[PC-BSD Commits] r4798 - in pcbsd/trunk/pc-sysinstall: . backend conf
svn at pcbsd.org
svn at pcbsd.org
Wed Oct 28 10:01:34 PST 2009
Author: kris
Date: 2009-10-28 11:01:34 -0700 (Wed, 28 Oct 2009)
New Revision: 4798
Modified:
pcbsd/trunk/pc-sysinstall/backend/functions-bsdlabel.sh
pcbsd/trunk/pc-sysinstall/backend/functions-cleanup.sh
pcbsd/trunk/pc-sysinstall/backend/functions-extractimage.sh
pcbsd/trunk/pc-sysinstall/backend/functions-mountdisk.sh
pcbsd/trunk/pc-sysinstall/backend/functions-newfs.sh
pcbsd/trunk/pc-sysinstall/backend/functions-unmount.sh
pcbsd/trunk/pc-sysinstall/backend/functions.sh
pcbsd/trunk/pc-sysinstall/conf/pc-sysinstall.conf
pcbsd/trunk/pc-sysinstall/pcinstall.cfg
Log:
Added initial support to pc-sysinstall for using geli to encrypt volumes, UFS, UFS+J, UFS+S and ZFS
Still needs major testing, which I am doing now. Bugfixes forthcoming
Modified: pcbsd/trunk/pc-sysinstall/backend/functions-bsdlabel.sh
===================================================================
--- pcbsd/trunk/pc-sysinstall/backend/functions-bsdlabel.sh 2009-10-28 16:39:14 UTC (rev 4797)
+++ pcbsd/trunk/pc-sysinstall/backend/functions-bsdlabel.sh 2009-10-28 18:01:34 UTC (rev 4798)
@@ -54,6 +54,12 @@
else
ENC="OFF"
fi
+
+ # Check if the user tried to setup / as an encrypted partition
+ if [ "${MNT}" = "/" -a "${ENC}" = "ON" ]
+ then
+ exit_err "ERROR: Encrypted root partitions are not supported at this time."
+ fi
# Now check that these values are sane
case $FS in
Modified: pcbsd/trunk/pc-sysinstall/backend/functions-cleanup.sh
===================================================================
--- pcbsd/trunk/pc-sysinstall/backend/functions-cleanup.sh 2009-10-28 16:39:14 UTC (rev 4797)
+++ pcbsd/trunk/pc-sysinstall/backend/functions-cleanup.sh 2009-10-28 18:01:34 UTC (rev 4798)
@@ -130,6 +130,37 @@
};
+# Function which saves geli keys and sets up loading of them at boot
+setup_geli_loading()
+{
+
+ # Make our keys dir
+ mkdir -p ${FSMNT}/boot/keys >/dev/null 2>/dev/null
+
+ cd ${GELIKEYDIR}
+ for KEYFILE in `ls *`
+ do
+ # Figure out the partition name based on keyfile name removing .key
+ PART="`echo ${KEYFILE} | cut -d '.' -f 1`"
+
+ # Add the entries to loader.conf to start this geli provider at boot
+ echo "geli_${PART}_keyfile0_load=\"YES\"" >> ${FSMNT}/boot/loader.conf
+ echo "geli_${PART}_keyfile0_type=\"${PART}:geli_keyfile0\"" >> ${FSMNT}/boot/loader.conf
+ echo "geli_${PART}_keyfile0_name=\"/boot/keys/${KEYFILE}\"" >> ${FSMNT}/boot/loader.conf
+
+ # Copy the key to the disk
+ cp ${KEYFILE} ${FSMNT}/boot/keys/${KEYFILE}
+ done
+
+ # Make sure we have geom_eli set to load at boot
+ cat ${FSMNT}/boot/loader.conf >/dev/null 2>/dev/null | grep 'geom_eli_load="YES"' >/dev/null 2>/dev/null
+ if [ "$?" != "0" ]
+ then
+ echo 'geom_eli_load="YES"' >>${FSMNT}/boot/loader.conf
+ fi
+
+};
+
run_final_cleanup()
{
@@ -141,6 +172,14 @@
setup_gmirror
fi
+ # Check if we need to save any geli keys
+ ls ${GELIKEYDIR}/* >/dev/null 2>/dev/null
+ if [ "$?" = "0" ]
+ then
+ # Lets setup geli loading
+ setup_geli_loading
+ fi
+
# Generate the fstab for the installed system
setup_fstab
Modified: pcbsd/trunk/pc-sysinstall/backend/functions-extractimage.sh
===================================================================
--- pcbsd/trunk/pc-sysinstall/backend/functions-extractimage.sh 2009-10-28 16:39:14 UTC (rev 4797)
+++ pcbsd/trunk/pc-sysinstall/backend/functions-extractimage.sh 2009-10-28 18:01:34 UTC (rev 4798)
@@ -44,7 +44,7 @@
tar) tar -xpv -C ${FSMNT} -f ${CDMNT}/${INSFILE} ${TAROPTS} >&1 2>&1
if [ "$?" != "0" ]
then
- exit_err "ERROR: Failed extracting the image with: ${CMD}"
+ exit_err "ERROR: Failed extracting the tar image"
fi
;;
esac
Modified: pcbsd/trunk/pc-sysinstall/backend/functions-mountdisk.sh
===================================================================
--- pcbsd/trunk/pc-sysinstall/backend/functions-mountdisk.sh 2009-10-28 16:39:14 UTC (rev 4797)
+++ pcbsd/trunk/pc-sysinstall/backend/functions-mountdisk.sh 2009-10-28 18:01:34 UTC (rev 4798)
@@ -14,7 +14,6 @@
MNTPOINT="${3}"
MNTFLAGS="${4}"
-
# Setup the MNTOPTS
if [ -z "${MNTOPTS}" ]
then
@@ -81,14 +80,21 @@
PARTMNT="`cat ${PARTDIR}/${PART} | cut -d ':' -f 2`"
PARTENC="`cat ${PARTDIR}/${PART} | cut -d ':' -f 3`"
+ if [ "${PARTENC}" = "ON" ]
+ then
+ EXT=".eli"
+ else
+ EXT=""
+ fi
+
if [ "$PARTMNT" = "/" ]
then
case ${PARTFS} in
- UFS) mount_partition ${PART} ${PARTFS} ${PARTMNT} "noatime"
+ UFS) mount_partition ${PART}${EXT} ${PARTFS} ${PARTMNT} "noatime"
;;
- UFS+S) mount_partition ${PART} ${PARTFS} ${PARTMNT} "noatime"
+ UFS+S) mount_partition ${PART}${EXT} ${PARTFS} ${PARTMNT} "noatime"
;;
- UFS+J) mount_partition ${PART}.journal ${PARTFS} ${PARTMNT} "async,noatime"
+ UFS+J) mount_partition ${PART}${EXT}.journal ${PARTFS} ${PARTMNT} "async,noatime"
;;
ZFS) mount_partition ${PART} ${PARTFS} ${PARTMNT}
;;
@@ -112,15 +118,22 @@
PARTMNT="`cat ${PARTDIR}/${PART} | cut -d ':' -f 2`"
PARTENC="`cat ${PARTDIR}/${PART} | cut -d ':' -f 3`"
+ if [ "${PARTENC}" = "ON" ]
+ then
+ EXT=".eli"
+ else
+ EXT=""
+ fi
+
# Check if we've found "/" again, don't need to mount it twice
if [ "$PARTMNT" != "/" ]
then
case ${PARTFS} in
- UFS) mount_partition ${PART} ${PARTFS} ${PARTMNT} "noatime"
+ UFS) mount_partition ${PART}${EXT} ${PARTFS} ${PARTMNT} "noatime"
;;
- UFS+S) mount_partition ${PART} ${PARTFS} ${PARTMNT} "noatime"
+ UFS+S) mount_partition ${PART}${EXT} ${PARTFS} ${PARTMNT} "noatime"
;;
- UFS+J) mount_partition ${PART}.journal ${PARTFS} ${PARTMNT} "async,noatime"
+ UFS+J) mount_partition ${PART}${EXT}.journal ${PARTFS} ${PARTMNT} "async,noatime"
;;
ZFS) mount_partition ${PART} ${PARTFS} ${PARTMNT}
;;
Modified: pcbsd/trunk/pc-sysinstall/backend/functions-newfs.sh
===================================================================
--- pcbsd/trunk/pc-sysinstall/backend/functions-newfs.sh 2009-10-28 16:39:14 UTC (rev 4797)
+++ pcbsd/trunk/pc-sysinstall/backend/functions-newfs.sh 2009-10-28 18:01:34 UTC (rev 4798)
@@ -8,8 +8,9 @@
PART="$1"
PARTFS="$2"
PARTMNT="$3"
+ EXT="$4"
ROOTSLICE="`echo ${PART} | rev | cut -b 2- | rev`"
- zpool create -f ${PART} ${PART} >>${LOGOUT} 2>>${LOGOUT}
+ zpool create -f ${PART} ${PART}${EXT} >>${LOGOUT} 2>>${LOGOUT}
# Check if we ended up with needing a zfs bootable partition
if [ "${PARTMNT}" = "/" -o "${PARTMNT}" = "/boot" ]
@@ -20,7 +21,7 @@
zpool set bootfs=${PART} ${PART} >>${LOGOUT} 2>>${LOGOUT}
zpool export ${PART} >>${LOGOUT} 2>>${LOGOUT}
dd if=/boot/zfsboot of=/dev/${ROOTSLICE} count=1 >>${LOGOUT} 2>>${LOGOUT}
- dd if=/boot/zfsboot of=/dev/${PART} skip=1 seek=1024 >>${LOGOUT} 2>>${LOGOUT}
+ dd if=/boot/zfsboot of=/dev/${PART}${EXT} skip=1 seek=1024 >>${LOGOUT} 2>>${LOGOUT}
zpool import ${PART} >>${LOGOUT} 2>>${LOGOUT}
fi
@@ -32,6 +33,10 @@
setup_filesystems()
{
+ # Create the keydir
+ rm -rf ${GELIKEYDIR} >/dev/null 2>/dev/null
+ mkdir ${GELIKEYDIR}
+
# Lets go ahead and read through the saved partitions we created, and determine if we need to run
# newfs on any of them
for PART in `ls ${PARTDIR}`
@@ -52,20 +57,35 @@
gjournal clear ${PART} >/dev/null 2>/dev/null
fi
+ # Setup encryption if necessary
+ if [ "${PARTENC}" = "ON" -a "${PARTFS}" != "SWAP" ]
+ then
+ echo "Creating geli provider for ${PART}. This may take a while..."
+ echo "Creating geli provider for ${PART}" >>${LOGOUT}
+ dd if=/dev/random of=${GELIKEYDIR}/${PART}.key bs=64 count=1 >>${LOGOUT} 2>>${LOGOUT}
+ geli init -s 4096 -P -K ${GELIKEYDIR}/${PART}.key /dev/${PART} >>${LOGOUT} 2>>${LOGOUT}
+ geli attach -p -k ${GELIKEYDIR}/${PART}.key /dev/${PART} >>${LOGOUT} 2>>${LOGOUT}
+ dd if=/dev/random of=/dev/${PART}.eli bs=1m >>${LOGOUT} 2>>${LOGOUT}
+ EXT=".eli"
+ else
+ # No Encryption
+ EXT=""
+ fi
+
case ${PARTFS} in
UFS) echo "NEWFS: /dev/${PART} - ${PARTFS}"
- newfs /dev/${PART} >>${LOGOUT} 2>>${LOGOUT}
+ newfs /dev/${PART}${EXT} >>${LOGOUT} 2>>${LOGOUT}
;;
UFS+S) echo "NEWFS: /dev/${PART} - ${PARTFS}"
- newfs -U /dev/${PART} >>${LOGOUT} 2>>${LOGOUT}
+ newfs -U /dev/${PART}${EXT} >>${LOGOUT} 2>>${LOGOUT}
;;
UFS+J) echo "NEWFS: /dev/${PART} - ${PARTFS}"
- newfs /dev/${PART} >>${LOGOUT} 2>>${LOGOUT}
- gjournal label -f /dev/${PART} >>${LOGOUT} 2>>${LOGOUT}
- newfs -O 2 -J /dev/${PART}.journal >>${LOGOUT} 2>>${LOGOUT}
+ newfs /dev/${PART}${EXT} >>${LOGOUT} 2>>${LOGOUT}
+ gjournal label -f /dev/${PART}${EXT} >>${LOGOUT} 2>>${LOGOUT}
+ newfs -O 2 -J /dev/${PART}${EXT}.journal >>${LOGOUT} 2>>${LOGOUT}
;;
ZFS) echo "NEWFS: /dev/${PART} - ${PARTFS}"
- setup_zfs_filesystem "${PART}" "${PARTFS}" "${PARTMNT}"
+ setup_zfs_filesystem "${PART}" "${PARTFS}" "${PARTMNT}" "${EXT}"
;;
SWAP) ;;
*) exit_err "ERROR: Got unknown file-system type $PARTFS" ;;
Modified: pcbsd/trunk/pc-sysinstall/backend/functions-unmount.sh
===================================================================
--- pcbsd/trunk/pc-sysinstall/backend/functions-unmount.sh 2009-10-28 16:39:14 UTC (rev 4797)
+++ pcbsd/trunk/pc-sysinstall/backend/functions-unmount.sh 2009-10-28 18:01:34 UTC (rev 4798)
@@ -72,3 +72,44 @@
fi
};
+
+# Unmounts any filesystems after a failure
+unmount_all_filesystems_failure()
+{
+ # Lets read our partition list, and unmount each
+ ##################################################################
+ if [ -d "${PARTDIR}" ]
+ then
+ for PART in `ls ${PARTDIR}`
+ do
+
+ PARTFS="`cat ${PARTDIR}/${PART} | cut -d ':' -f 1`"
+ PARTMNT="`cat ${PARTDIR}/${PART} | cut -d ':' -f 2`"
+ PARTENC="`cat ${PARTDIR}/${PART} | cut -d ':' -f 3`"
+
+ if [ "${PARTFS}" = "SWAP" ]
+ then
+ if [ "${PARTENC}" = "ON" ]
+ then
+ swapoff /dev/${PART}.eli >/dev/null 2>/dev/null
+ else
+ swapoff /dev/${PART} >/dev/null 2>/dev/null
+ fi
+ fi
+
+ # Check if we've found "/" again, don't need to mount it twice
+ if [ "$PARTMNT" != "/" -a "${PARTMNT}" != "none" -a "${PARTFS}" != "ZFS" ]
+ then
+ umount ${FSMNT}${PARTMNT} >/dev/null 2>/dev/null
+ fi
+ done
+
+ # Last lets the /mnt partition
+ #########################################################
+ umount ${FSMNT} >/dev/null 2>/dev/null
+
+ fi
+
+ # Unmount our CDMNT
+ umount ${CDMNT} >/dev/null 2>/dev/null
+};
Modified: pcbsd/trunk/pc-sysinstall/backend/functions.sh
===================================================================
--- pcbsd/trunk/pc-sysinstall/backend/functions.sh 2009-10-28 16:39:14 UTC (rev 4797)
+++ pcbsd/trunk/pc-sysinstall/backend/functions.sh 2009-10-28 18:01:34 UTC (rev 4798)
@@ -68,5 +68,8 @@
# Save this error to the log file
echo "${1}" >>$LOGOUT
+ # Check if we need to unmount any file-systems after this failure
+ unmount_all_filesystems_failure
+
exit 1
};
Modified: pcbsd/trunk/pc-sysinstall/conf/pc-sysinstall.conf
===================================================================
--- pcbsd/trunk/pc-sysinstall/conf/pc-sysinstall.conf 2009-10-28 16:39:14 UTC (rev 4797)
+++ pcbsd/trunk/pc-sysinstall/conf/pc-sysinstall.conf 2009-10-28 18:01:34 UTC (rev 4798)
@@ -22,6 +22,10 @@
MIRRORCFGDIR="${TMPDIR}/.mirror-cfg"
export MIRRORCFGDIR
+# Set the GELIKEYDIR
+GELIKEYDIR="${TMPDIR}/.geli-keys"
+export GELIKEYDIR
+
# Set the FTP file we use to test if we have a working internet connection
FTPTEST="ftp.pcbsd.org/pub/README"
export FTPTEST
Modified: pcbsd/trunk/pc-sysinstall/pcinstall.cfg
===================================================================
--- pcbsd/trunk/pc-sysinstall/pcinstall.cfg 2009-10-28 16:39:14 UTC (rev 4797)
+++ pcbsd/trunk/pc-sysinstall/pcinstall.cfg 2009-10-28 18:01:34 UTC (rev 4798)
@@ -16,7 +16,7 @@
# UFS.eli, UFS+S.eli, UFS+J.eli, ZFS.eli, SWAP.eli
disk0-part=UFS+S 500 /
disk0-part=SWAP.eli 2000 none
-disk0-part=UFS+S 0 /usr
+disk0-part=UFS+S.eli 0 /usr
# Size 0 means use the rest of the slice size
# Do it now!
commitDiskLabel
More information about the Commits
mailing list