and check for LUKS for i in `cat /tmp_root_device_list`; do if cryptsetup isLuks $i >/dev/null 2>&1; then - if cryptsetup luksOpen $i rootdisk; then + if cryptsetup open $i rootdisk; then if mount -o ro /dev/mapper/rootdisk $ROOT_MOUNT >/dev/null 2>&1; then if cd $ROOT_MOUNT && ls -d $CONFIG_ROOT_DIRLIST >/dev/null 2>&1; then # CONFIG_ROOT_DEV is valid device and contains an installed OS @@ -220,7 +220,7 @@ unmount_root_device() { cd / umount $ROOT_MOUNT 2>/dev/null - cryptsetup luksClose rootdisk + cryptsetup close rootdisk } checkonly="n" diff --git a/initrd/etc/luks-functions b/initrd/etc/luks-functions index 3fa3cd525..3f913a5a1 100644 --- a/initrd/etc/luks-functions +++ b/initrd/etc/luks-functions @@ -1,18 +1,131 @@ #!/bin/bash -# Reencrypt LUKS container and change Disk Recovery Key associated passphrase (Slot 0: main slot) +# LUKS related functions . /etc/functions . /etc/gui_functions . /tmp/config +#List all LUKS devices on the system +list_luks_devices() +{ + #generate a list of devices to choose from that contain a LUKS header + lvm vgscan||true + blkid | cut -d ':' -f 1 | while read device;do cryptsetup isLuks $device;if [ $(echo $?) == 0 ]; then echo $device;fi; done | sort +} + + +#Whiptail prompt asking user to select ratio of device to use for LUKS container between: 25, 50, 75 +select_luks_container_size_percent() +{ + TRACE "Under /etc/luks-functions:select_luks_container_size_percent()" + if [ -x /bin/whiptail ]; then + #whiptail prompt asking user to select ratio of device to use for LUKS container between: 25, 50, 75 + #whiptail returns the percentage of the device to use for LUKS container + whiptail --title "Select LUKS container size percentage of device" --menu \ + "Select LUKS container size percentage of device:" 0 80 10 \ + "25" "25%" \ + "50" "50%" \ + "75" "75%" \ + 2> /tmp/luks_container_size_percent \ + || die "Error selecting LUKS container size percentage of device" + else + #console prompt asking user to select ratio of device to use for LUKS container between: 25, 50, 75 + #console prompt returns the percentage of the device to use for LUKS container + echo "Select LUKS container size percentage of device:" + echo "1. 25%" + echo "2. 50%" + echo "3. 75%" + read -p "Choose your LUKS container size percentage of device [1-3]: " option_index + if [ "$option_index" = "1" ]; then + echo "25" > /tmp/luks_container_size_percent + elif [ "$option_index" = "2" ]; then + echo "50" > /tmp/luks_container_size_percent + elif [ "$option_index" = "3" ]; then + echo "75" > /tmp/luks_container_size_percent + else + die "Error selecting LUKS container size percentage of device" + fi + fi +} + +#Partition a device with two partitions: a first one being a LUKS container containing private ext4 partition and second public exfat partition +# Size provisioning is done by percentage of the device +# $1: device to partition +# $2: percentage of device to use for LUKS container +# $3: passphrase to use for LUKS container +prepare_thumb_drive() +{ + TRACE "Under /etc/luks-functions:prepare_thumb_drive()" + DEVICE=$1 + PERCENTAGE=$2 + PASSPHRASE=$3 + DEBUG "DEVICE to partition: $DEVICE" + DEBUG "PERCENTAGE of device that will be used for LUKS container: $PERCENTAGE" + + #Check if device is a block device + if [ ! -b $DEVICE ]; then + die "Error: $DEVICE is not a block device" + fi + + if [ -z "$PERCENTAGE" ]; then + #If no percentage was provided, ask user to select percentage of device to use for LUKS container + select_luks_container_size_percent + PERCENTAGE=$(cat /tmp/luks_container_size_percent) + fi + + + #Get disk size in bytes from fdisk + DISK_SIZE_BYTES="$(blockdev --getsize64 "$DEVICE")" + #Convert disk size to MB + DISK_SIZE_MB=$((DISK_SIZE_BYTES/1024/1024)) + #Get size in bytes from percentage and apply percentage to DISK_SIZE_MB + PERCENTAGE_MB="$((DISK_SIZE_MB*PERCENTAGE/100))" + + #Console and whiptail $BG_COLOR_WARNING prompt (Y/n) validate one last time wiping and repartitioning of $device of total size $DISK_SIZE_MB with $PERCENTAGE_MB assigned to LUKS encrypted private partition + if [ -x /bin/whiptail ]; then + whiptail $BG_COLOR_WARNING --title "WARNING: Wiping and repartitioning $DEVICE of $DISK_SIZE_MB MB" --yesno \ + "WARNING: Wiping and repartitioning $DEVICE with $PERCENTAGE_MB MB assigned to private LUKS contained private ext4 partition, rest assigned to extfat public partition.\n\nAre you sure you want to continue?" 0 80 \ + || die "User cancelled wiping and repartitioning of $DEVICE" + else + echo -e -n "Warning: Wiping and repartitioning $DEVICE with $PERCENTAGE_MB MB assigned to private LUKS contained private ext4 partition, rest assigned to extfat public partition.\n\nAre you sure you want to continue?" + read -r -p " [Y/n] " response + #transform response to uppercase with bash parameter expansion + response=${response^^} + #continue if response different then uppercase N + if [[ $response =~ ^(N)$ ]]; then + die "User cancelled wiping and repartitioning of $DEVICE" + fi + fi + + echo -e "Preparing $DEVICE with $PERCENTAGE_MB MB for private LUKS container and rest of disk with exfat\ + \n for public partition (This may take a while)..." | fold -s + DEBUG "Creating empty DOS partition table on device through fdisk to start clean" + echo -e "o\nw\n" | fdisk $DEVICE > /dev/null 2>&1 || die "Error creating partition table" + DEBUG "partition device with two partitions: first one being the percent applied and rest for second partition through fdisk" + echo -e "n\np\n1\n\n+"$PERCENTAGE_MB"M\nn\np\n2\n\n\nw\n" | fdisk $DEVICE > /dev/null 2>&1 || die "Error partitioning device" + DEBUG "cryptsetup luksFormat first partition with LUKS container aes-xts-plain64 cipher with sha256 hash and 512 bit key" + DEBUG "Creating ${PERCENTAGE_MB}MB LUKS container on ${DEVICE}1..." + DO_WITH_DEBUG cryptsetup --batch-mode -c aes-xts-plain64 -h sha256 -s 512 -y luksFormat ${DEVICE}1 --key-file <(echo -n "${PASSPHRASE}") > /dev/null 2>&1 \ + || die "Error formatting LUKS container" + DEBUG "Opening LUKS device and mapping under /dev/mapper/private..." + cryptsetup open ${DEVICE}1 private --key-file <(echo -n "${PASSPHRASE}") > /dev/null 2>&1 \ + || die "Error opening LUKS container" + DEBUG "Formatting LUKS container mapped under /dev/mapper/private as an ext4 partition..." + mke2fs -t ext4 -L private /dev/mapper/private > /dev/null 2>&1 || die "Error formatting LUKS container's ext4 filesystem" + DEBUG "Closing LUKS device /dev/mapper/private..." + cryptsetup close private > /dev/null 2>&1 || die "Error closing LUKS container" + DEBUG "Formatting second partition ${DEVICE}2 with exfat filesystem..." + mkfs.exfat -L public ${DEVICE}2 > /dev/null 2>&1 || die "Error formatting second partition with exfat filesystem" + echo "Done." +} + select_luks_container() { + TRACE "Under /etc/luks-functions:select_luks_container()" if [ -s /boot/kexec_key_devices.txt ]; then LUKS=$(cut -d ' ' -f1 /boot/kexec_key_devices.txt) else - #generate a list of devices to choose from that contain a LUKS header - lvm vgscan||true - blkid | cut -d ':' -f 1 | while read device;do cryptsetup isLuks $device;if [ $(echo $?) == 0 ]; then echo $device;fi; done | sort > /tmp/luks_devices.txt + list_luks_devices if [ $(cat /tmp/luks_devices.txt | wc -l) -gt 0 ]; then file_selector "/tmp/luks_devices.txt" "Select LUKS container device" if [ "$FILE" == "" ]; then @@ -33,6 +146,7 @@ select_luks_container() test_luks_current_disk_recovery_key_passphrase() { + TRACE "Under /etc/luks-functions:test_luks_current_disk_recovery_key_passphrase()" while : ; do select_luks_container || return 1 if [ -z "$luks_current_Disk_Recovery_Key_passphrase" ]; then @@ -41,14 +155,14 @@ test_luks_current_disk_recovery_key_passphrase() read -r luks_current_Disk_Recovery_Key_passphrase echo -n "$luks_current_Disk_Recovery_Key_passphrase" > /tmp/luks_current_Disk_Recovery_Key_passphrase warn "Test opening "$LUKS" LUKS encrypted drive content with current Recovery Disk Key passphrase..." - cryptsetup luksOpen $LUKS test --key-file /tmp/luks_current_Disk_Recovery_Key_passphrase + cryptsetup open $LUKS test --key-file /tmp/luks_current_Disk_Recovery_Key_passphrase else echo -n "$luks_current_Disk_Recovery_Key_passphrase" > /tmp/luks_current_Disk_Recovery_Key_passphrase warn "Test opening "$LUKS" LUKS encrypted drive content with current Recovery Disk Key passphrase..." - cryptsetup luksOpen $LUKS test --key-file /tmp/luks_current_Disk_Recovery_Key_passphrase + cryptsetup open $LUKS test --key-file /tmp/luks_current_Disk_Recovery_Key_passphrase fi #Validate past cryptsetup-reencrypt attempts - if [ $(echo $?) -ne 0 ]; then + if [ $? -eq 0 ]; then whiptail --title 'Invalid Actual LUKS Disk Recovery Key passphrase?' --msgbox \ "If you previously changed it and do not remember it, you will have to\n reinstall OS from a an external drive.\n\nTo do so, place ISO file and its signature file on root of external drive,\n and select Options-> Boot from USB \n\nHit Enter to retry." 30 60 shred -n 10 -z -u /tmp/luks_current_Disk_Recovery_Key_passphrase 2> /dev/null @@ -65,7 +179,7 @@ test_luks_current_disk_recovery_key_passphrase() #Exporting successfully used passphrase possibly reused by oem-factory-reset #We close the volume - cryptsetup luksClose test + cryptsetup close test export luks_current_Disk_Recovery_Key_passphrase break; fi @@ -73,6 +187,7 @@ test_luks_current_disk_recovery_key_passphrase() } luks_reencrypt(){ +TRACE "Under /etc/luks-functions:luks_reencrypt()" while : ; do select_luks_container || return 1 if [ -z "$luks_current_Disk_Recovery_Key_passphrase" ]; then @@ -113,6 +228,7 @@ done luks_change_passphrase() { + TRACE "Under /etc/luks-functions:luks_change_passphrase()" while : ; do select_luks_container || return 1 #if actual or new Disk Recovery Key is not provisioned by oem-provisioning file diff --git a/initrd/etc/mke2fs.conf b/initrd/etc/mke2fs.conf new file mode 100644 index 000000000..b7fc95df7 --- /dev/null +++ b/initrd/etc/mke2fs.conf @@ -0,0 +1,45 @@ +[defaults] + base_features = sparse_super,large_file,filetype,resize_inode,dir_index,ext_attr + default_mntopts = acl,user_xattr + enable_periodic_fsck = 0 + blocksize = 4096 + inode_size = 256 + inode_ratio = 16384 + +[fs_types] + ext3 = { + features = has_journal + } + ext4 = { + features = has_journal,extent,huge_file,flex_bg,metadata_csum,metadata_csum_seed,64bit,dir_nlink,extra_isize,orphan_file + } + small = { + blocksize = 1024 + inode_ratio = 4096 + } + floppy = { + blocksize = 1024 + inode_ratio = 8192 + } + big = { + inode_ratio = 32768 + } + huge = { + inode_ratio = 65536 + } + news = { + inode_ratio = 4096 + } + largefile = { + inode_ratio = 1048576 + blocksize = -1 + } + largefile4 = { + inode_ratio = 4194304 + blocksize = -1 + } + hurd = { + blocksize = 4096 + inode_size = 128 + warn_y2038_dates = 0 + } diff --git a/modules/busybox b/modules/busybox index 03ec0a41d..83cb7ee2a 100644 --- a/modules/busybox +++ b/modules/busybox @@ -2,11 +2,11 @@ CONFIG_BUSYBOX ?= y modules-$(CONFIG_BUSYBOX) += busybox -busybox_version := 1.33.2 +busybox_version := 1.36.1 busybox_dir := busybox-$(busybox_version) busybox_tar := busybox-$(busybox_version).tar.bz2 busybox_url := https://busybox.net/downloads/$(busybox_tar) -busybox_hash := 6843ba7977081e735fa0fdb05893e3c002c8c5ad7c9c80da206e603cc0ac47e7 +busybox_hash := b8cc24c9574d809e7279c3be349795c5d5ceb6fdf19ca709f80cde50e47de314 busybox_configure := $(MAKE) CC="$(heads_cc)" oldconfig busybox_config := config/busybox.config diff --git a/modules/e2fsprogs b/modules/e2fsprogs new file mode 100644 index 000000000..383e98b49 --- /dev/null +++ b/modules/e2fsprogs @@ -0,0 +1,34 @@ +#Module is included unless defined in board to "n" +CONFIG_E2FSPROGS ?= y +modules-$(CONFIG_E2FSPROGS) += e2fsprogs + +e2fsprogs_version := 1.47.0 +e2fsprogs_dir := e2fsprogs-$(e2fsprogs_version) +e2fsprogs_tar := e2fsprogs-$(e2fsprogs_version).tar.xz +e2fsprogs_url := https://mirrors.edge.kernel.org/pub/linux/kernel/people/tytso/e2fsprogs/v$(e2fsprogs_version)/$(e2fsprogs_tar) +e2fsprogs_hash := 144af53f2bbd921cef6f8bea88bb9faddca865da3fbc657cc9b4d2001097d5db + +# For reproducibility reasons we have to override the exec_prefix +# and datarootdir on the configure line so that the Makefiles will +# be generated with the correct paths, but then re-write them when +# we use the install target so that they will be copied to the correct +# location. +e2fsprogs_configure := \ + $(CROSS_TOOLS) \ + CFLAGS="-Os" \ + ./configure \ + --host $(MUSL_ARCH)-linux-musl \ + --prefix "" \ + --libexecdir "/bin" \ + +# Run one build to generate the executables with the pre-defined +# exec_prefix and datarootdir, then a second make to install the binaries +# into our actual target location +e2fsprogs_target := $(MAKE_JOBS) \ + && $(MAKE) -C $(build)/$(e2fsprogs_dir) \ + DESTDIR="$(INSTALL)" \ + install + +e2fsprogs_output := misc/mke2fs + +e2fsprogs_depends := $(musl_dep) diff --git a/modules/exfatprogs b/modules/exfatprogs new file mode 100644 index 000000000..f8b5ae993 --- /dev/null +++ b/modules/exfatprogs @@ -0,0 +1,34 @@ +#Module is included unless defined in board to "n" +CONFIG_EXFATPROGS ?= y +modules-$(CONFIG_EXFATPROGS) += exfatprogs + +exfatprogs_version := 1.2.1 +exfatprogs_dir := exfatprogs-$(exfatprogs_version) +exfatprogs_tar := exfatprogs-$(exfatprogs_version).tar.xz +exfatprogs_url := https://github.com/exfatprogs/exfatprogs/releases/download/$(exfatprogs_version)/$(exfatprogs_tar) +exfatprogs_hash := a6f3b1fb4bd37835c8f8cb421aac4eb75b880a51342b29850c4063973162227b + +# For reproducibility reasons we have to override the exec_prefix +# and datarootdir on the configure line so that the Makefiles will +# be generated with the correct paths, but then re-write them when +# we use the install target so that they will be copied to the correct +# location. +exfatprogs_configure := \ + $(CROSS_TOOLS) \ + CFLAGS="-Os" \ + ./configure \ + --host $(MUSL_ARCH)-linux-musl \ + --prefix "" \ + --libexecdir "/bin" \ + +# Run one build to generate the executables with the pre-defined +# exec_prefix and datarootdir, then a second make to install the binaries +# into our actual target location +exfatprogs_target := $(MAKE_JOBS) \ + && $(MAKE) -C $(build)/$(exfatprogs_dir) \ + DESTDIR="$(INSTALL)" \ + install + +exfatprogs_output := fsck/fsck.exfat mkfs/mkfs.exfat + +exfatprogs_depends := $(musl_dep) diff --git a/patches/busybox-1.33.2.patch b/patches/busybox-1.36.1.patch similarity index 100% rename from patches/busybox-1.33.2.patch rename to patches/busybox-1.36.1.patch