From c9fa0b77637be9a63db7e48ce835a2c6b909f21b 2017-01-28 23:45:28 From: drtyhlpr Date: 2017-01-28 23:45:28 Subject: [PATCH] Updated: Moved fstab stuff to new file 14-fstab.sh --- diff --git a/README.md b/README.md index f25b11f..120b1bb 100644 --- a/README.md +++ b/README.md @@ -354,7 +354,8 @@ The functions of this script that are required for the different stages of the b | `11-apt.sh` | Setup APT repositories | | `12-locale.sh` | Setup Locales and keyboard settings | | `13-kernel.sh` | Build and install RPi2/3 Kernel | -| `14-rpi-config.sh` | Setup RPi2/3 config and cmdline | +| `14-fstab.sh` | Setup fstab and initramfs | +| `15-rpi-config.sh` | Setup RPi2/3 config and cmdline | | `20-networking.sh` | Setup Networking | | `21-firewall.sh` | Setup Firewall | | `30-security.sh` | Setup Users and Security settings | diff --git a/bootstrap.d/13-kernel.sh b/bootstrap.d/13-kernel.sh index 3b2065f..082b75e 100644 --- a/bootstrap.d/13-kernel.sh +++ b/bootstrap.d/13-kernel.sh @@ -135,6 +135,10 @@ if [ "$BUILD_KERNEL" = true ] ; then rm -fr "${KERNEL_DIR}" else make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare + + # Create symlinks for kernel modules + ln -sf "${KERNEL_DIR}" "${R}/lib/modules/${KERNEL_VERSION}/build" + ln -sf "${KERNEL_DIR}" "${R}/lib/modules/${KERNEL_VERSION}/source" fi else # BUILD_KERNEL=false @@ -154,57 +158,3 @@ else # BUILD_KERNEL=false # Copy vmlinuz kernel to the boot directory install_readonly "${VMLINUZ}" "${BOOT_DIR}/${KERNEL_IMAGE}" fi - -# Create symlinks for kernel modules -ln -sf "${KERNEL_DIR}" "${R}/lib/modules/${KERNEL_VERSION}/build" -ln -sf "${KERNEL_DIR}" "${R}/lib/modules/${KERNEL_VERSION}/source" - -# Install and setup fstab -install_readonly files/mount/fstab "${ETC_DIR}/fstab" - -# Add usb/sda disk root partition to fstab -if [ "$ENABLE_SPLITFS" = true ] && [ "$ENABLE_CRYPTFS" = false ] ; then - sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/fstab" -fi - -# Add encrypted root partition to fstab and crypttab -if [ "$ENABLE_CRYPTFS" = true ] ; then - # Replace fstab root partition with encrypted partition mapping - sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING}/" "${ETC_DIR}/fstab" - - # Add encrypted partition to crypttab and fstab - install_readonly files/mount/crypttab "${ETC_DIR}/crypttab" - echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks" >> "${ETC_DIR}/crypttab" - - if [ "$ENABLE_SPLITFS" = true ] ; then - # Add usb/sda disk to crypttab - sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/crypttab" - fi -fi - -# Generate initramfs file -if [ "$ENABLE_INITRAMFS" = true ] ; then - if [ "$ENABLE_CRYPTFS" = true ] ; then - # Include initramfs scripts to auto expand encrypted root partition - if [ "$EXPANDROOT" = true ] ; then - install_exec files/initramfs/expand_encrypted_rootfs "${ETC_DIR}/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs" - install_exec files/initramfs/expand-premount "${ETC_DIR}/initramfs-tools/scripts/local-premount/expand-premount" - install_exec files/initramfs/expand-tools "${ETC_DIR}/initramfs-tools/hooks/expand-tools" - fi - - # Disable SSHD inside initramfs - printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf" - - # Dummy mapping required by mkinitramfs - echo "0 1 crypt $(echo ${CRYPTFS_CIPHER} | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}" - - # Generate initramfs with encrypted root partition support - chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}" - - # Remove dummy mapping - chroot_exec cryptsetup close "${CRYPTFS_MAPPING}" - else - # Generate initramfs without encrypted root partition support - chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}" - fi -fi diff --git a/bootstrap.d/14-fstab.sh b/bootstrap.d/14-fstab.sh new file mode 100644 index 0000000..c9c3ce3 --- /dev/null +++ b/bootstrap.d/14-fstab.sh @@ -0,0 +1,56 @@ +# +# Setup fstab and initramfs +# + +# Load utility functions +. ./functions.sh + +# Install and setup fstab +install_readonly files/mount/fstab "${ETC_DIR}/fstab" + +# Add usb/sda disk root partition to fstab +if [ "$ENABLE_SPLITFS" = true ] && [ "$ENABLE_CRYPTFS" = false ] ; then + sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/fstab" +fi + +# Add encrypted root partition to fstab and crypttab +if [ "$ENABLE_CRYPTFS" = true ] ; then + # Replace fstab root partition with encrypted partition mapping + sed -i "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING}/" "${ETC_DIR}/fstab" + + # Add encrypted partition to crypttab and fstab + install_readonly files/mount/crypttab "${ETC_DIR}/crypttab" + echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks" >> "${ETC_DIR}/crypttab" + + if [ "$ENABLE_SPLITFS" = true ] ; then + # Add usb/sda disk to crypttab + sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/crypttab" + fi +fi + +# Generate initramfs file +if [ "$BUILD_KERNEL" = true ] && [ "$ENABLE_INITRAMFS" = true ] ; then + if [ "$ENABLE_CRYPTFS" = true ] ; then + # Include initramfs scripts to auto expand encrypted root partition + if [ "$EXPANDROOT" = true ] ; then + install_exec files/initramfs/expand_encrypted_rootfs "${ETC_DIR}/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs" + install_exec files/initramfs/expand-premount "${ETC_DIR}/initramfs-tools/scripts/local-premount/expand-premount" + install_exec files/initramfs/expand-tools "${ETC_DIR}/initramfs-tools/hooks/expand-tools" + fi + + # Disable SSHD inside initramfs + printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf" + + # Dummy mapping required by mkinitramfs + echo "0 1 crypt $(echo ${CRYPTFS_CIPHER} | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}" + + # Generate initramfs with encrypted root partition support + chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}" + + # Remove dummy mapping + chroot_exec cryptsetup close "${CRYPTFS_MAPPING}" + else + # Generate initramfs without encrypted root partition support + chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}" + fi +fi diff --git a/bootstrap.d/14-rpi-config.sh b/bootstrap.d/15-rpi-config.sh similarity index 100% rename from bootstrap.d/14-rpi-config.sh rename to bootstrap.d/15-rpi-config.sh