qubes-installer-qubes-os/live/livesys

#!/bin/bash
#
# live: Init script for live image
#
# chkconfig: 345 00 99
# description: Init script for live image.
### BEGIN INIT INFO
# X-Start-Before: display-manager
### END INIT INFO

. /etc/init.d/functions

if ! strstr "`cat /proc/cmdline`" rd.live.image || [ "$1" != "start" ]; then
    exit 0
fi

if [ -e /.liveimg-configured ] ; then
    configdone=1
fi

exists() {
    which $1 >/dev/null 2>&1 || return
    $*
}

livedir="LiveOS"
for arg in `cat /proc/cmdline` ; do
  if [ "${arg##rd.live.dir=}" != "${arg}" ]; then
    livedir=${arg##rd.live.dir=}
    return
  fi
  if [ "${arg##live_dir=}" != "${arg}" ]; then
    livedir=${arg##live_dir=}
    return
  fi
done

# enable swaps unless requested otherwise
swaps=`blkid -t TYPE=swap -o device`
if ! strstr "`cat /proc/cmdline`" noswap && [ -n "$swaps" ] ; then
  for s in $swaps ; do
    action "Enabling swap partition $s" swapon $s
  done
fi
if ! strstr "`cat /proc/cmdline`" noswap && [ -f /run/initramfs/live/${livedir}/swap.img ] ; then
  action "Enabling swap file" swapon /run/initramfs/live/${livedir}/swap.img
fi

mountPersistentHome() {
  # support label/uuid
  if [ "${homedev##LABEL=}" != "${homedev}" -o "${homedev##UUID=}" != "${homedev}" ]; then
    homedev=`/sbin/blkid -o device -t "$homedev"`
  fi

  # if we're given a file rather than a blockdev, loopback it
  if [ "${homedev##mtd}" != "${homedev}" ]; then
    # mtd devs don't have a block device but get magic-mounted with -t jffs2
    mountopts="-t jffs2"
  elif [ ! -b "$homedev" ]; then
    loopdev=`losetup -f`
    if [ "${homedev##/run/initramfs/live}" != "${homedev}" ]; then
      action "Remounting live store r/w" mount -o remount,rw /run/initramfs/live
    fi
    losetup $loopdev $homedev
    homedev=$loopdev
  fi

  # if it's encrypted, we need to unlock it
  if [ "$(/sbin/blkid -s TYPE -o value $homedev 2>/dev/null)" = "crypto_LUKS" ]; then
    echo
    echo "Setting up encrypted /home device"
    plymouth ask-for-password --command="cryptsetup luksOpen $homedev EncHome"
    homedev=/dev/mapper/EncHome
  fi

  # and finally do the mount
  mount $mountopts $homedev /home
  # if we have /home under what's passed for persistent home, then
  # we should make that the real /home.  useful for mtd device on olpc
  if [ -d /home/home ]; then mount --bind /home/home /home ; fi
  [ -x /sbin/restorecon ] && /sbin/restorecon /home
  if [ -d /home/liveuser ]; then USERADDARGS="-M" ; fi
}

findPersistentHome() {
  for arg in `cat /proc/cmdline` ; do
    if [ "${arg##persistenthome=}" != "${arg}" ]; then
      homedev=${arg##persistenthome=}
      return
    fi
  done
}

if strstr "`cat /proc/cmdline`" persistenthome= ; then
  findPersistentHome
elif [ -e /run/initramfs/live/${livedir}/home.img ]; then
  homedev=/run/initramfs/live/${livedir}/home.img
fi

# if we have a persistent /home, then we want to go ahead and mount it
if ! strstr "`cat /proc/cmdline`" nopersistenthome && [ -n "$homedev" ] ; then
  action "Mounting persistent /home" mountPersistentHome
  mkdir -p /home/qubes
else
  mkdir -p /home/qubes
  mount -t tmpfs none /home/qubes
  chown root:qubes /home/qubes
  chmod 2775 /home/qubes
fi

# overlay fs doesn't handle sparse files:
#   fs/overlayfs/copy_up.c:94     /* FIXME: copy up sparse files efficiently */
# So for now it is useless here. But some day...
# 
#mkdir -p /home/qubes/qubes
#mkdir -p /home/qubes/workdir
#ln -nsf /var/lib/qubes-base/vm-templates /home/qubes/qubes/vm-templates
#mount -t overlay overlay \
#          -o lowerdir=/var/lib/qubes-base \
#          -o upperdir=/home/qubes/qubes \
#          -o workdir=/home/qubes/workdir \
#          /var/lib/qubes

ln -nsf /var/lib/qubes-base/vm-templates /home/qubes/vm-templates
ln -nsf /var/lib/qubes-base/vm-kernels /home/qubes/vm-kernels
for dir in /var/lib/qubes-base/*; do
    dir=`basename $dir`
    case $dir in
        vm-templates) ;;
        vm-kernels) ;;
        *)
            if [ ! -e /home/qubes/$dir ]; then
                cp -a /var/lib/qubes-base/$dir /home/qubes/
            fi
            ;;
    esac
done
mount --bind /home/qubes /var/lib/qubes

/usr/bin/qvm-prefs --offline-mode -s sys-net pcidevs '[]'
for dev in $(/sbin/lspci -mm -n | sed -ne 's/^\([0-9][0-9]:[0-9][0-9].[0-9]\) "02.*/\1/p'); do
    /usr/bin/qvm-pci --offline-mode -a sys-net $dev
done

if [ -n "$configdone" ]; then
  exit 0
fi

# add fedora user with no passwd
action "Adding live user" useradd $USERADDARGS -c "Live System User" liveuser
passwd -d liveuser > /dev/null
usermod -aG wheel liveuser > /dev/null
usermod -aG qubes liveuser > /dev/null

# Remove root password lock
passwd -d root > /dev/null

# turn off firstboot for livecd boots
systemctl --no-reload disable firstboot-text.service 2> /dev/null || :
systemctl --no-reload disable firstboot-graphical.service 2> /dev/null || :
systemctl stop firstboot-text.service 2> /dev/null || :
systemctl stop firstboot-graphical.service 2> /dev/null || :

# don't use prelink on a running live image
sed -i 's/PRELINKING=yes/PRELINKING=no/' /etc/sysconfig/prelink &>/dev/null || :

# turn off mdmonitor by default
systemctl --no-reload disable mdmonitor.service 2> /dev/null || :
systemctl --no-reload disable mdmonitor-takeover.service 2> /dev/null || :
systemctl stop mdmonitor.service 2> /dev/null || :
systemctl stop mdmonitor-takeover.service 2> /dev/null || :

# don't enable the gnome-settings-daemon packagekit plugin
gsettings set org.gnome.software download-updates 'false' || :

# don't start cron/at as they tend to spawn things which are
# disk intensive that are painful on a live image
systemctl --no-reload disable crond.service 2> /dev/null || :
systemctl --no-reload disable atd.service 2> /dev/null || :
systemctl stop crond.service 2> /dev/null || :
systemctl stop atd.service 2> /dev/null || :

# Don't sync the system clock when running live (RHBZ #1018162)
sed -i 's/rtcsync//' /etc/chrony.conf

# Mark things as configured
touch /.liveimg-configured

# add static hostname to work around xauth bug
# https://bugzilla.redhat.com/show_bug.cgi?id=679486
echo "localhost" > /etc/hostname