r00t2/bdisk
1
0
Fork 0
Code Issues Pull Requests Projects Releases Activity

Compare commits

base: r00t2:v2.50
Branches Tags
r00t2:master r00t2:4.x_rewrite r00t2:features r00t2:bash_OBSOLETE r00t2:python_rewrite
r00t2:v3.10 r00t2:v3.09 r00t2:v3.08 r00t2:v3.07 r00t2:v3.06 r00t2:v3.05 r00t2:v3.04 r00t2:v3.03 r00t2:v3.03-BETA r00t2:v3.02 r00t2:v3.01 r00t2:v3.00 r00t2:v3.00-BETA r00t2:v2.70 r00t2:v2.63 r00t2:v2.62 r00t2:v2.61 r00t2:v2.60 r00t2:v2.51 r00t2:v2.50 r00t2:v2.01 r00t2:v2.00 r00t2:v1.60 r00t2:v1.52 r00t2:v1.51 r00t2:v1.50 r00t2:v1.20 r00t2:v1.13 r00t2:v1.12 r00t2:v1.11 r00t2:v1.10 r00t2:v1.09 r00t2:v1.08 r00t2:OverlayFS r00t2:v1.07-ALPHA r00t2:v1.06-BETA r00t2:AUFS3 r00t2:v1.05 r00t2:v1.04 r00t2:v1.03 r00t2:v1.02 r00t2:v1.01 r00t2:v1.00 r00t2:v0.06-ALPHA r00t2:v0.05-ALPHA r00t2:v0.04-ALPHA r00t2:v0.03-ALPHA r00t2:v0.02-ALPHA r00t2:v0.01-ALPHA
...
compare: r00t2:v2.60
Branches Tags
r00t2:4.x_rewrite r00t2:master r00t2:features r00t2:bash_OBSOLETE r00t2:python_rewrite
r00t2:v3.10 r00t2:v3.09 r00t2:v3.08 r00t2:v3.07 r00t2:v3.06 r00t2:v3.05 r00t2:v3.04 r00t2:v3.03 r00t2:v3.03-BETA r00t2:v3.02 r00t2:v3.01 r00t2:v3.00 r00t2:v3.00-BETA r00t2:v2.70 r00t2:v2.63 r00t2:v2.62 r00t2:v2.61 r00t2:v2.60 r00t2:v2.51 r00t2:v2.50 r00t2:v2.01 r00t2:v2.00 r00t2:v1.60 r00t2:v1.52 r00t2:v1.51 r00t2:v1.50 r00t2:v1.20 r00t2:v1.13 r00t2:v1.12 r00t2:v1.11 r00t2:v1.10 r00t2:v1.09 r00t2:v1.08 r00t2:OverlayFS r00t2:v1.07-ALPHA r00t2:v1.06-BETA r00t2:AUFS3 r00t2:v1.05 r00t2:v1.04 r00t2:v1.03 r00t2:v1.02 r00t2:v1.01 r00t2:v1.00 r00t2:v0.06-ALPHA r00t2:v0.05-ALPHA r00t2:v0.04-ALPHA r00t2:v0.03-ALPHA r00t2:v0.02-ALPHA r00t2:v0.01-ALPHA

6 Commits
v2.50 ... v2.60

Author SHA1 Message Date
r00t
f43ceb501f updating package list with some temporary workarounds (my customizepkg-scripting might be causing some to fail?), updated some embedded confs, cleaned up some functions, updated ipxe patches 2016-02-25 10:08:43 -05:00
r00t
d826082f2b ipxe update, packages update 2016-01-10 14:34:49 -05:00
r00t
5ea464fac9 fixing build 2015-10-02 02:17:33 -04:00
r00t
8726f63c7c updating TODO, etc. 2015-09-26 15:03:11 -04:00
r00t
673a54ef2e hrmm.. gpg throwing errors and killing chroot 2015-09-23 15:27:49 -04:00
r00t
f4397354a9 adding some gitignores in prep for SSL support in iPXE 2015-09-18 01:31:58 -04:00
22 changed files with 232 additions and 73 deletions
Expand all files Collapse all files

3
.gitignore vendored
View File

@@ -31,3 +31,6 @@ extra/pre-build.d/etc/openvpn/client.conf
overlay/etc/ssh/* overlay/etc/ssh/*
overlay/home/bdisk overlay/home/bdisk
overlay/etc/systemd/system/multi-user.target.wants/openvpn@client.service overlay/etc/systemd/system/multi-user.target.wants/openvpn@client.service
src/ipxe_local/ssl/keys
src/ipxe_local/ssl/crts
src/ipxe_local/ssl/txt

16
bin/build.sh
View File

@@ -155,6 +155,22 @@ then
exit 0 exit 0
fi fi
# implement for future, needs tweaking- JUST rebuild the ISO.
#if [[ ${1} == "respin" ]];
#then
# if [[ "${MULTIARCH}" == "y" ]];
# then
# centos_is_stupid
# yo_dj any
# else
# centos_is_stupid
# yo_dj 64
# centos_is_stupid
# yo_dj 32
# fi
#fi
#
# or are we just building? # or are we just building?
if [[ ${1} == "build" || -z ${1} || ${1} == "all" ]]; if [[ ${1} == "build" || -z ${1} || ${1} == "all" ]];
then then

10
docs/TODO
View File

@@ -6,6 +6,7 @@
-- https://github.com/akopytov/sysbench -- https://github.com/akopytov/sysbench
-- (http://blog.due.io/2014/linode-digitalocean-and-vultr-comparison/ etc.) -- (http://blog.due.io/2014/linode-digitalocean-and-vultr-comparison/ etc.)
-package in AUR -package in AUR
-base rewrite in python. pyalpm may come in handy here.
## NETWORKING ## ## NETWORKING ##
@@ -22,6 +23,7 @@
## Building ## ## Building ##
-GUMMIBOOT IS GONE FROM THE REPOS. I could repackage it, but better to just see what the hell archiso's doing.
-WISH: Better logging[0] -WISH: Better logging[0]
-WISH: signing for secureboot releases (PreLoader and gummiboot handle this okay, but require manual intervention -WISH: signing for secureboot releases (PreLoader and gummiboot handle this okay, but require manual intervention
-use manual chrooting functions ONLY if distro not detected as arch. if /usr/bin/systemd-nspawn exists, use that instead -use manual chrooting functions ONLY if distro not detected as arch. if /usr/bin/systemd-nspawn exists, use that instead
@@ -33,14 +35,10 @@
--yes, see e.g. https://www.reddit.com/r/archlinux/comments/3bwgf0/where_put_the_splasharchbmp_to_splash_screen_boot/ --yes, see e.g. https://www.reddit.com/r/archlinux/comments/3bwgf0/where_put_the_splasharchbmp_to_splash_screen_boot/
-strip out/remove unnecessary and orphan packages (e.g. gcc, make, automake, etc.) -strip out/remove unnecessary and orphan packages (e.g. gcc, make, automake, etc.)
-incorporate iPXE tweaks: -incorporate iPXE tweaks:
--http://ipxe.org/crypto --http://ipxe.org/crypto
--http://ipxe.org/cmd/imgtrust --http://ipxe.org/cmd/imgtrust
--http://ipxe.org/cmd/imgverify --http://ipxe.org/cmd/imgverify
--enable use of custom CA/self-signed certs for HTTPS etc. --enable use of custom CA/self-signed certs for HTTPS etc. DONE, partially. need to incorporate codesign certs/keys. routines, conf variables
-X-platform
--what distros are supported?
--automatically install what we need for buildtime
---need to finish pkg lists and then test, but meta files should be done as well as lib script
-enable mirror= kernel commandline. -enable mirror= kernel commandline.
--if mirror_(NAME) is present, use that as repo name. --if mirror_(NAME) is present, use that as repo name.
--if it starts with /, treat as mirrorlist (Include); otherwise use Server = --if it starts with /, treat as mirrorlist (Include); otherwise use Server =

BIN
extra/bootstrap/apacman-1.9-1-any.pkg.tar.xz
View File

Binary file not shown.

BIN
extra/bootstrap/apacman-2.3-1-any.pkg.tar.xz Normal file
View File

Binary file not shown.

29
extra/build.conf.sample
View File

@@ -71,6 +71,35 @@ BUILDMINI="no"
# This currently does not work for HTTPS with self-signed certificates. # This currently does not work for HTTPS with self-signed certificates.
IPXE_URI="https://bdisk.square-r00t.net" IPXE_URI="https://bdisk.square-r00t.net"
# Path to the (root) CA certificate file (in PEM/X509 format) iPXE should use.
# If one is not specified, one will be generated.
# Only used if BUILDMINI is set to yes.
# Please properly escape any spaces or other funky characters.
# Note that you can use your own CA to sign existing certs. See http://ipxe.org/crypto for
# more info. This is handy if you run a third-party/"Trusted" root-CA-signed certificate
# for the HTTPS target.
# Requires IPXE_SSL_CAKEY if specified.
IPXE_SSL_CA=""
# Path to the (root) CA key file (in PEM/X509 format) iPXE should use.
# If one is not specified, one will be generated.
# Only used if BUILDMINI is set to yes.
# Please properly escape any spaces or other funky characters.
# Requires IPXE_SSL_CA if specified.
IPXE_SSL_CAKEY=""
# Path to the CLIENT certificate (in PEM/X509). If one is not specified, one will be generated.
# Only used if BUILDMINI is set to yes.
# Please properly escape any spaces or other funky characters.
# Requires IPXE_SSL_KEY if specified.
IPXE_SSL_CRT=""
# Path to the CLIENT key (in PEM/X509). If one is not specified, one will be generated.
# Only used if BUILDMINI is set to yes.
# Please properly escape any spaces or other funky characters.
# Requires IPXE_SSL_CRT if specified.
IPXE_SSL_KEY=""
# Set to "yes" to enable pushing new changes to a git repo/committing to a local repo # Set to "yes" to enable pushing new changes to a git repo/committing to a local repo
GIT="no" GIT="no"

13
extra/packages.both
View File

@@ -54,7 +54,7 @@ dd_rescue
dd_rhelp dd_rhelp
debianutils debianutils
debootstrap debootstrap
dialog #dialog #giving a weird dependency issue
diffutils diffutils
djohn djohn
dmidecode dmidecode
@@ -107,6 +107,7 @@ gptfdisk
gst-libav gst-libav
gst-plugins-ugly gst-plugins-ugly
hashcat hashcat
hashdeep
hddtemp hddtemp
hdparm hdparm
hexcurse hexcurse
@@ -140,8 +141,7 @@ keyutils
kismet-allplugins kismet-allplugins
lftp lftp
links links
#logkeys logkeys-git
logkeys-keymaps
lm_sensors lm_sensors
lrzsz lrzsz
lshw lshw
@@ -156,7 +156,6 @@ magicrescue
mbr mbr
mbuffer mbuffer
mcelog mcelog
md5deep
mdadm mdadm
mdcrack mdcrack
# superseded by storcli # superseded by storcli
@@ -254,7 +253,7 @@ smartmontools
smbclient smbclient
s-nail s-nail
socat socat
#star ## do people even USE tape packups anymore? #star ## do people even USE tape backups anymore?
storcli storcli
strace strace
stress stress
@@ -271,7 +270,7 @@ thttpd
tmon tmon
tmux tmux
tre tre
truecrack-svn truecrack-git
truecrypt truecrypt
tor tor
udftools udftools
@@ -296,7 +295,7 @@ vncrack
vnstat vnstat
vpnc vpnc
weplab weplab
whdd #whdd #currently depends on dialog, which is broke as shit
whois whois
wifite-mod-pixiewps-git wifite-mod-pixiewps-git
wipe wipe

3
extra/pre-build.d/32/etc/pacman.conf
View File

@@ -37,7 +37,8 @@ VerbosePkgLists
# By default, pacman accepts packages signed by keys that its local keyring # By default, pacman accepts packages signed by keys that its local keyring
# trusts (see pacman-key and its man page), as well as unsigned packages. # trusts (see pacman-key and its man page), as well as unsigned packages.
SigLevel = Required DatabaseOptional #SigLevel = Required DatabaseOptional #RE-ENABLE ME WHEN A NEW SNAPSHOT IS RELEASED WITH FIXED GPG
SigLevel = Never
LocalFileSigLevel = Optional LocalFileSigLevel = Optional
#RemoteFileSigLevel = Required #RemoteFileSigLevel = Required

3
extra/pre-build.d/64/etc/pacman.conf
View File

@@ -37,7 +37,8 @@ VerbosePkgLists
# By default, pacman accepts packages signed by keys that its local keyring # By default, pacman accepts packages signed by keys that its local keyring
# trusts (see pacman-key and its man page), as well as unsigned packages. # trusts (see pacman-key and its man page), as well as unsigned packages.
SigLevel = Required DatabaseOptional #SigLevel = Required DatabaseOptional #RE-ENABLE ME WHEN A NEW SNAPSHOT IS RELEASED WITH FIXED GPG
SigLevel = Never
LocalFileSigLevel = Optional LocalFileSigLevel = Optional
#RemoteFileSigLevel = Required #RemoteFileSigLevel = Required

37
extra/pre-build.d/etc/apacman.conf
View File

@@ -11,27 +11,26 @@
#buildonly=1 #buildonly=1
#cachevcs=1 #cachevcs=1
#ignorearch=1 #ignorearch=1
#needed=1 #keepkeys=1
needed=1
#noaur=1
noconfirm=1 noconfirm=1
noedit=1 noedit=1
#noaur=1 nofail=1
#noconfirm=1
#noedit=1
#nofail=1
#preview=1 #preview=1
#purgebuild=1 progress=1
purgebuild=1
#quiet=1 #quiet=1
#skipcache=1 skipcache=1
skipinteg=1 #skipinteg=1
#skiptest=1 #skiptest=1
#warn=1 #warn=1
#tmpdir=/var/tmp/apacman
#TMPDIR=/var/tmp/apacman
# #
# CONFIGURATION # CONFIGURATION
# #
#builddir="/tmp/pkgbuild-$UID"
#tmpdir="/tmp/apacmantmp-$UID" #tmpdir="/tmp/apacmantmp-$UID"
#makepkgconf="/etc/makepkg.conf" #makepkgconf="/etc/makepkg.conf"
#usermakepkgconf="$HOME/.makepkg.conf" #usermakepkgconf="$HOME/.makepkg.conf"
@@ -39,19 +38,21 @@ skipinteg=1
#downdir="/var/cache/pacman/pkg" #downdir="/var/cache/pacman/pkg"
#savedir="/var/cache/apacman/pkg" #savedir="/var/cache/apacman/pkg"
#editor="nano -w" #editor="nano -w"
editor="vim" #pager="less -R"
#RPCURL="https://aur.archlinux.org/rpc.php?type" #RPCURL="https://aur.archlinux.org/rpc.php?type"
#PKGURL="https://aur.archlinux.org" #PKGURL="https://aur.archlinux.org"
#WEBURL="https://www.archlinux.org"
#ABSURL="rsync.archlinux.org" #ABSURL="rsync.archlinux.org"
# #
# COLORIZATION # COLORIZATION
# #
COLOR1='\e[1;39m' #COLOR1='\e[1;39m'
COLOR2='\e[1;32m' #COLOR2='\e[1;32m'
COLOR3='\e[1;35m' #COLOR3='\e[1;35m'
COLOR4='\e[1;36m' #COLOR4='\e[1;36m'
COLOR5='\e[1;34m' #COLOR5='\e[1;34m'
COLOR6='\e[1;33m' #COLOR6='\e[1;33m'
COLOR7='\e[1;31m' #COLOR7='\e[1;31m'

2
extra/pre-build.d/etc/mkinitcpio.conf
View File

@@ -64,4 +64,4 @@ COMPRESSION="xz"
# COMPRESSION_OPTIONS # COMPRESSION_OPTIONS
# Additional options for the compressor # Additional options for the compressor
#COMPRESSION_OPTIONS="" COMPRESSION_OPTIONS="-9"

13
extra/pre-build.d/etc/pacman.d/mirrorlist
View File

@@ -1,7 +1,6 @@
# Server list generated by rankmirrors on 2014-11-10 Server = http://mirrors.advancedhosters.com/archlinux/$repo/os/$arch
Server = http://mirror.rit.edu/archlinux/$repo/os/$arch Server = http://mirrors.gigenet.com/archlinux/$repo/os/$arch
Server = http://mirror.cc.columbia.edu/pub/linux/archlinux/$repo/os/$arch Server = http://il.mirrors.linaxe.net/archlinux/$repo/os/$arch
Server = http://mirrors.acm.wpi.edu/archlinux/$repo/os/$arch Server = http://mirror.grig.io/archlinux/$repo/os/$arch
Server = http://mirror.jmu.edu/pub/archlinux/$repo/os/$arch Server = http://arch.mirrors.ionfish.org/$repo/os/$arch
Server = http://mirror.cs.pitt.edu/archlinux/$repo/os/$arch Server = http://cosmos.cites.illinois.edu/pub/archlinux/$repo/os/$arch
Server = http://mirror.vtti.vt.edu/archlinux/$repo/os/$arch

7
lib/01-mk.chroot.func.sh
View File

@@ -179,7 +179,8 @@ EOF
for x in $(find ${i}/etc/ -type f -iname "*.pacorig");do mv -f ${x} ${x%%.pacorig} ; done for x in $(find ${i}/etc/ -type f -iname "*.pacorig");do mv -f ${x} ${x%%.pacorig} ; done
echo "Done." echo "Done."
echo -n "...Upgrading any outdated packages..." echo -n "...Upgrading any outdated packages..."
${CHROOTCMD} ${i}/ pacman -Syyu --noconfirm >> "${LOGFILE}.${FUNCNAME}" 2>&1 ${CHROOTCMD} ${i}/ pacman -Syyu --force --noconfirm >> "${LOGFILE}.${FUNCNAME}" 2>&1
${CHROOTCMD} ${i}/ pacman-key --refresh-keys >> "${LOGFILE}.${FUNCNAME}" 2>&1
for x in $(find ${i}/etc/ -type f -iname "*.pacorig");do mv -f ${x} ${x%%.pacorig} ; done for x in $(find ${i}/etc/ -type f -iname "*.pacorig");do mv -f ${x} ${x%%.pacorig} ; done
echo "Done. Finishing/cleaning up..." echo "Done. Finishing/cleaning up..."
${CHROOTCMD} ${i}/ pacman -S --noconfirm --needed base-devel >> "${LOGFILE}.${FUNCNAME}" 2>&1 ${CHROOTCMD} ${i}/ pacman -S --noconfirm --needed base-devel >> "${LOGFILE}.${FUNCNAME}" 2>&1
@@ -195,7 +196,7 @@ EOF
#${CHROOTCMD} ${i} "pacman --noconfirm -U /var/tmp/pkg/apacman.tar.xz" >> "${LOGFILE}.${FUNCNAME}" 2>&1 #${CHROOTCMD} ${i} "pacman --noconfirm -U /var/tmp/pkg/apacman.tar.xz" >> "${LOGFILE}.${FUNCNAME}" 2>&1
${CHROOTCMD} ${i} bash -c "pacman --noconfirm -U /var/tmp/pkg/apacman.tar.xz && mkdir /var/tmp/apacman && chmod 0750 /var/tmp/apacman && chown root:aurbuild /var/tmp/apacman " >> "${LOGFILE}.${FUNCNAME}" 2>&1 ${CHROOTCMD} ${i} bash -c "pacman --noconfirm -U /var/tmp/pkg/apacman.tar.xz && mkdir /var/tmp/apacman && chmod 0750 /var/tmp/apacman && chown root:aurbuild /var/tmp/apacman " >> "${LOGFILE}.${FUNCNAME}" 2>&1
for x in $(find ${i}/etc/ -type f -iname "*.pacorig");do mv -f ${x} ${x%%.pacorig} ; done for x in $(find ${i}/etc/ -type f -iname "*.pacorig");do mv -f ${x} ${x%%.pacorig} ; done
${CHROOTCMD} ${i} bash -c "apacman -S --noconfirm --noedit --skipinteg -S apacman-deps expac" >> "${LOGFILE}.${FUNCNAME}" 2>&1 ${CHROOTCMD} ${i} bash -c "apacman -S --noconfirm --noedit --skipinteg -S apacman apacman-deps expac" >> "${LOGFILE}.${FUNCNAME}" 2>&1
#rm -rf ${i}/var/tmp/pkg #rm -rf ${i}/var/tmp/pkg
#${CHROOTCMD} ${i}/ pacman -S --noconfirm --needed yaourt >> "${LOGFILE}.${FUNCNAME}" 2>&1 #${CHROOTCMD} ${i}/ pacman -S --noconfirm --needed yaourt >> "${LOGFILE}.${FUNCNAME}" 2>&1
for x in $(find ${i}/etc/ -type f -iname "*.pacorig");do mv -f ${x} ${x%%.pacorig} ; done for x in $(find ${i}/etc/ -type f -iname "*.pacorig");do mv -f ${x} ${x%%.pacorig} ; done
@@ -259,7 +260,7 @@ EOF
set +e set +e
${CHROOTCMD} ${i}/ /usr/bin/bash -c "apacman --noconfirm --noedit --skipinteg -S --needed linux" >> "${LOGFILE}.${FUNCNAME}" 2>&1 ${CHROOTCMD} ${i}/ /usr/bin/bash -c "apacman --noconfirm --noedit --skipinteg -S --needed linux" >> "${LOGFILE}.${FUNCNAME}" 2>&1
cp -a ${i}/boot/vmlinuz-linux ${i}/boot/vmlinuz-linux-${DISTNAME} cp -a ${i}/boot/vmlinuz-linux ${i}/boot/vmlinuz-linux-${DISTNAME}
cp -a ${i}/boot/initramfs-linux.img ${i}/boot/initramfs-linux-${DISTNAME}.img #cp -a ${i}/boot/initramfs-linux.img ${i}/boot/initramfs-linux-${DISTNAME}.img
set -e set -e
for x in $(find ${i}/etc/ -type f -iname "*.pacorig");do mv -f ${x} ${x%%.pacorig} ; done for x in $(find ${i}/etc/ -type f -iname "*.pacorig");do mv -f ${x} ${x%%.pacorig} ; done
# Uncomment if you wish to use the mkpasswd binary from within the chroot... # Uncomment if you wish to use the mkpasswd binary from within the chroot...

8
lib/09-stuffy.func.sh
View File

@@ -14,10 +14,10 @@ function stuffy {
echo "Setting up EFI stuff..." echo "Setting up EFI stuff..."
mkdir -p ${TEMPDIR}/{EFI/{${DISTNAME},boot},loader/entries} mkdir -p ${TEMPDIR}/{EFI/{${DISTNAME},boot},loader/entries}
# this stuff comes from the prebootloader pkg and gummiboot pkg. lets us boot on UEFI machines with secureboot still enabled. # this stuff comes from the prebootloader pkg and systemd-boot. lets us boot on UEFI machines with secureboot still enabled.
cp ${BASEDIR}/root.x86_64/usr/lib/prebootloader/PreLoader.efi ${TEMPDIR}/EFI/boot/bootx64.efi cp ${BASEDIR}/root.x86_64/usr/lib/prebootloader/PreLoader.efi ${TEMPDIR}/EFI/boot/bootx64.efi
cp ${BASEDIR}/root.x86_64/usr/lib/prebootloader/HashTool.efi ${TEMPDIR}/EFI/boot/. cp ${BASEDIR}/root.x86_64/usr/lib/prebootloader/HashTool.efi ${TEMPDIR}/EFI/boot/.
cp ${BASEDIR}/root.x86_64/usr/lib/gummiboot/gummibootx64.efi ${TEMPDIR}/EFI/boot/loader.efi # TODO: can i use syslinux.efi instead? cp ${BASEDIR}/root.x86_64/usr/lib/systemd/boot/efi/systemd-bootx64.efi ${TEMPDIR}/EFI/boot/loader.efi # TODO: can i use syslinux.efi instead?
echo "Checking/fetching UEFI shells..." echo "Checking/fetching UEFI shells..."
if [ ! -f "${TEMPDIR}/EFI/shellx64_v2.efi" ]; if [ ! -f "${TEMPDIR}/EFI/shellx64_v2.efi" ];
@@ -71,7 +71,7 @@ EOF
FATSIZE=$((${FATSIZE} + $(stat --format="%s" ${TEMPDIR}/boot/${UXNAME}.64.img))) # EFI/BDISK/bdisk.img FATSIZE=$((${FATSIZE} + $(stat --format="%s" ${TEMPDIR}/boot/${UXNAME}.64.img))) # EFI/BDISK/bdisk.img
FATSIZE=$((${FATSIZE} + $(stat --format="%s" ${BASEDIR}/root.x86_64/usr/lib/prebootloader/PreLoader.efi))) # EFI/boot/bootx64.efi FATSIZE=$((${FATSIZE} + $(stat --format="%s" ${BASEDIR}/root.x86_64/usr/lib/prebootloader/PreLoader.efi))) # EFI/boot/bootx64.efi
FATSIZE=$((${FATSIZE} + $(stat --format="%s" ${BASEDIR}/root.x86_64/usr/lib/prebootloader/HashTool.efi))) # EFI/boot/HashTool.efi FATSIZE=$((${FATSIZE} + $(stat --format="%s" ${BASEDIR}/root.x86_64/usr/lib/prebootloader/HashTool.efi))) # EFI/boot/HashTool.efi
FATSIZE=$((${FATSIZE} + $(stat --format="%s" ${BASEDIR}/root.x86_64/usr/lib/gummiboot/gummibootx64.efi))) # EFI/boot/loader.efi FATSIZE=$((${FATSIZE} + $(stat --format="%s" ${BASEDIR}/root.x86_64/usr/lib/systemd/boot/efi/systemd-bootx64.efi))) # EFI/boot/loader.efi
FATSIZE=$((${FATSIZE} + $(stat --format="%s" ${TEMPDIR}/EFI/shellx64_v1.efi))) FATSIZE=$((${FATSIZE} + $(stat --format="%s" ${TEMPDIR}/EFI/shellx64_v1.efi)))
FATSIZE=$((${FATSIZE} + $(stat --format="%s" ${TEMPDIR}/EFI/shellx64_v2.efi))) FATSIZE=$((${FATSIZE} + $(stat --format="%s" ${TEMPDIR}/EFI/shellx64_v2.efi)))
FATSIZE=$((${FATSIZE} + $(du -sb ${TEMPDIR}/loader | tail -n1 | awk '{print $1}'))) # loader/* (okay so i cheated a little here.) FATSIZE=$((${FATSIZE} + $(du -sb ${TEMPDIR}/loader | tail -n1 | awk '{print $1}'))) # loader/* (okay so i cheated a little here.)
@@ -112,7 +112,7 @@ EOF
cp ${BASEDIR}/root.x86_64/usr/lib/prebootloader/PreLoader.efi ${SRCDIR}/efiboot/EFI/boot/bootx64.efi cp ${BASEDIR}/root.x86_64/usr/lib/prebootloader/PreLoader.efi ${SRCDIR}/efiboot/EFI/boot/bootx64.efi
cp ${BASEDIR}/root.x86_64/usr/lib/prebootloader/HashTool.efi ${SRCDIR}/efiboot/EFI/boot/. cp ${BASEDIR}/root.x86_64/usr/lib/prebootloader/HashTool.efi ${SRCDIR}/efiboot/EFI/boot/.
cp ${BASEDIR}/root.x86_64/usr/lib/gummiboot/gummibootx64.efi ${SRCDIR}/efiboot/EFI/boot/loader.efi # TODO: can i use syslinux.efi instead? cp ${BASEDIR}/root.x86_64/usr/lib/systemd/boot/efi/systemd-bootx64.efi ${SRCDIR}/efiboot/EFI/boot/loader.efi # TODO: can i use syslinux.efi instead?
cp ${TEMPDIR}/EFI/shellx64_v{1,2}.efi ${SRCDIR}/efiboot/EFI/. cp ${TEMPDIR}/EFI/shellx64_v{1,2}.efi ${SRCDIR}/efiboot/EFI/.
umount ${SRCDIR}/efiboot umount ${SRCDIR}/efiboot
echo "EFI configuration complete..." echo "EFI configuration complete..."

80
lib/10-yo_dj.func.sh
View File

@@ -284,6 +284,7 @@ EOF
if [[ "${BUILDMINI}" == "y" ]]; if [[ "${BUILDMINI}" == "y" ]];
then then
echo "Now generating the iPXE images; please wait..." echo "Now generating the iPXE images; please wait..."
## Get the latest version of ipxe from git.
git submodule init >> "${LOGFILE}.${FUNCNAME}" 2>&1 git submodule init >> "${LOGFILE}.${FUNCNAME}" 2>&1
git submodule update >> "${LOGFILE}.${FUNCNAME}" 2>&1 git submodule update >> "${LOGFILE}.${FUNCNAME}" 2>&1
cd ${BASEDIR}/src/ipxe/src cd ${BASEDIR}/src/ipxe/src
@@ -292,24 +293,95 @@ EOF
git checkout master >> "${LOGFILE}.${FUNCNAME}" 2>&1 git checkout master >> "${LOGFILE}.${FUNCNAME}" 2>&1
git pull >> "${LOGFILE}.${FUNCNAME}" 2>&1 git pull >> "${LOGFILE}.${FUNCNAME}" 2>&1
git checkout master >> "${LOGFILE}.${FUNCNAME}" 2>&1 git checkout master >> "${LOGFILE}.${FUNCNAME}" 2>&1
# It will not build if we don't do this. Apparently we *need* libiberty.
git revert -n 40a9a0f0
## Apply our patches.
for i in $(find ${BASEDIR}/src/ipxe_local/patches/ -type f -iname "*.patch" -printf '%P\n' | sort); for i in $(find ${BASEDIR}/src/ipxe_local/patches/ -type f -iname "*.patch" -printf '%P\n' | sort);
do do
patch -Np2 < ${BASEDIR}/src/ipxe_local/patches/${i} >> "${LOGFILE}.${FUNCNAME}" 2>&1 patch -Np2 < ${BASEDIR}/src/ipxe_local/patches/${i} >> "${LOGFILE}.${FUNCNAME}" 2>&1
done done
## SSL
SSLDIR="${BASEDIR}/src/ipxe_local/ssl"
mkdir -p ${SSLDIR}/{keys,crts,txt}
chmod 000 ${SSLDIR}/keys
chown root:root ${SSLDIR}/keys
if [[ -z "${IPXE_SSL_CA}" && -z "${IPXE_SSL_KEY}" ]];
then
# Generate SSL CA
#rm -rf ${SSLDIR}/*
cd "${SSLDIR}"
IPXE_SSL_CA="${SSLDIR}/crts/ca.crt"
IPXE_SSL_CAKEY="${SSLDIR}/keys/ca.key"
IPXE_DOMAIN=$(echo ${IPXE_URI} | sed -re 's/^(f|ht)tps?:\/\/// ; s/\/.*//')
if [[ ! -f "${SSLDIR}/txt/ca.srl" ]];
then
echo 01 > ${SSLDIR}/txt/ca.srl
fi
touch ${SSLDIR}/txt/ca.idx
openssl req -days 3650 -subj "/CN=${IPXE_DOMAIN}/O=${PNAME}/C=NA" -x509 -newkey rsa:4096 -nodes -out ${IPXE_SSL_CA} -keyout ${IPXE_SSL_CAKEY} -sha512 >> "${LOGFILE}.${FUNCNAME}" 2>&1
openssl req -days 3650 -subj "/CN=${IPXE_DOMAIN}/O=${PNAME}/C=NA" -newkey rsa:4096 -keyout ${SSLDIR}/keys/server.key -nodes -out ${SSLDIR}/crts/server.csr -sha512 >> "${LOGFILE}.${FUNCNAME}" 2>&1
openssl ca -days 3650 -batch -config ${SSLDIR}/openssl.cnf -keyfile ${IPXE_SSL_CAKEY} -in ${SSLDIR}/crts/server.csr -out ${SSLDIR}/crts/server.crt >> "${LOGFILE}.${FUNCNAME}" 2>&1
#cat crts/server.crt crts/ca.crt > crts/server_chained.crt
elif [[ -z "${IPXE_SSL_CA}" && -e "${IPXE_SSL_CAKEY}" ]];
then
echo "ERROR: You specified IPXE_SSL_CAKEY but not IPXE_SSL_CA. If one is specified, the other must be also."
exit 1
elif [[ -z "${IPXE_SSL_CAKEY}" && -e "${IPXE_SSL_CA}" ]];
then
echo "ERROR: You specified IPXE_SSL_CA but not IPXE_SSL_CAKEY. If one is specified, the other must be also."
exit 1
elif [[ ! -e "${IPXE_SSL_CA}" || ! -e "${IPXE_SSL_CAKEY}" ]];
then
echo "ERROR: You have specified both IPXE_SSL_CA and IPXE_SSL_CAKEY but one (or both) are not valid paths/files."
exit 1
fi
if [[ -z "${IPXE_SSL_KEY}" && -z "${IPXE_SSL_CRT}" ]];
then
IPXE_SSL_KEY="${SSLDIR}/keys/client.key"
IPXE_SSL_CRT="${SSLDIR}/crts/client.crt"
IPXE_DOMAIN=$(echo ${IPXE_URI} | sed -re 's/^(f|ht)tps?:\/\/// ; s/\/.*//')
# Generate SSL client key.
openssl req -days 3650 -subj "/CN=${IPXE_DOMAIN}/O=${PNAME}/C=NA" -newkey rsa:4096 -keyout ${IPXE_SSL_KEY} -nodes -out ${SSLDIR}/crts/client.csr -sha512 >> "${LOGFILE}.${FUNCNAME}" 2>&1
# Sign the crt.
openssl ca -days 3650 -batch -config ${SSLDIR}/openssl.cnf -keyfile ${IPXE_SSL_CAKEY} -in ${SSLDIR}/crts/client.csr -out ${IPXE_SSL_CRT} >> "${LOGFILE}.${FUNCNAME}" 2>&1
elif [[ -z "${IPXE_SSL_CRT}" && -e "${IPXE_SSL_KEY}" ]];
then
echo "ERROR: You specified IPXE_SSL_KEY but not IPXE_SSL_CRT. If one is specified, the other must be also."
exit 1
elif [[ -z "${IPXE_SSL_KEY}" && -e "${IPXE_SSL_CRT}" ]];
then
echo "ERROR: You specified IPXE_SSL_CRT but not IPXE_SSL_KEY. If one is specified, the other must be also."
exit 1
elif [[ ! -e "${IPXE_SSL_CRT}" || ! -e "${IPXE_SSL_KEY}" ]];
then
echo "ERROR: You have specified both IPXE_SSL_CRT and IPXE_SSL_KEY but one (or both) are not valid paths/files."
exit 1
fi
cd ${BASEDIR}/src/ipxe/src
# Generate the iPXE EMBED script... # Generate the iPXE EMBED script...
sed -re "s,^(chain\ ).*$,\1${IPXE_URI},g" \ sed -re "s,^(chain\ ).*$,\1${IPXE_URI},g" \
-e 's/%%COMMA%%/,/g' ${BASEDIR}/src/ipxe_local/EMBED > ${SRCDIR}/EMBED -e 's/%%COMMA%%/,/g' ${BASEDIR}/src/ipxe_local/EMBED > ${SRCDIR}/EMBED
# And now we build!
#make everything EMBED="${SRCDIR}/EMBED" >> "${LOGFILE}.${FUNCNAME}" 2>&1 #make everything EMBED="${SRCDIR}/EMBED" >> "${LOGFILE}.${FUNCNAME}" 2>&1
make bin-i386-efi/ipxe.efi bin-x86_64-efi/ipxe.efi EMBED="${SRCDIR}/EMBED" >> "${LOGFILE}.${FUNCNAME}" 2>&1 make bin-i386-efi/ipxe.efi bin-x86_64-efi/ipxe.efi \
make bin/ipxe.eiso bin/ipxe.usb EMBED="${SRCDIR}/EMBED" >> "${LOGFILE}.${FUNCNAME}" 2>&1 EMBED="${SRCDIR}/EMBED" \
TRUST="${IPXE_SSL_CA}" \
CERT="${IPXE_SSL_CA},${IPXE_SSL_CRT}" \
PRIVKEY="${IPXE_SSL_KEY}" >> "${LOGFILE}.${FUNCNAME}" 2>&1
make bin/ipxe.eiso bin/ipxe.usb \
EMBED="${SRCDIR}/EMBED" \
TRUST="${IPXE_SSL_CA}" \
CERT="${IPXE_SSL_CA},${IPXE_SSL_CRT}" \
PRIVKEY="${IPXE_SSL_KEY}" >> "${LOGFILE}.${FUNCNAME}" 2>&1
# Change this to USB-only... # Change this to USB-only...
#make all EMBED="${BASEDIR}/src/ipxe_local/EMBED" >> "${LOGFILE}.${FUNCNAME}" 2>&1 #make all EMBED="${BASEDIR}/src/ipxe_local/EMBED" >> "${LOGFILE}.${FUNCNAME}" 2>&1
mv -f ${BASEDIR}/src/ipxe/src/bin/ipxe.usb ${ISODIR}/${USBFILENAME} mv -f ${BASEDIR}/src/ipxe/src/bin/ipxe.usb ${ISODIR}/${USBFILENAME}
mv -f ${BASEDIR}/src/ipxe/src/bin/ipxe.eiso ${ISODIR}/${MINIFILENAME} mv -f ${BASEDIR}/src/ipxe/src/bin/ipxe.eiso ${ISODIR}/${MINIFILENAME}
make clean >> "${LOGFILE}.${FUNCNAME}" 2>&1 make clean >> "${LOGFILE}.${FUNCNAME}" 2>&1
git reset --hard >> "${LOGFILE}.${FUNCNAME}" 2>&1 cd ${BASEDIR}/src/ipxe
git clean -xdf > /dev/null 2>&1 git clean -xdf > /dev/null 2>&1
git checkout master > /dev/null 2>&1 git reset --hard >> "${LOGFILE}.${FUNCNAME}" 2>&1
git checkout master . > /dev/null 2>&1
#git reset --hard HEAD > /dev/null 2>&1 #git reset --hard HEAD > /dev/null 2>&1
echo echo
fi fi

1
lib/prereqs/iso.pkgs.lst
View File

@@ -12,7 +12,6 @@ efivar
ethtool ethtool
file file
findutils findutils
gummiboot
iproute2 iproute2
iputils iputils
libisoburn libisoburn

2
src/ipxe

Submodule src/ipxe updated: c522c11c7b...6143057430

5
src/ipxe_local/00-general.sed
View File

@@ -1,7 +1,10 @@
## Enable IPv6 support
s/^#undef([[:space:]]*NET_PROTO_IPV6)/#define\1/g s/^#undef([[:space:]]*NET_PROTO_IPV6)/#define\1/g
## Enable HTTPS
s/^#undef([[:space:]]*DOWNLOAD_PROTO_HTTPS)/#define\1/g s/^#undef([[:space:]]*DOWNLOAD_PROTO_HTTPS)/#define\1/g
s@^//(#define[[:space:]]*IMAGE_TRUST_CMD@\1@g
## Enable FTP
s/^#undef([[:space:]]*DOWNLOAD_PROTO_FTP)/#define\1/g s/^#undef([[:space:]]*DOWNLOAD_PROTO_FTP)/#define\1/g
## Currently broken for EFI building ## Currently broken for EFI building
#s@^//(#define[[:space:]]*CONSOLE_CMD)@\1@g #s@^//(#define[[:space:]]*CONSOLE_CMD)@\1@g
#s@^//(#define[[:space:]]*IMAGE_PNG@\1@g #s@^//(#define[[:space:]]*IMAGE_PNG@\1@g
s@^//(#define[[:space:]]*IMAGE_TRUST_CMD@\1@g

4
src/ipxe_local/EMBED
View File

@@ -1,4 +1,8 @@
#!ipxe #!ipxe
dhcp dhcp
## TODO: signed kernel and initrd
#imgtrust --permanent
#imgverify vmlinuz path/to/vmlinuz.sig
#imgverify initrd path/to/initrd.sig
chain https://bdisk.square-r00t.net chain https://bdisk.square-r00t.net

16
src/ipxe_local/patches/ipxe-0002-banner.patch
View File

@@ -1,5 +1,5 @@
--- a/src/usr/autoboot.c 2015-06-29 04:18:17.055394598 -0400 --- a/src/usr/autoboot.c
+++ b/src/usr/autoboot.c 2015-06-29 22:04:28.692916217 -0400 +++ b/src/usr/autoboot.c
@@ -71,6 +71,7 @@ @@ -71,6 +71,7 @@
#define NORMAL "\033[0m" #define NORMAL "\033[0m"
#define BOLD "\033[1m" #define BOLD "\033[1m"
@@ -8,16 +8,16 @@
/** The "scriptlet" setting */ /** The "scriptlet" setting */
const struct setting scriptlet_setting __setting ( SETTING_MISC, scriptlet ) = { const struct setting scriptlet_setting __setting ( SETTING_MISC, scriptlet ) = {
@@ -560,9 +561,9 @@ @@ -538,11 +539,10 @@
* do so. * do so.
* *
*/ */
- printf ( NORMAL "\n\n" PRODUCT_NAME "\n" BOLD PRODUCT_SHORT_NAME " %s" - printf ( NORMAL "\n\n" PRODUCT_NAME "\n" BOLD PRODUCT_SHORT_NAME " %s"
- NORMAL " -- " PRODUCT_TAG_LINE " -- "
- CYAN PRODUCT_URI NORMAL "\nFeatures:", product_version );
+ printf ( NORMAL "\n\n" PRODUCT_NAME "\n" BOLD PRODUCT_SHORT_NAME + printf ( NORMAL "\n\n" PRODUCT_NAME "\n" BOLD PRODUCT_SHORT_NAME
NORMAL " -- " PRODUCT_TAG_LINE " -- "
- CYAN PRODUCT_URI NORMAL "\nFeatures:", product_version );
+ CYAN PRODUCT_URI NORMAL "\n" + CYAN PRODUCT_URI NORMAL "\n"
+ BOLD BLUE "http://bdisk.square-r00t.net/" NORMAL "\n" ); + BOLD BLUE "https://bdisk.square-r00t.net/" NORMAL "\n" );
for_each_table_entry ( feature, FEATURES )
printf ( " %s", feature->name );
printf ( "\n" ); printf ( "\n" );
/* Boot system */

20
src/ipxe_local/patches/ipxe-0003-iso-efi.patch
View File

@@ -5,21 +5,21 @@ Subject: [PATCH 1/1] allow to build ISO image with EFI support (ipxe.eiso)
Signed-off-by: Christian Hesse <mail@eworm.de> Signed-off-by: Christian Hesse <mail@eworm.de>
--- ---
src/arch/i386/Makefile.pcbios | 6 +++++ src/arch/x86/Makefile.pcbios | 6 ++++++
src/util/geniso | 52 +++++++++++++++++++++++++++++++++---------- src/util/geniso | 52 +++++++++++++++++++++++++++++++++----------
2 files changed, 46 insertions(+), 12 deletions(-) 2 files changed, 46 insertions(+), 12 deletions(-)
diff --git a/src/arch/i386/Makefile.pcbios b/src/arch/i386/Makefile.pcbios diff --git a/src/arch/x86/Makefile.pcbios b/src/arch/x86/Makefile.pcbios
index ff82373..c7a58eb 100644 index 18a6f75..9cb3e0b 100644
--- a/src/arch/i386/Makefile.pcbios --- a/src/arch/x86/Makefile.pcbios
+++ b/src/arch/i386/Makefile.pcbios +++ b/src/arch/x86/Makefile.pcbios
@@ -59,6 +59,12 @@ NON_AUTO_MEDIA += iso @@ -82,6 +82,12 @@ NON_AUTO_MEDIA += iso
$(QM)$(ECHO) " [GENISO] $@" $(Q)ISOLINUX_BIN=$(ISOLINUX_BIN) LDLINUX_C32=$(LDLINUX_C32) \
$(Q)ISOLINUX_BIN=$(ISOLINUX_BIN) VERSION="$(VERSION)" bash util/geniso -o $@ $< VERSION="$(VERSION)" bash util/geniso -o $@ $<
+# rule to make a non-emulation ISO boot image with EFI support +# rule to make a non-emulation ISO boot image with EFI support
+NON_AUTO_MEDIA += eiso +NON_AUTO_MEDIA += eiso
+%eiso: %lkrn bin-i386-efi/ipxe.efi bin-x86_64-efi/ipxe.efi util/geniso +%eiso: %lkrn bin-i386-efi/ipxe.efi bin-x86_64-efi/ipxe.efi util/geniso
+ $(QM)$(ECHO) " [GENISO] $@" + $(QM)$(ECHO) " [GENISO] $@"
+ $(Q)ISOLINUX_BIN=$(ISOLINUX_BIN) VERSION="$(VERSION)" bash util/geniso -e -o $@ $< + $(Q)ISOLINUX_BIN=$(ISOLINUX_BIN) VERSION="$(VERSION)" bash util/geniso -e -o $@ $<
+ +

33
src/ipxe_local/ssl/openssl.cnf Normal file
View File

@@ -0,0 +1,33 @@
[ ca ]
default_ca = ca_default
[ ca_default ]
certificate = crts/ca.crt
private_key = keys/ca.key
serial = txt/ca.srl
database = txt/ca.idx
#new_certs_dir = signed
new_certs_dir = crts
#default_md = default
default_md = sha512
policy = policy_anything
preserve = yes
default_days = 90
unique_subject = no
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = optional
emailAddress = optional
[ cross ]
basicConstraints = critical,CA:true
keyUsage = critical,cRLSign,keyCertSign
[ codesigning ]
keyUsage = digitalSignature
extendedKeyUsage = codeSigning