From fa11a3c0304bb8f6e68617d5262f6b7d32e756e4 2018-12-09 21:25:07 From: Unknown Date: 2018-12-09 21:25:07 Subject: [PATCH] removed the usb part from ubootusb --- diff --git a/bootstrap.d/14-fstab.sh b/bootstrap.d/14-fstab.sh index d3a0ca0..945e5a5 100644 --- a/bootstrap.d/14-fstab.sh +++ b/bootstrap.d/14-fstab.sh @@ -8,7 +8,7 @@ # Install and setup fstab install_readonly files/mount/fstab "${ETC_DIR}/fstab" -if [ "$ENABLE_UBOOTUSB" = true ] ; then +if [ "$ENABLE_USBBOOT" = true ] ; then sed -i "s/mmcblk0p1/sda1/" "${ETC_DIR}/fstab" sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/fstab" fi @@ -42,40 +42,54 @@ if [ "$ENABLE_INITRAMFS" = true ] ; then install_exec files/initramfs/expand-premount "${ETC_DIR}/initramfs-tools/scripts/local-premount/expand-premount" install_exec files/initramfs/expand-tools "${ETC_DIR}/initramfs-tools/hooks/expand-tools" fi + + if [ "$CRYPTFS_DROPBEAR" = true ] ; then + # Get cdir from NET_ADDRESS e.g. 24 + cdir=$(${NET_ADDRESS} | cut -d '/' -f2) + + # Convert cdir ro netmask e.g. 24 to 255.255.255.0 + NET_MASK=$(cdr2mask "$cdir") + + # Write static ip settings to "${ETC_DIR}"/initramfs-tools/initramfs.conf + sed -i "\$aIP=${NET_ADDRESS}::${NET_GATEWAY}:${NET_MASK}:${HOSTNAME}:" "${ETC_DIR}"/initramfs-tools/initramfs.conf + + # Regenerate initramfs + chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}" + fi if [ "$CRYPTFS_DROPBEAR" = true ]; then - if [ -n "$CRYPTFS_DROPBEAR_PUBKEY" ] && [ -f "$CRYPTFS_DROPBEAR_PUBKEY" ] ; then - install_readonly "${CRYPTFS_DROPBEAR_PUBKEY}" "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub - cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub >> "${ETC_DIR}"/dropbear-initramfs/authorized_keys - else - # Create key - chroot_exec /usr/bin/dropbearkey -t rsa -f /etc/dropbear-initramfs/id_rsa.dropbear + if [ -n "$CRYPTFS_DROPBEAR_PUBKEY" ] && [ -f "$CRYPTFS_DROPBEAR_PUBKEY" ] ; then + install_readonly "${CRYPTFS_DROPBEAR_PUBKEY}" "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub + cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub >> "${ETC_DIR}"/dropbear-initramfs/authorized_keys + else + # Create key + chroot_exec /usr/bin/dropbearkey -t rsa -f /etc/dropbear-initramfs/id_rsa.dropbear - # Convert dropbear key to openssh key - chroot_exec /usr/lib/dropbear/dropbearconvert dropbear openssh /etc/dropbear-initramfs/id_rsa.dropbear /etc/dropbear-initramfs/id_rsa + # Convert dropbear key to openssh key + chroot_exec /usr/lib/dropbear/dropbearconvert dropbear openssh /etc/dropbear-initramfs/id_rsa.dropbear /etc/dropbear-initramfs/id_rsa - # Get Public Key Part - chroot_exec /usr/bin/dropbearkey -y -f /etc/dropbear-initramfs/id_rsa.dropbear | chroot_exec tee /etc/dropbear-initramfs/id_rsa.pub + # Get Public Key Part + chroot_exec /usr/bin/dropbearkey -y -f /etc/dropbear-initramfs/id_rsa.dropbear | chroot_exec tee /etc/dropbear-initramfs/id_rsa.pub - # Delete unwanted lines - sed -i '/Public/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub - sed -i '/Fingerprint/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub + # Delete unwanted lines + sed -i '/Public/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub + sed -i '/Fingerprint/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub - # Trust the new key - cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub > "${ETC_DIR}"/dropbear-initramfs/authorized_keys + # Trust the new key + cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub > "${ETC_DIR}"/dropbear-initramfs/authorized_keys - # Save Keys - convert with putty from rsa/openssh to puttkey - cp -f "${ETC_DIR}"/dropbear-initramfs/id_rsa "${BASEDIR}"/dropbear_initramfs_key.rsa + # Save Keys - convert with putty from rsa/openssh to puttkey + cp -f "${ETC_DIR}"/dropbear-initramfs/id_rsa "${BASEDIR}"/dropbear_initramfs_key.rsa - # Get unlock script - install_exec files/initramfs/crypt_unlock.sh "${ETC_DIR}"/initramfs-tools/hooks/crypt_unlock.sh + # Get unlock script + install_exec files/initramfs/crypt_unlock.sh "${ETC_DIR}"/initramfs-tools/hooks/crypt_unlock.sh - # Enable Dropbear inside initramfs - printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=y\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf" + # Enable Dropbear inside initramfs + printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=y\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf" - # Enable Dropbear inside initramfs - sed -i "54 i sleep 5" "${R}"/usr/share/initramfs-tools/scripts/init-premount/dropbear - fi + # Enable Dropbear inside initramfs + sed -i "54 i sleep 5" "${R}"/usr/share/initramfs-tools/scripts/init-premount/dropbear + fi else # Disable SSHD inside initramfs printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf" diff --git a/bootstrap.d/15-rpi-config.sh b/bootstrap.d/15-rpi-config.sh index 6452d36..9a6e718 100644 --- a/bootstrap.d/15-rpi-config.sh +++ b/bootstrap.d/15-rpi-config.sh @@ -54,7 +54,7 @@ if [ "$ENABLE_KEYGEN" = true] ; then fi # Setup firmware boot cmdline -if [ "$ENABLE_UBOOTUSB" = true ] ; then +if [ "$ENABLE_USBBOOT" = true ] ; then CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline rootwait init=/bin/systemd" else if [ "$ENABLE_SPLITFS" = true ] ; then @@ -69,7 +69,7 @@ if [ "$ENABLE_CRYPTFS" = true ] ; then if [ "$ENABLE_SPLITFS" = true ] ; then CMDLINE=$(echo "${CMDLINE}" | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/") else - if [ "$ENABLE_UBOOTUSB" = true ] ; then + if [ "$ENABLE_USBBOOT" = true ] ; then CMDLINE=$(echo "${CMDLINE}" | sed "s/sda2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda2:${CRYPTFS_MAPPING}/") else CMDLINE=$(echo "${CMDLINE}" | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/") diff --git a/bootstrap.d/20-networking.sh b/bootstrap.d/20-networking.sh index 4e001fe..3aca05f 100644 --- a/bootstrap.d/20-networking.sh +++ b/bootstrap.d/20-networking.sh @@ -57,20 +57,6 @@ else # ENABLE_DHCP=false -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\ -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\ "${ETC_DIR}/systemd/network/eth.network" - - if [ "$CRYPTFS_DROPBEAR" = true ] ; then - # Get cdir from NET_ADDRESS e.g. 24 - cdir=$(${NET_ADDRESS} | cut -d '/' -f2) - - # Convert cdir ro netmask e.g. 24 to 255.255.255.0 - NET_MASK=$(cdr2mask "$cdir") - - # Write static ip settings to "${ETC_DIR}"/initramfs-tools/initramfs.conf - sed -i "\$aIP=${NET_ADDRESS}::${NET_GATEWAY}:${NET_MASK}:${HOSTNAME}:" "${ETC_DIR}"/initramfs-tools/initramfs.conf - - # Regenerate initramfs - chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}" - fi fi # Remove empty settings from network configuration diff --git a/rpi23-gen-image.sh b/rpi23-gen-image.sh index 6d16109..d0f2f08 100755 --- a/rpi23-gen-image.sh +++ b/rpi23-gen-image.sh @@ -159,7 +159,7 @@ ENABLE_MINBASE=${ENABLE_MINBASE:=false} ENABLE_REDUCE=${ENABLE_REDUCE:=false} ENABLE_UBOOT=${ENABLE_UBOOT:=false} UBOOTSRC_DIR=${UBOOTSRC_DIR:=""} -ENABLE_UBOOTUSB=${ENABLE_UBOOTUSB=false} +ENABLE_USBBOOT=${ENABLE_USBBOOT=false} ENABLE_FBTURBO=${ENABLE_FBTURBO:=false} ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=false} ENABLE_NEXMON=${ENABLE_NEXMON:=false} @@ -433,11 +433,13 @@ fi # Add device-tree-compiler required for building the U-Boot bootloader if [ "$ENABLE_UBOOT" = true ] ; then APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc" -#else -# if [ "$ENABLE_UBOOTUSB" = true ] ; then -# echo "error: Enabling UBOOTUSB requires u-boot to be enabled" -# exit 1 -# fi +fi + +if [ "$ENABLE_USBBOOT" = true ] ; then + if ["$RPI_MODEL" != 3 ] || ["$RPI_MODEL" != 3P ] ; then + echo "error: Booting from USB alone is only supported by Raspberry Pi 3 and 3P" + exit 1 + fi fi # Check if root SSH (v2) public key file exists