parent
8bd7132fa8
commit
a8d9bd8842
@ -0,0 +1,51 @@
|
|||||||
|
#!/usr/bin/ash
|
||||||
|
|
||||||
|
run_earlyhook() {
|
||||||
|
|
||||||
|
msg "Starting Qubes copy on write setup script"
|
||||||
|
|
||||||
|
if ! grep -q 'root=[^ ]*dmroot' /proc/cmdline; then
|
||||||
|
warning "Qubes: dmroot not requested, probably not a Qubes VM"
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -e /dev/mapper/dmroot ] ; then
|
||||||
|
die "Qubes: FATAL error: /dev/mapper/dmroot already exists?!"
|
||||||
|
fi
|
||||||
|
|
||||||
|
modprobe xen-blkfront || warning "Qubes: Cannot load Xen Block Frontend..."
|
||||||
|
|
||||||
|
msg "Qubes: Waiting for /dev/xvda* devices..."
|
||||||
|
while ! [ -e /dev/xvda ]; do sleep 0.1; done
|
||||||
|
msg "Qubes: /dev/xvda* found"
|
||||||
|
|
||||||
|
SWAP_SIZE=$(( 1024 * 1024 * 2 )) # sectors, 1GB
|
||||||
|
|
||||||
|
if [ `cat /sys/block/xvda/ro` = 1 ] ; then
|
||||||
|
msg "Qubes: Doing COW setup for AppVM..."
|
||||||
|
|
||||||
|
while ! [ -e /dev/xvdc ]; do sleep 0.1; done
|
||||||
|
VOLATILE_SIZE=$(cat /sys/block/xvdc/size) # sectors
|
||||||
|
ROOT_SIZE=$(cat /sys/block/xvda/size) # sectors
|
||||||
|
if [ $VOLATILE_SIZE -lt $SWAP_SIZE ]; then
|
||||||
|
die "Qubes: volatile.img smaller than 1GB, cannot continue"
|
||||||
|
fi
|
||||||
|
sfdisk -q --unit S /dev/xvdc >/dev/null <<EOF
|
||||||
|
1,$SWAP_SIZE,S
|
||||||
|
,,L
|
||||||
|
EOF
|
||||||
|
|
||||||
|
if [ $? -ne 0 ]; then
|
||||||
|
die "Qubes: failed to setup partitions on volatile device"
|
||||||
|
fi
|
||||||
|
while ! [ -e /dev/xvdc1 ]; do sleep 0.1; done
|
||||||
|
mkswap /dev/xvdc1
|
||||||
|
while ! [ -e /dev/xvdc2 ]; do sleep 0.1; done
|
||||||
|
|
||||||
|
echo "0 `cat /sys/block/xvda/size` snapshot /dev/xvda /dev/xvdc2 N 16" | \
|
||||||
|
dmsetup --noudevsync create dmroot || die "Qubes: FATAL: cannot create dmroot!"
|
||||||
|
fi
|
||||||
|
|
||||||
|
dmsetup mknodes dmroot
|
||||||
|
|
||||||
|
}
|
@ -0,0 +1,20 @@
|
|||||||
|
#!/usr/bin/bash
|
||||||
|
|
||||||
|
build() {
|
||||||
|
|
||||||
|
add_module "xen-blkfront"
|
||||||
|
add_module "u2mfn"
|
||||||
|
add_binary "/usr/bin/sfdisk"
|
||||||
|
add_binary "/usr/bin/mkswap"
|
||||||
|
add_binary "/usr/bin/dmsetup"
|
||||||
|
|
||||||
|
add_runscript
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
help() {
|
||||||
|
cat <<HELPEOF
|
||||||
|
This hook enables Qubes COW Setup (using lvm) in initramfs.
|
||||||
|
HELPEOF
|
||||||
|
}
|
||||||
|
|
@ -0,0 +1,106 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
#
|
||||||
|
# The Qubes OS Project, http://www.qubes-os.org
|
||||||
|
#
|
||||||
|
# Copyright (C) 2015 Marek Marczykowski-Górecki
|
||||||
|
# <marmarekp@invisiblethingslab.com>
|
||||||
|
#
|
||||||
|
# This program is free software; you can redistribute it and/or
|
||||||
|
# modify it under the terms of the GNU General Public License
|
||||||
|
# as published by the Free Software Foundation; either version 2
|
||||||
|
# of the License, or (at your option) any later version.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be useful,
|
||||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
# GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public License
|
||||||
|
# along with this program; if not, write to the Free Software
|
||||||
|
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||||
|
#
|
||||||
|
#
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
basedir=/var/lib/qubes/vm-kernels
|
||||||
|
|
||||||
|
function recompile_u2mfn() {
|
||||||
|
kver=$1
|
||||||
|
u2mfn_ver=`dkms status u2mfn|tail -n 1|cut -f 2 -d ' '|tr -d ':,'`
|
||||||
|
if ! modinfo -k "$kver" -n u2mfn 2>&1 > /dev/null; then
|
||||||
|
dkms install u2mfn/$u2mfn_ver -k $kver --no-initrd
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
function build_modules_img() {
|
||||||
|
kver=$1
|
||||||
|
output_file=$2
|
||||||
|
|
||||||
|
mkdir /tmp/qubes-modules-$kver
|
||||||
|
truncate -s 400M /tmp/qubes-modules-$kver.img
|
||||||
|
mkfs -t ext3 -F /tmp/qubes-modules-$kver.img > /dev/null
|
||||||
|
mount /tmp/qubes-modules-$kver.img /tmp/qubes-modules-$kver -o loop
|
||||||
|
cp -a -t /tmp/qubes-modules-$kver /lib/modules/$kver
|
||||||
|
umount /tmp/qubes-modules-$kver
|
||||||
|
rmdir /tmp/qubes-modules-$kver
|
||||||
|
mv /tmp/qubes-modules-$kver.img $output_file
|
||||||
|
}
|
||||||
|
|
||||||
|
function build_initramfs() {
|
||||||
|
kver=$1
|
||||||
|
output_file=$2
|
||||||
|
|
||||||
|
/sbin/dracut --nomdadmconf --nolvmconf --force \
|
||||||
|
--modules "kernel-modules qubes-vm-simple" \
|
||||||
|
--conf /dev/null --confdir /var/empty \
|
||||||
|
-d "xenblk xen-blkfront cdrom ext4 jbd2 crc16 dm_snapshot" \
|
||||||
|
$output_file $kver
|
||||||
|
chmod 644 "$output_file"
|
||||||
|
}
|
||||||
|
|
||||||
|
function build_initcpio() {
|
||||||
|
kver=$1
|
||||||
|
output_file=$2
|
||||||
|
|
||||||
|
mkinitcpio -k "$kver" -g "$output_file" -A qubes,lvm2
|
||||||
|
|
||||||
|
chmod 644 "$output_file"
|
||||||
|
}
|
||||||
|
|
||||||
|
if [ -z "$1" ]; then
|
||||||
|
echo "Usage: $0 <kernel-version> <kernel-name> [<display-kernel-version>]" >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -d /lib/modules/$1 ]; then
|
||||||
|
echo "ERROR: Kernel version $1 not installed" >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
kernel_version=$1
|
||||||
|
|
||||||
|
if [ -n "$2" ]; then
|
||||||
|
kernel_code="-linux-$2"
|
||||||
|
else
|
||||||
|
kernel_code="-linux"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -n "$3" ]; then
|
||||||
|
output_dir="$basedir/$3"
|
||||||
|
else
|
||||||
|
output_dir="$basedir/$kernel_version"
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "--> Building files for $kernel_version in $output_dir"
|
||||||
|
|
||||||
|
echo "---> Recompiling kernel module (u2mfn)"
|
||||||
|
recompile_u2mfn "$kernel_version"
|
||||||
|
mkdir -p "$output_dir"
|
||||||
|
cp "/boot/vmlinuz$kernel_code" "$output_dir/vmlinuz$kernel_code"
|
||||||
|
echo "---> Generating modules.img"
|
||||||
|
build_modules_img "$kernel_version" "$output_dir/modules.img"
|
||||||
|
echo "---> Generating initramfs"
|
||||||
|
build_initcpio "$kernel_version" "$output_dir/initramfs$kernel_code.img"
|
||||||
|
|
||||||
|
echo "--> Done."
|
Loading…
Reference in new issue