Initial import from 0.5a version.

[secure-linux-project.git] / encrypt / initrd.sh

#!/bin/sh
##############################################
# Script for Secure Linux Project            #
# Copyright(c) 2005, 2006 by Roland Haeder   #
##############################################
# Purpose: Create initrd-image               #
##############################################
# This software is licensed under the GNU    #
# General Public License Version 2 or either #
# and comes with ABSOLUTELY NO WARRANTY      #
# neither implied nor explicit.              #
##############################################

. ./.settings.sh || exit 3

if test -e $MULTI_KEY; then
        echo "$0: Keyfile found."
 else
        echo "$0: Keyfile not found! Run gen.sh first."
        exit 2
fi

if ! test -e $BOOT_MOUNT; then
        echo "$0: Please run asset.sh first!"
        exit 2
fi

echo "$0: Stage 1 - Unmounting old devices ..."
umount $INITRD_LOOP
losetup -d $INITRD_LOOP
umount $BOOT_DEVICE
mount $BOOT_DEVICE $BOOT_MOUNT
echo "$0: Stage 2 - done."

if ! test -e $BOOT_MOUNT/initrd && ! test -e $BOOT_MOUNT/initrd.gz; then
        echo "$0: Stage 2 - Setting up initrd with e2fs ..."
        head -c 8m /dev/zero > $BOOT_MOUNT/initrd
        mke2fs -F -m0 -b 1024 -L "SLP 0.4a" $VERBOSE $BOOT_MOUNT/initrd
        mkdir $VERBOSE $BASEDIR/initrd
        CHK_LOOP="0"
        echo "$0: Stage 2 - done."
else
        if test -e $BOOT_MOINT/initrd.gz; then
                echo "$0: Stage 2 - Uncompressing initrd.gz ..."
                gunzip $VERBOSE 
                echo "$0: Stage 2 - done."
        else
                echo "$0: Stage 2 - skipped (me2fs)."
        fi
fi

echo "$0: Stage 3 - Setting up loop-device ..."
losetup $INITRD_LOOP $BOOT_MOUNT/initrd
echo "$0: Stage 3 - done."

if test "$CHK_LOOP" == "1"; then
        echo "$0: Stage 4 - Checking fs on initrd ..."
        e2fsck -pv $INITRD_LOOP
        echo "$0: Stage 4 - done"
else
        echo "$0: Stage 4 - skipped (e2fsck)."
fi

echo "$0: Stage 5 - Initializing initrd & copy process ..."
mkdir $VERBOSE $BASEDIR/initrd
mount $INITRD_LOOP $BASEDIR/initrd
cp $VERBOSE $BASEDIR/.stick_seed $BASEDIR/initrd/.seed
cd $BASEDIR/initrd
echo "$0: Stage 5 - done."

echo "$0: Stage 6 - Creating directories ..."
mkdir $VERBOSE -p {bin,dev,lib,$MNT/{$KEYS_DIR,new-root,boot,stick,stick2},usr/{bin,sbin,lib},proc,sbin} || exit 2
echo "$0: Stage 6 - done."

echo "$0: Stage 7 - Copying device files ..."
cp $VERBOSE $UPDATE -a /dev/{console,hd{a*,b*,c*,d*},tty,null,sda,urandom,md?} dev || exit 2
echo "$0: Stage 7 - done."

echo "$0: Stage 8 - Copying programs ..."
cp $VERBOSE $UPDATE `which mount sh umount cat sleep sync dd uname grep sed mknod ln ls` /sbin/{modprobe*,depmod*} bin || exit 2
cp $VERBOSE $UPDATE `which losetup pivot_root insmod insmod.modutils mkswap swapon swapoff mdadm mdrun fsck fsck.ext2 fsck.ext2 mdrun mdadmin` sbin || exit 2
cp $VERBOSE $UPDATE `which chroot` usr/sbin || exit 2
cp $VERBOSE $UPDATE `which test md5sum cut gpg tail uuencode` usr/bin || exit 2
echo "$0: Stage 8 - done."

echo "$0: Stage 9 - Copying libraries ..."
cp $VERBOSE $UPDATE -a /lib/lib{usb-0.1.so.4*,readline.so.5*,bz2.so*,resolv*,uuid.so.1*,ncurses.so.2.5.4,ld-2.3.6.so,c-2.3.6.so,c.so.6,blkid.so.1*,selinux.so.1,sepol.so.1,m-2.3.2.so,m.so.6,rt*,ext2fs.so.2*,pthread*,acl.so.1*,attr.so.1*,se*} lib || exit 2
cp $VERBOSE $UPDATE -a /usr/lib{libz.so*} usr/lib || exit 2
cp $VERBOSE $UPDATE -a /lib/ lib/ || exit 2
echo "$0: Stage 9 - done."

# Copy our scripts
echo "$0: Stage 10 - Copying SLP scripts and stick-secret.gpg ..."
cp $VERBOSE $UPDATE $BASEDIR/setup/keys/stick-secret.gpg $BASEDIR/{source/{decrypt.sh,linuxrc,swap.sh},.local.sh} $BASEDIR/initrd || exit 2
mkdir --parents --$VERBOSE $BASEDIR/initrd/lib/modules/$KERN_VER/ || exit 2
cp $VERBOSE $UPDATE $BASEDIR/source/lib/modules/$KERN_VER/loop.* $BASEDIR/initrd/lib/modules/$KERN_VER/ || exit 2
echo "$0: Stage 10 - done."

# Prepare directories for gpg
echo "$0: Stage 11 - Preparing .gnupg ..."
mkdir --parents $VERBOSE $BASEDIR/initrd/root/.gnupg
echo "$0: Stage 11 - done."

# Create lots of loop-back devices (we need loop-aes compiled with "max_loop = 8" here!)
echo "$0: Stage 12 - Creating loop-devices ..."
for idx in `seq 0 16`; do
        if ! test -e "dev/loop$idx"; then
                mknod --mode=660 "dev/loop$idx" b 7 $idx
        fi
done
echo "$0: Stage 12 - done."

echo "$0: Stage 13 - Setting symbolic links ..."
cd lib
ln $VERBOSE -sf ld-2.3.6.so ld-linux.so.2 || exit 2
ln $VERBOSE -sf libdl-2.3.6 libdl.so.2 || exit 2
ln $VERBOSE -sf libncurses.so.2.5.4 libncurses.so.5 || exit 2
cd ../sbin
ln $VERBOSE -sf /linuxrc init
cd ../root
# To prevent filling up the initrd while development
ln $VERBOSE -sf /dev/null .bash_history || exit 2
cd ../bin
ln $VERBOSE -sf sh bash || exit 2
cd ..
echo "$0: Stage 13 - done."

if test -e "/boot/vmlinuz-$KERN_VER"; then
        if test -e "/boot/System.map-$KERN_VER"; then
                echo "$0: Stage 14 - Copying kernel/System.map ..."
                KERN_FOUND="1"
                cp $VERBOSE $UPDATE "/boot/vmlinuz-$KERN_VER" "/boot/System.map-$KERN_VER" $BOOT_MOUNT/ || exit 2
                echo "$0: Stage 14 - done."
        else
                echo "$0: Stage 14 - No System.map found for version $KERN_VER."
        fi
else
        echo "$0: Stage 14 -No kernel found for version $KERN_VER."
fi

if test "$KERN_FOUND" == "0"; then
        if test -e "/usr/src/linux-$KERN_VER"; then
                cd "/usr/src/linux-$KERN_VER"
                make menuconfig
                if test -e .config; then
                        # Build kernel and modules and install them
                        make dep bzImage modules modules_install || exit 1
                        # Copy kernel/System.map to initrd
                        echo "$0: Stage 14 - Copying compiled kernel/System.amp ..."
                        cp $VERBOSE System.map $BOOT_MOUNT/System.map-$KERN_VER || exit 2
                        cp $VERBOSE arch/i386/boot/bzImage $BOOT_MOUNT/vmlinuz-$KERN_VER || exit 2
                        echo "$0: Stage 14 - done."
                 else
                        echo "FAILED: Compilation of kernel v$KERN_VER"
                        exit 2
                fi
        else
                echo "FAILED: Cannot find build-directory /usr/src/linux-$KERN_VER!"
                exit 2
        fi
fi

# Copy RAID modules to initrd
echo "$0: Stage 15 - Copying kernel modules ..."
cp $VERBOSE --parents /lib/modules/$KERN_VER/kernel/drivers/md/{raid5,xor,md}.* $BASEDIR/initrd/ || exit 2
if test -e "/usr/src/modules/loop-aes/"; then
        # Install loop-aes module
        cd /usr/src/modules/loop-aes/
        # Build loop-aes and install it
        make clean all install || exit 1
        # Generate path on initrd
        mkdir $VERBOSE $BASEDIR/initrd/lib/modules/$KERN_BER/{kernel/block,block} || exit 2
        if test -e "loop.ko"; then
                # Kernel version >= 2.6.*
                cp loop.ko $BASEDIR/initrd/lib/modules/$KERN_BER/block/ || exit 2
        else
                # Kernel version <= 2.4.*
                cp loop.o $BASEDIR/initrd/lib/modules/$KERN_BER/block/ || exit 2
        fi
else
        # Copy legacy loop.o
        cp $VERBOSE --parents /lib/modules/$KERN_VER/kernel/driversblock/loop.o $BASEDIR/initrd || exit 2
fi
cd $BASEDIR
echo "$0: Stage 15 - done."

if test "$UMOUNT_INITRD" == "1"; then
        echo "$0: Removing initrd and loop ..."
        cd ..
        umount $INITRD_LOOP
        losetup -d $INITRD_LOOP
fi

echo
echo "All done now."
echo
echo "You may want to execute cpio.sh to copy all your data to the encrypted"
echo "disk in $BASEDIR/root."