[PATCH] Various persistence related issues
Hi,
I was gonna push some stuff to the git repos, but it seems I don't have
permission to do so any more. See attached patches instead.
These patches are for live-boot
0001-Make-the-live-to-lib-live-move-for-the-persistence-c.patch
0002-Handle-already-mounted-persistence-backing-media-cor.patch
0003-Fix-persistence-media-option-when-no-devices-are-att.patch
0004-Use-local-in-a-safe-way.patch
Patches 0002-0004 are random bug fixes of stuff I noticed while
implementing and testing 0001. The patches were made (and tested)
against live-boot 3.0~b7-1, and they only have trivial conflicts when
applied to the debian-next branch.
The patch is for live-tools:
0001-Add-a-script-for-enabling-persistence-during-post-in.patch
It depends on patch 0001 for live-boot above to work correctly.
If possible, I'd like to see all of these in the 3.0 release of
live-boot and live-tools.
Cheers!
>From 14d1c80d22cf7ccb9ed6446820dc044704e6e044 Mon Sep 17 00:00:00 2001
From: Tails developers <amnesia@boum.org>
Date: Fri, 7 Dec 2012 18:35:25 +0100
Subject: [PATCH] Add a script for enabling persistence during post-initramfs
time.
---
bin/live-persistence | 429 ++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 429 insertions(+)
create mode 100755 bin/live-persistence
diff --git a/bin/live-persistence b/bin/live-persistence
new file mode 100755
index 0000000..c8a67e1
--- /dev/null
+++ b/bin/live-persistence
@@ -0,0 +1,429 @@
+#!/bin/sh
+
+NAME="${0##*/}"
+
+# We're gonna mess with stderr's file descriptor below, so we save a
+# reference to it in fd 3 if we want to print to stderr
+exec 3>&2
+
+error ()
+{
+ echo "error: ${@}" >&3
+ exit 1
+}
+
+if [ "$(id -u)" -ne 0 ]
+then
+ error "need root privileges"
+fi
+
+if ! dpkg -s live-boot >/dev/null 2>&1
+then
+ error "package 'live-boot' must be installed"
+fi
+
+# import Cmdline_old()
+. /lib/live/boot/9990-cmdline-old \
+ || error 'Could not source /lib/live/boot/9990-cmdline-old'
+
+# Set variable names needed by get_custom_mounts() etc.,
+# and now initialized by live-boot in a file that we certainly
+# don't want to source.
+export persistence_list="persistence.conf"
+export old_persistence_list="live-persistence.conf"
+export custom_overlay_label="persistence"
+
+# This will import the following functions and variables used below:
+# activate_custom_mounts()
+# get_custom_mounts()
+# open_luks_device()
+# probe_for_gpt_name()
+# removable_dev()
+# removable_usb_dev()
+# storage_devices()
+# where_is_mounted()
+. /lib/live/boot/9990-misc-helpers.sh \
+ || error 'Could not source /lib/live/boot/9990-misc-helpers.sh'
+
+usage ()
+{
+ echo "Usage: ${NAME} [OPTION]... list [LABEL]...
+List (on stdout) all partitions with names among LABEL(s) that are compatible
+with live-boot's overlay persistence, and that are adhering to live-boot's
+persistence filters (e.g. persistence-media). If no LABEL is given the default
+in live-boot is used ('${custom_overlay_label}').
+ or: ${NAME} [OPTION]... activate VOLUME...
+Activates persistence on the given VOLUME(s) (specified via block device).
+Successes and failures are written to stdout. There are no checks for whether
+the given volumes adhere to live-boot's options.
+ or: ${NAME} [OPTION]... close VOLUME...
+Deactivates persistence on the given VOLUME(s) (specified via block device).
+
+Note: The 'activate' and 'stop' actions only support partition-backed volumes
+(e.g. /dev/sda2), not file-backed persistent volumes.
+
+Kernel command-line options are parsed just like in live-boot and have the same
+effect (see live-boot(7) for more information).
+
+Most options correspond to the persistence-* options of live-boot, and will
+override the corresponging options parsed from the kernel command-line.
+
+General options:
+ -h, --help display this help and exit
+ -l, --log-file=FILE log the execution trace to FILE
+
+Options affecting the 'list' action:
+ -e, --encryption=LIST override 'persistence-encryption'
+ -m, --media=VALUE override 'persistence-media'
+ -g, --gpt-only only list GPT partitions
+
+Options affecting the 'activate' action:
+ -r, --read-only enable 'persistence-read-only'
+ -w, --read-write disable 'persistence-read-only'
+ -u, --union=VALUE override 'union'"
+}
+
+warning ()
+{
+ echo "warning: ${@}" >&3
+}
+
+dbus_udisks_get_attribute ()
+{
+ local dev attribute re
+ dev="${1}"
+ attribute="${2}"
+ re='^[[:space:]]*variant[[:space:]]\+string[[:space:]]\+"\(.*\)"$'
+ dbus-send --system --print-reply --dest=org.freedesktop.UDisks \
+ /org/freedesktop/UDisks/devices/$(basename ${dev}) \
+ org.freedesktop.DBus.Properties.Get \
+ string:org.freedesktop.UDisks.Device \
+ string:"${attribute}" | \
+ grep -e "${re}" | sed "s|${re}|\1|"
+}
+
+# We override the following two functions from live-helpers since old
+# blkid (i.e. util-linux and libblkid1) doesn't support GPT. We use dbus
+# instead (which should be available in user-space).
+get_gpt_name ()
+{
+ local dev
+ dev="${1}"
+ dbus_udisks_get_attribute ${dev} partition-label
+}
+
+is_gpt_device ()
+{
+ local dev
+ dev="${1}"
+ [ "$(dbus_udisks_get_attribute ${dev} partition-scheme)" = "gpt" ]
+}
+
+
+# We override live-boot's logging facilities to get more useful error messages
+log_warning_msg ()
+{
+ warning ${@}
+}
+
+# We override live-boot's panic() since it does a lot of crazy stuff
+panic ()
+{
+ error ${@}
+}
+
+# Fix persistent ~/.gconf sub-dirs; activate_custom_mounts() creates
+# empty dirs up to its mountpoint, but the file %gconf.xml has to be
+# present in each of ~/.gconf's subdirs to make them valid. Hence we
+# have a problem with a persistent ~/.gconf/X/Y if ~/.gconf/X was
+# created by activate_custom_mounts() since it would lack its
+# %gconf.xml file, making ~/.gconf/X/Y invalid. This functions makes
+# sure that all subdirs of ~/.gconf contain %gconf.xml.
+fix_gconf_dirs ()
+{
+ for home in /home/*
+ do
+ if [ ! -e "${home}/.gconf" ]
+ then
+ continue
+ fi
+ local ownership
+ ownership=$(stat -c "%u:%g" "${home}")
+ find "${home}/.gconf" -type d | while IFS="" read -r dir
+ do
+ local conf
+ conf="${dir}/%gconf.xml"
+ if [ ! -e "${conf}" ]; then
+ touch "${conf}"
+ chown ${ownership} "${conf}"
+ fi
+ done
+ done
+}
+
+list_volumes ()
+{
+ local labels whitelistdev
+ labels=${@}
+ whitelistdev=""
+ case "${PERSISTENCE_MEDIA}" in
+ removable)
+ whitelistdev="$(removable_dev)"
+ [ -z "${whitelistdev}" ] && return
+ ;;
+ removable-usb)
+ whitelistdev="$(removable_usb_dev)"
+ [ -z "${whitelistdev}" ] && return
+ ;;
+ *)
+ whitelistdev=""
+ ;;
+ esac
+ volumes=$(find_persistence_media "${labels}" "${whitelistdev}")
+ for vol in $volumes
+ do
+ # drop the "$label=" prefix
+ vol=${vol#*=}
+ if [ -n "${GPT_PARTITIONS_ONLY}" ] && ! is_gpt_device ${vol}
+ then
+ continue
+ fi
+ echo $vol
+ done
+
+ exit 0
+}
+
+activate_volumes ()
+{
+ local volumes ret open_volumes successes failures
+ volumes=${@}
+ ret=0
+ open_volumes=""
+ successes=""
+ failures=""
+
+ # required by open_luks_device()
+ exec 6>&1
+
+ for vol in ${volumes}
+ do
+ if [ ! -b "${vol}" ]
+ then
+ warning "${vol} is not a block device"
+ failures="${failures} ${vol}"
+ ret=1
+ continue
+ fi
+ local luks_vol
+ luks_vol=""
+ if /sbin/cryptsetup isLuks ${vol} >/dev/null
+ then
+ if luks_vol=$(open_luks_device "${vol}")
+ then
+ open_volumes="${open_volumes} ${luks_vol}"
+ else
+ failures="${failures} ${vol}"
+ fi
+ else
+ open_volumes="${open_volumes} ${vol}"
+ fi
+ done
+
+ custom_mounts="$(mktemp /tmp/custom_mounts-XXXXXX.list)"
+ get_custom_mounts ${custom_mounts} ${open_volumes}
+ if [ -s "${custom_mounts}" ]
+ then
+ activate_custom_mounts ${custom_mounts} >/dev/null
+ fix_gconf_dirs
+ fi
+ rm -f ${custom_mounts}
+
+ for vol in ${open_volumes}
+ do
+ if grep -qe "^${vol}\>" /proc/mounts
+ then
+ successes="${successes} ${vol}"
+ else
+ failures="${failures} ${vol}"
+ ret=1
+ fi
+ done
+
+ if [ -n "${successes}" ]
+ then
+ echo "Successes:"
+ for vol in ${successes}
+ do
+ echo " - ${vol}"
+ done
+ fi
+
+ if [ -n "${failures}" ]
+ then
+ echo "Failures:"
+ for vol in ${failures}
+ do
+ echo " - ${vol}"
+ done
+ fi
+ exit ${ret}
+}
+
+is_mounted_readonly ()
+{
+ grep -q "${1} [^ ]* [^ ]* \([^ ]*,\)\?ro\(,[^ ]*\)\?" /proc/mounts
+}
+
+get_readonly_link_dir ()
+{
+ # XXX: Probably only supports UNIONTYPE=aufs
+ mount | grep ":${1}=" | cut -d' ' -f3
+}
+
+close_volumes ()
+{
+ local volumes custom_mounts
+ volumes=${@}
+ custom_mounts="$(mktemp /tmp/custom_mounts-XXXXXX.list)"
+ get_custom_mounts ${custom_mounts} ${volumes}
+ while read device source dest options # < ${custom_mounts}
+ do
+ if is_in_comma_sep_list link ${options}
+ then
+ # 'link' type persistence isn't mounted on
+ # $dest but in read-only mode it has a special
+ # mount we need to take care of. However, in
+ # both cases we just leave all created links
+ # in a broken state.
+ # We can't just check PERSISTENCE_READONLY
+ # since that's something one can change with
+ # the activate action, so we check if $device
+ # is mounted read-only instead.
+ if is_mounted_readonly ${device}
+ then
+ umount "$(get_readonly_link_dir "${source}")"
+ fi
+ else
+ umount ${dest}
+ fi
+ done < ${custom_mounts}
+ rm -f ${custom_mounts}
+ for vol in ${volumes}
+ do
+ local backing
+ backing=$(where_is_mounted ${vol})
+ umount ${backing}
+ done
+}
+
+main ()
+{
+ # tracing get's activated by Cmdline_old() if "debug" is in
+ # /proc/cmdline which will flood stderr, which we don't want
+ exec 2>"/dev/null"
+
+ # parse the kernel cmdline for live-boot's configuration as defaults
+ Cmdline_old
+
+ # disable tracing if enabled by Cmdline_old()
+ set +x
+ exec 2>&3
+
+ export PERSISTENCE="true"
+ export NOPERSISTENCE=""
+
+ # FIXME: we don't yet support file-backed custom persistence
+ export PERSISTENCE_STORAGE="filesystem"
+
+ # Should be set empty since live-boot already changed root for us
+ export rootmnt=""
+
+ SHORTOPTS="e:,g,h,l:,m:,r,w,u:"
+ LONGOPTS="encryption:,gpt-only,help,log-file:,media:,read-only,read-write,union:"
+ OPTS=$(getopt -o ${SHORTOPTS} --longoptions ${LONGOPTS} -n "${NAME}" -- "$@")
+ if [ "$?" -ne 0 ]
+ then
+ echo "Try '${NAME} --help' for more information."
+ exit 1
+ fi
+ eval set -- "$OPTS"
+ while [ $# -gt 0 ]; do
+ case $1 in
+ -e|--encryption)
+ shift
+ export PERSISTENCE_ENCRYPTION="${1}"
+ ;;
+ -g|--gpt-only)
+ GPT_PARTITIONS_ONLY="true"
+ ;;
+ -h|--help)
+ usage
+ exit 0
+ ;;
+ -l|--log-file)
+ shift
+ DEBUG_LOG_FILE="${1}"
+ ;;
+ -m|--media)
+ shift
+ export PERSISTENCE_MEDIA="${1}"
+ ;;
+ -r|--read-only)
+ export PERSISTENCE_READONLY="true"
+ ;;
+ -w|--read-write)
+ export PERSISTENCE_READONLY=""
+ ;;
+ -u|--union)
+ shift
+ export UNIONTYPE="${1}"
+ ;;
+ --)
+ shift
+ break
+ ;;
+ *)
+ error "unrecognized option: ${1}"
+ ;;
+ esac
+ shift
+ done
+
+ if [ -n "${DEBUG_LOG_FILE}" ]
+ then
+ exec 2>"${DEBUG_LOG_FILE}"
+ set -x
+ fi
+
+ local action labels volumes
+ action="${1}"
+ shift
+ case "${action}" in
+ list)
+ labels=${@}
+ if [ -z "${labels}" ]
+ then
+ # use default label in live-boot
+ labels=${custom_overlay_label}
+ fi
+ list_volumes ${labels}
+ ;;
+ activate|close)
+ volumes=${@}
+ if [ -z "${volumes}" ]
+ then
+ error "you must specify at least one volume"
+ fi
+ ${action}_volumes "${volumes}"
+ ;;
+ "")
+ error "no action specified"
+ ;;
+ *)
+ error "unrecognized action: ${action}"
+ ;;
+ esac
+}
+
+main "${@}"
--
1.7.10.4
>From 5bfae07f430a4a6495c7bbf601a35bf06f901801 Mon Sep 17 00:00:00 2001
From: Tails developers <amnesia@boum.org>
Date: Tue, 4 Dec 2012 18:00:46 +0100
Subject: [PATCH 1/4] Make the /live to /lib/live move for the persistence
code.
Exposing /lib/live/mount/persistence in user-space is highly relevant
for the (soon-to-come) tool for activating persistence post-initramfs.
We want to use the same persistence code for both scenarios, and avoid
using different cases for them, so we make it only use /lib/live.
Similarly we also make sure that persistence modes using unions use
the same copy-on-write dir or "overlay" (i.e. /lib/live/mount/overlay)
in order to make them work as intended.
---
scripts/boot/9990-misc-helpers.sh | 29 +++++++++--------------
scripts/boot/9990-overlay.sh | 47 +++++++++++++++++++------------------
2 files changed, 35 insertions(+), 41 deletions(-)
diff --git a/scripts/boot/9990-misc-helpers.sh b/scripts/boot/9990-misc-helpers.sh
index ace130b..06a80f8 100755
--- a/scripts/boot/9990-misc-helpers.sh
+++ b/scripts/boot/9990-misc-helpers.sh
@@ -728,7 +728,7 @@ mount_persistence_media ()
local device=${1}
local probe=${2}
- local backing="/live/persistence/$(basename ${device})"
+ local backing="${rootmnt}/lib/live/mount/persistence/$(basename ${device})"
mkdir -p "${backing}"
local old_backing="$(where_is_mounted ${device})"
@@ -940,7 +940,7 @@ find_persistence_media ()
local white_listed_devices="${2}"
local ret=""
- local black_listed_devices="$(what_is_mounted_on /live/medium)"
+ local black_listed_devices="$(what_is_mounted_on ${rootmnt}/lib/live/medium)"
for dev in $(storage_devices "${black_listed_devices}" "${white_listed_devices}")
do
@@ -1233,7 +1233,7 @@ do_union ()
get_custom_mounts ()
{
- # Side-effect: leaves $devices with persistence.conf mounted in /live/persistence
+ # Side-effect: leaves $devices with persistence.conf mounted in ${rootmnt}/lib/live/mount/persistence
# Side-effect: prints info to file $custom_mounts
local custom_mounts=${1}
@@ -1271,7 +1271,7 @@ get_custom_mounts ()
if [ -n "${DEBUG}" ] && [ -e "${include_list}" ]
then
- cp ${include_list} /live/persistence/${persistence_list}.${device_name}
+ cp ${include_list} ${rootmnt}/lib/live/mount/persistence/${persistence_list}.${device_name}
fi
while read dir options # < ${include_list}
@@ -1282,9 +1282,9 @@ get_custom_mounts ()
continue
fi
- if trim_path ${dir} | grep -q -e "^[^/]" -e "^/live\(/.*\)\?$" -e "^/\(.*/\)\?\.\.\?\(/.*\)\?$"
+ if trim_path ${dir} | grep -q -e "^[^/]" -e "^/lib" -e "^/lib/live\(/.*\)\?$" -e "^/\(.*/\)\?\.\.\?\(/.*\)\?$"
then
- log_warning_msg "Skipping unsafe custom mount ${dir}: must be an absolute path containing neither the \".\" nor \"..\" special dirs, and cannot be \"/live\" or any sub-directory therein."
+ log_warning_msg "Skipping unsafe custom mount ${dir}: must be an absolute path containing neither the \".\" nor \"..\" special dirs, and cannot be \"/lib\", or \"/lib/live\" or any of its sub-directories."
continue
fi
@@ -1451,7 +1451,7 @@ activate_custom_mounts ()
local rootfs_dest_backing=""
if [ -n "${opt_link}"]
then
- for d in /live/rootfs/*
+ for d in ${rootmnt}/lib/live/mount/rootfs/*
do
if [ -n "${rootmnt}" ]
then
@@ -1473,8 +1473,8 @@ activate_custom_mounts ()
link_files ${source} ${dest} ${rootmnt}
elif [ -n "${opt_link}" ] && [ -n "${PERSISTENCE_READONLY}" ]
then
- mkdir -p /live/persistence
- local links_source=$(mktemp -d /live/persistence/links-source-XXXXXX)
+ mkdir -p ${rootmnt}/lib/live/mount/persistence
+ local links_source=$(mktemp -d ${rootmnt}/lib/live/mount/persistence/links-source-XXXXXX)
chown_ref ${source} ${links_source}
chmod_ref ${source} ${links_source}
# We put the cow dir in the below strange place to
@@ -1482,7 +1482,7 @@ activate_custom_mounts ()
# has its own directory and isn't nested with some
# other custom mount (if so that mount's files would
# be linked, causing breakage.
- local cow_dir="/live/overlay/live/persistence/$(basename ${links_source})"
+ local cow_dir="${rootmnt}/lib/live/mount/overlay/lib/live/mount/persistence/$(basename ${links_source})"
mkdir -p ${cow_dir}
chown_ref "${source}" "${cow_dir}"
chmod_ref "${source}" "${cow_dir}"
@@ -1499,14 +1499,7 @@ activate_custom_mounts ()
# bind-mount and union mount are handled the same
# in read-only mode, but note that rootfs_dest_backing
# is non-empty (and necessary) only for unions
- if [ -n "${rootmnt}" ]
- then
- local cow_dir="$(echo ${dest} | sed -e "s|^${rootmnt}|/live/overlay/|")"
- else
- # This is happens if persistence is activated
- # post boot
- local cow_dir="/live/overlay/${dest}"
- fi
+ local cow_dir="${rootmnt}/lib/live/mount/overlay/${dest}"
if [ -e "${cow_dir}" ] && [ -z "${opt_link}" ]
then
# If an earlier custom mount has files here
diff --git a/scripts/boot/9990-overlay.sh b/scripts/boot/9990-overlay.sh
index acb2e91..b54a2da 100755
--- a/scripts/boot/9990-overlay.sh
+++ b/scripts/boot/9990-overlay.sh
@@ -373,6 +373,29 @@ setup_unionfs ()
esac
done
+ # move all /live mountpoints that the custom persistence
+ # system depends on into /lib/live on the root filesystem
+ for _DIRECTORY in rootfs
+ do
+ if [ -d "/live/${_DIRECTORY}" ]
+ then
+ mkdir -p "${rootmnt}/lib/live/mount/${_DIRECTORY}"
+
+ for _MOUNT in $(ls /live/${_DIRECTORY})
+ do
+ mkdir -p "${rootmnt}/lib/live/mount/${_DIRECTORY}/${_MOUNT}"
+ mount -o move "/live/${_DIRECTORY}/${_MOUNT}" "${rootmnt}/lib/live/mount/${_DIRECTORY}/${_MOUNT}" > /dev/null 2>&1 || \
+ mount -o bind "/live/${_DIRECTORY}/${_MOUNT}" "${rootmnt}/lib/live/mount/${_DIRECTORY}/${_MOUNT}" || \
+ log_warning_msg "W: failed to mount /live/${_DIRECTORY}/${_MOUNT} to ${rootmnt}/lib/live/mount/${_DIRECTORY}/${_MOUNT}"
+ done
+ fi
+ done
+
+ mkdir -p "${rootmnt}/lib/live/mount/overlay"
+ mount -o move /live/overlay "${rootmnt}/lib/live/mount/overlay" > /dev/null 2>&1 || \
+ mount -o bind /live/overlay "${rootmnt}/lib/live/mount/overlay" || \
+ log_warning_msg "W: failed to mount /live/overlay to ${rootmnt}/lib/live/mount/overlay"
+
# Adding custom persistence
if [ -n "${PERSISTENCE}" ] && [ -z "${NOPERSISTENCE}" ]
then
@@ -382,7 +405,7 @@ setup_unionfs ()
# Gather information about custom mounts from devies detected as overlays
get_custom_mounts ${custom_mounts} ${overlay_devices}
- [ -n "${DEBUG}" ] && cp ${custom_mounts} "/live/persistence"
+ [ -n "${DEBUG}" ] && cp ${custom_mounts} "/lib/live/mount/persistence"
# Now we do the actual mounting (and symlinking)
local used_overlays=""
@@ -399,28 +422,6 @@ setup_unionfs ()
done
fi
- # move all mountpoints to root filesystem
- for _DIRECTORY in rootfs persistence
- do
- if [ -d "/live/${_DIRECTORY}" ]
- then
- mkdir -p "${rootmnt}/lib/live/mount/${_DIRECTORY}"
-
- for _MOUNT in $(ls /live/${_DIRECTORY})
- do
- mkdir -p "${rootmnt}/lib/live/mount/${_DIRECTORY}/${_MOUNT}"
- mount -o move "/live/${_DIRECTORY}/${_MOUNT}" "${rootmnt}/lib/live/mount/${_DIRECTORY}/${_MOUNT}" > /dev/null 2>&1 || \
- mount -o bind "/live/${_DIRECTORY}/${_MOUNT}" "${rootmnt}/lib/live/mount/${_DIRECTORY}/${_MOUNT}" || \
- log_warning_msg "W: failed to mount /live/${_DIRECTORY}/${_MOUNT} to ${rootmnt}/lib/live/mount/${_DIRECTORY}/${_MOUNT}"
- done
- fi
- done
-
- mkdir -p "${rootmnt}/lib/live/mount/overlay"
- mount -o move /live/overlay "${rootmnt}/lib/live/mount/overlay" > /dev/null 2>&1 || \
- mount -o bind /live/overlay "${rootmnt}/lib/live/mount/overlay" || \
- log_warning_msg "W: failed to mount /live/overlay to ${rootmnt}/lib/live/mount/overlay"
-
# ensure that a potentially stray tmpfs gets removed
# otherways, initramfs-tools is unable to remove /live
# and fails to boot
--
1.7.10.4
>From 18833cc787caf1805abe7053b1cef24365d8905b Mon Sep 17 00:00:00 2001
From: Tails developers <amnesia@boum.org>
Date: Wed, 5 Dec 2012 16:06:51 +0100
Subject: [PATCH 2/4] Handle already mounted persistence backing media
correctly.
I.e. treat the case where a backing media already had been mounted in
the expected place like a success (by printing the mount dir). This
doesn't fix any bug in live-boot, but it will come in handy for the
(soon-to-come) script for activating custom persistence in user-space.
While we're at it, document this function.
---
scripts/boot/9990-misc-helpers.sh | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/scripts/boot/9990-misc-helpers.sh b/scripts/boot/9990-misc-helpers.sh
index 06a80f8..94c48e6 100755
--- a/scripts/boot/9990-misc-helpers.sh
+++ b/scripts/boot/9990-misc-helpers.sh
@@ -723,6 +723,11 @@ try_mount ()
fi
}
+# Try to mount $device to the place expected by live-boot. If $device
+# is already mounted somewhere, move it to the expected place. If
+# we're only probing $device (to check if it has custom persistence)
+# $probe should be set, which suppresses warnings upon failure. On
+# success, print the mount point for $device.
mount_persistence_media ()
{
local device=${1}
@@ -760,8 +765,12 @@ mount_persistence_media ()
rmdir "${backing}"
return 1
fi
+ else
+ # This means that $device has already been mounted on
+ # the place expected by live-boot, so we're done.
+ echo ${backing}
+ return 0
fi
- return 0
}
close_persistence_media ()
--
1.7.10.4
>From 81979610ad3e1b6b31c0a9c7a18decd75d96c37a Mon Sep 17 00:00:00 2001
From: Tails developers <amnesia@boum.org>
Date: Wed, 5 Dec 2012 20:45:28 +0100
Subject: [PATCH 3/4] Fix persistence-media option when no devices are
attached.
Earlier, if it was set to e.g. 'removable-usb' and no USB storage was
connected, $whitelistdev would be empty, which is interpreted like all
devices are ok by the rest of the code.
---
scripts/boot/9990-overlay.sh | 71 +++++++++++++++++++++++-------------------
1 file changed, 39 insertions(+), 32 deletions(-)
diff --git a/scripts/boot/9990-overlay.sh b/scripts/boot/9990-overlay.sh
index b54a2da..96c3331 100755
--- a/scripts/boot/9990-overlay.sh
+++ b/scripts/boot/9990-overlay.sh
@@ -189,19 +189,23 @@ setup_unionfs ()
done
fi
- case "${PERSISTENCE_MEDIA}" in
- removable)
- whitelistdev="$(removable_dev)"
- ;;
-
- removable-usb)
- whitelistdev="$(removable_usb_dev)"
- ;;
+ local whitelistdev=""
+ if [ -n "${PERSISTENCE_MEDIA}" ]
+ then
+ case "${PERSISTENCE_MEDIA}" in
+ removable)
+ whitelistdev="$(removable_dev)"
+ ;;
- *)
- whitelistdev=""
- ;;
- esac
+ removable-usb)
+ whitelistdev="$(removable_usb_dev)"
+ ;;
+ esac
+ if [ -z "${whitelistdev}" ]
+ then
+ whitelistdev="ignore_all_devices"
+ fi
+ fi
if is_in_comma_sep_list overlay ${PERSISTENCE_METHOD}
then
@@ -209,29 +213,32 @@ setup_unionfs ()
fi
local overlay_devices=""
- for media in $(find_persistence_media "${overlays}" "${whitelistdev}")
- do
- media="$(echo ${media} | tr ":" " ")"
+ if [ "${whitelistdev}" != "ignore_all_devices" ]
+ then
+ for media in $(find_persistence_media "${overlays}" "${whitelistdev}")
+ do
+ media="$(echo ${media} | tr ":" " ")"
- case ${media} in
- ${old_root_overlay_label}=*)
- device="${media#*=}"
- fix_backwards_compatibility ${device} / union
- overlay_devices="${overlay_devices} ${device}"
- ;;
+ case ${media} in
+ ${old_root_overlay_label}=*)
+ device="${media#*=}"
+ fix_backwards_compatibility ${device} / union
+ overlay_devices="${overlay_devices} ${device}"
+ ;;
- ${old_home_overlay_label}=*)
- device="${media#*=}"
- fix_backwards_compatibility ${device} /home bind
- overlay_devices="${overlay_devices} ${device}"
- ;;
+ ${old_home_overlay_label}=*)
+ device="${media#*=}"
+ fix_backwards_compatibility ${device} /home bind
+ overlay_devices="${overlay_devices} ${device}"
+ ;;
- ${custom_overlay_label}=*)
- device="${media#*=}"
- overlay_devices="${overlay_devices} ${device}"
- ;;
- esac
- done
+ ${custom_overlay_label}=*)
+ device="${media#*=}"
+ overlay_devices="${overlay_devices} ${device}"
+ ;;
+ esac
+ done
+ fi
elif [ -n "${NFS_COW}" ] && [ -z "${NOPERSISTENCE}" ]
then
# check if there are any nfs options
--
1.7.10.4
>From e840c4efe971ab8382e8764ccc3ff4da2c2214b7 Mon Sep 17 00:00:00 2001
From: Tails developers <amnesia@boum.org>
Date: Fri, 7 Dec 2012 17:00:13 +0100
Subject: [PATCH 4/4] Use 'local' in a safe way.
First of all, 'local' is non-POSIX, but it is a really good safeguard
against hard-to-find bugs. However, doing a local + initializing combo
like `local X=$Y` in dash is error prone. If `Y=1 2` will get an error
since dash will expand $Y so we get `local X=1 2`, but it will treat
the "2" as another variable to be made local, which isn't what we
want. Hence, let's declare variables local and initialize them in
separate commands, which is safe.
---
scripts/boot/9990-misc-helpers.sh | 195 +++++++++++++++++++++----------------
scripts/boot/9990-mount-http.sh | 7 +-
scripts/boot/9990-mount-iscsi.sh | 13 ++-
scripts/boot/9990-overlay.sh | 12 ++-
4 files changed, 132 insertions(+), 95 deletions(-)
diff --git a/scripts/boot/9990-misc-helpers.sh b/scripts/boot/9990-misc-helpers.sh
index 94c48e6..35448b9 100755
--- a/scripts/boot/9990-misc-helpers.sh
+++ b/scripts/boot/9990-misc-helpers.sh
@@ -65,7 +65,8 @@ get_backing_device ()
match_files_in_dir ()
{
# Does any files match pattern ${1} ?
- local pattern="${1}"
+ local pattern
+ pattern="${1}"
if [ "$(echo ${pattern})" != "${pattern}" ]
then
@@ -378,24 +379,27 @@ really_export ()
is_in_list_separator_helper ()
{
- local sep=${1}
+ local sep element list
+ sep=${1}
shift
- local element=${1}
+ element=${1}
shift
- local list=${*}
+ list=${*}
echo ${list} | grep -qe "^\(.*${sep}\)\?${element}\(${sep}.*\)\?$"
}
is_in_space_sep_list ()
{
- local element=${1}
+ local element
+ element=${1}
shift
is_in_list_separator_helper "[[:space:]]" "${element}" "${*}"
}
is_in_comma_sep_list ()
{
- local element=${1}
+ local element
+ element=${1}
shift
is_in_list_separator_helper "," "${element}" "${*}"
}
@@ -512,25 +516,28 @@ trim_path ()
what_is_mounted_on ()
{
- local dir="$(trim_path ${1})"
+ local dir
+ dir="$(trim_path ${1})"
grep -m1 "^[^ ]\+ ${dir} " /proc/mounts | cut -d' ' -f1
}
chown_ref ()
{
- local reference="${1}"
+ local reference targets owner
+ reference="${1}"
shift
- local targets=${@}
- local owner=$(stat -c %u:%g "${reference}")
+ targets=${@}
+ owner=$(stat -c %u:%g "${reference}")
chown -h ${owner} ${targets}
}
chmod_ref ()
{
- local reference="${1}"
+ local reference targets rights
+ reference="${1}"
shift
- local targets=${@}
- local rights=$(stat -c %a "${reference}")
+ targets=${@}
+ rights=$(stat -c %a "${reference}")
chmod ${rights} ${targets}
}
@@ -616,12 +623,13 @@ load_keymap ()
setup_loop ()
{
- local fspath=${1}
- local module=${2}
- local pattern=${3}
- local offset=${4}
- local encryption=${5}
- local readonly=${6}
+ local fspath module pattern offset encryption readonly
+ fspath=${1}
+ module=${2}
+ pattern=${3}
+ offset=${4}
+ encryption=${5}
+ readonly=${6}
# the output of setup_loop is evaluated in other functions,
# modprobe leaks kernel options like "libata.dma=0"
@@ -730,17 +738,18 @@ try_mount ()
# success, print the mount point for $device.
mount_persistence_media ()
{
- local device=${1}
- local probe=${2}
+ local device probe backing old_backing fstype mount_opts
+ device=${1}
+ probe=${2}
- local backing="${rootmnt}/lib/live/mount/persistence/$(basename ${device})"
+ backing="${rootmnt}/lib/live/mount/persistence/$(basename ${device})"
mkdir -p "${backing}"
- local old_backing="$(where_is_mounted ${device})"
+ old_backing="$(where_is_mounted ${device})"
if [ -z "${old_backing}" ]
then
- local fstype="$(get_fstype ${device})"
- local mount_opts="rw,noatime"
+ fstype="$(get_fstype ${device})"
+ mount_opts="rw,noatime"
if [ -n "${PERSISTENCE_READONLY}" ]
then
mount_opts="ro,noatime"
@@ -775,8 +784,9 @@ mount_persistence_media ()
close_persistence_media ()
{
- local device=${1}
- local backing="$(where_is_mounted ${device})"
+ local device backing
+ device=${1}
+ backing="$(where_is_mounted ${device})"
if [ -d "${backing}" ]
then
@@ -842,22 +852,25 @@ open_luks_device ()
get_gpt_name ()
{
- local dev="${1}"
+ local dev
+ dev="${1}"
/sbin/blkid -s PART_ENTRY_NAME -p -o value ${dev} 2>/dev/null
}
is_gpt_device ()
{
- local dev="${1}"
+ local dev
+ dev="${1}"
[ "$(/sbin/blkid -s PART_ENTRY_SCHEME -p -o value ${dev} 2>/dev/null)" = "gpt" ]
}
probe_for_gpt_name ()
{
- local overlays="${1}"
- local dev="${2}"
+ local overlays dev gpt_dev gpt_name
+ overlays="${1}"
+ dev="${2}"
- local gpt_dev="${dev}"
+ gpt_dev="${dev}"
if is_active_luks_mapping ${dev}
then
# if $dev is an opened luks device, we need to check
@@ -870,7 +883,7 @@ probe_for_gpt_name ()
return
fi
- local gpt_name=$(get_gpt_name ${gpt_dev})
+ gpt_name=$(get_gpt_name ${gpt_dev})
for label in ${overlays}
do
if [ "${gpt_name}" = "${label}" ]
@@ -882,8 +895,9 @@ probe_for_gpt_name ()
probe_for_fs_label ()
{
- local overlays="${1}"
- local dev="${2}"
+ local overlays dev
+ overlays="${1}"
+ dev="${2}"
for label in ${overlays}
do
@@ -896,11 +910,12 @@ probe_for_fs_label ()
probe_for_file_name ()
{
- local overlays="${1}"
- local dev="${2}"
+ local overlays dev ret backing
+ overlays="${1}"
+ dev="${2}"
- local ret=""
- local backing="$(mount_persistence_media ${dev} probe)"
+ ret=""
+ backing="$(mount_persistence_media ${dev} probe)"
if [ -z "${backing}" ]
then
return
@@ -911,7 +926,8 @@ probe_for_file_name ()
path=${backing}/${PERSISTENCE_PATH}${label}
if [ -f "${path}" ]
then
- local loopdev=$(setup_loop "${path}" "loop" "/sys/block/loop*")
+ local loopdev
+ loopdev=$(setup_loop "${path}" "loop" "/sys/block/loop*")
ret="${ret} ${label}=${loopdev}"
fi
done
@@ -945,17 +961,19 @@ find_persistence_media ()
# ${white_list_devices} is non-empty, only devices in it will be
# scanned.
- local overlays="${1}"
- local white_listed_devices="${2}"
- local ret=""
+ local overlays white_listed_devices ret black_listed_devices
+ overlays="${1}"
+ white_listed_devices="${2}"
+ ret=""
- local black_listed_devices="$(what_is_mounted_on ${rootmnt}/lib/live/medium)"
+ black_listed_devices="$(what_is_mounted_on ${rootmnt}/lib/live/medium)"
for dev in $(storage_devices "${black_listed_devices}" "${white_listed_devices}")
do
- local result=""
+ local result luks_device
+ result=""
- local luks_device=""
+ luks_device=""
# Check if it's a luks device; we'll have to open the device
# in order to probe any filesystem it contains, like we do
# below. activate_custom_mounts() also depends on that any luks
@@ -1131,11 +1149,12 @@ link_files ()
# is non-empty, remove mask from all source paths when
# creating links (will be necessary if we change root, which
# live-boot normally does (into $rootmnt)).
+ local src_dir dest_dir src_mask
# remove multiple /:s and ensure ending on /
- local src_dir="$(trim_path ${1})/"
- local dest_dir="$(trim_path ${2})/"
- local src_mask="${3}"
+ src_dir="$(trim_path ${1})/"
+ dest_dir="$(trim_path ${2})/"
+ src_mask="${3}"
# This check can only trigger on the inital, non-recursive call since
# we create the destination before recursive calls
@@ -1148,7 +1167,8 @@ link_files ()
find "${src_dir}" -mindepth 1 -maxdepth 1 | \
while read src
do
- local dest="${dest_dir}$(basename "${src}")"
+ local dest final_src
+ dest="${dest_dir}$(basename "${src}")"
if [ -d "${src}" ]
then
if [ -z "$(ls -A "${src}")" ]
@@ -1163,7 +1183,7 @@ link_files ()
fi
link_files "${src}" "${dest}" "${src_mask}"
else
- local final_src=${src}
+ final_src=${src}
if [ -n "${src_mask}" ]
then
final_src="$(echo ${final_src} | sed "s|^${src_mask}||")"
@@ -1177,10 +1197,11 @@ link_files ()
do_union ()
{
- local unionmountpoint="${1}" # directory where the union is mounted
- local unionrw="${2}" # branch where the union changes are stored
- local unionro1="${3}" # first underlying read-only branch (optional)
- local unionro2="${4}" # second underlying read-only branch (optional)
+ local unionmountpoint unionrw unionro1 unionro2
+ unionmountpoint="${1}" # directory where the union is mounted
+ unionrw="${2}" # branch where the union changes are stored
+ unionro1="${3}" # first underlying read-only branch (optional)
+ unionro2="${4}" # second underlying read-only branch (optional)
case "${UNIONTYPE}" in
aufs)
@@ -1245,12 +1266,13 @@ get_custom_mounts ()
# Side-effect: leaves $devices with persistence.conf mounted in ${rootmnt}/lib/live/mount/persistence
# Side-effect: prints info to file $custom_mounts
- local custom_mounts=${1}
+ local custom_mounts devices bindings links
+ custom_mounts=${1}
shift
- local devices=${@}
+ devices=${@}
- local bindings="/tmp/bindings.list"
- local links="/tmp/links.list"
+ bindings="/tmp/bindings.list"
+ links="/tmp/links.list"
rm -rf ${bindings} ${links} 2> /dev/null
for device in ${devices}
@@ -1260,14 +1282,14 @@ get_custom_mounts ()
continue
fi
- local device_name="$(basename ${device})"
- local backing=$(mount_persistence_media ${device})
+ local device_name backing include_list
+ device_name="$(basename ${device})"
+ backing=$(mount_persistence_media ${device})
if [ -z "${backing}" ]
then
continue
fi
- local include_list
if [ -r "${backing}/${persistence_list}" ]
then
include_list="${backing}/${persistence_list}"
@@ -1297,8 +1319,9 @@ get_custom_mounts ()
continue
fi
- local opt_source=""
- local opt_link=""
+ local opt_source opt_link source full_source full_dest
+ opt_source=""
+ opt_link=""
for opt in $(echo ${options} | tr ',' ' ');
do
case "${opt}" in
@@ -1317,7 +1340,7 @@ get_custom_mounts ()
esac
done
- local source="${dir}"
+ source="${dir}"
if [ -n "${opt_source}" ]
then
if echo ${opt_source} | grep -q -e "^/" -e "^\(.*/\)\?\.\.\?\(/.*\)\?$" && [ "${opt_source}" != "." ]
@@ -1329,8 +1352,8 @@ get_custom_mounts ()
fi
fi
- local full_source="$(trim_path ${backing}/${source})"
- local full_dest="$(trim_path ${rootmnt}/${dir})"
+ full_source="$(trim_path ${backing}/${source})"
+ full_dest="$(trim_path ${rootmnt}/${dir})"
if [ -n "${opt_link}" ]
then
echo "${device} ${full_source} ${full_dest} ${options}" >> ${links}
@@ -1351,8 +1374,9 @@ get_custom_mounts ()
# We need to make sure that no two custom mounts have the same sources
# or are nested; if that is the case, too much weird stuff can happen.
- local prev_source="impossible source" # first iteration must not match
- local prev_dest=""
+ local prev_source prev_dest
+ prev_source="impossible source" # first iteration must not match
+ prev_dest=""
# This sort will ensure that a source /a comes right before a source
# /a/b so we only need to look at the previous source
sort -k2 -b ${custom_mounts} |
@@ -1369,14 +1393,16 @@ get_custom_mounts ()
activate_custom_mounts ()
{
- local custom_mounts="${1}" # the ouput from get_custom_mounts()
- local used_devices=""
+ local custom_mounts used_devices
+ custom_mounts="${1}" # the ouput from get_custom_mounts()
+ used_devices=""
while read device source dest options # < ${custom_mounts}
do
- local opt_bind="true"
- local opt_link=""
- local opt_union=""
+ local opt_bind opt_link opt_union
+ opt_bind="true"
+ opt_link=""
+ opt_union=""
for opt in $(echo ${options} | tr ',' ' ');
do
case "${opt}" in
@@ -1457,7 +1483,8 @@ activate_custom_mounts ()
# XXX: If CONFIG_AUFS_ROBR is added to the Debian kernel we can
# ignore the loop below and set rootfs_dest_backing=$dest
- local rootfs_dest_backing=""
+ local rootfs_dest_backing
+ rootfs_dest_backing=""
if [ -n "${opt_link}"]
then
for d in ${rootmnt}/lib/live/mount/rootfs/*
@@ -1477,13 +1504,14 @@ activate_custom_mounts ()
done
fi
+ local cow_dir links_source
if [ -n "${opt_link}" ] && [ -z "${PERSISTENCE_READONLY}" ]
then
link_files ${source} ${dest} ${rootmnt}
elif [ -n "${opt_link}" ] && [ -n "${PERSISTENCE_READONLY}" ]
then
mkdir -p ${rootmnt}/lib/live/mount/persistence
- local links_source=$(mktemp -d ${rootmnt}/lib/live/mount/persistence/links-source-XXXXXX)
+ links_source=$(mktemp -d ${rootmnt}/lib/live/mount/persistence/links-source-XXXXXX)
chown_ref ${source} ${links_source}
chmod_ref ${source} ${links_source}
# We put the cow dir in the below strange place to
@@ -1491,7 +1519,7 @@ activate_custom_mounts ()
# has its own directory and isn't nested with some
# other custom mount (if so that mount's files would
# be linked, causing breakage.
- local cow_dir="${rootmnt}/lib/live/mount/overlay/lib/live/mount/persistence/$(basename ${links_source})"
+ cow_dir="${rootmnt}/lib/live/mount/overlay/lib/live/mount/persistence/$(basename ${links_source})"
mkdir -p ${cow_dir}
chown_ref "${source}" "${cow_dir}"
chmod_ref "${source}" "${cow_dir}"
@@ -1508,7 +1536,7 @@ activate_custom_mounts ()
# bind-mount and union mount are handled the same
# in read-only mode, but note that rootfs_dest_backing
# is non-empty (and necessary) only for unions
- local cow_dir="${rootmnt}/lib/live/mount/overlay/${dest}"
+ cow_dir="${rootmnt}/lib/live/mount/overlay/${dest}"
if [ -e "${cow_dir}" ] && [ -z "${opt_link}" ]
then
# If an earlier custom mount has files here
@@ -1536,22 +1564,23 @@ activate_custom_mounts ()
fix_backwards_compatibility ()
{
- local device=${1}
- local dir=${2}
- local opt=${3}
+ local device dir opt backing include_list
+ device=${1}
+ dir=${2}
+ opt=${3}
if [ -n "${PERSISTENCE_READONLY}" ]
then
return
fi
- local backing="$(mount_persistence_media ${device})"
+ backing="$(mount_persistence_media ${device})"
if [ -z "${backing}" ]
then
return
fi
- local include_list="${backing}/${persistence_list}"
+ include_list="${backing}/${persistence_list}"
if [ ! -r "${include_list}" ]
then
echo "# persistence backwards compatibility:
diff --git a/scripts/boot/9990-mount-http.sh b/scripts/boot/9990-mount-http.sh
index 1b718c0..b557404 100755
--- a/scripts/boot/9990-mount-http.sh
+++ b/scripts/boot/9990-mount-http.sh
@@ -8,8 +8,9 @@ do_httpmount ()
for webfile in HTTPFS FTPFS FETCH
do
- local url="$(eval echo \"\$\{${webfile}\}\")"
- local extension="$(echo "${url}" | sed 's/\(.*\)\.\(.*\)/\2/')"
+ local url extension dest
+ url="$(eval echo \"\$\{${webfile}\}\")"
+ extension="$(echo "${url}" | sed 's/\(.*\)\.\(.*\)/\2/')"
if [ -n "$url" ]
then
@@ -20,7 +21,7 @@ do_httpmount ()
mkdir -p "${alt_mountpoint}"
dest="${alt_mountpoint}"
else
- local dest="${mountpoint}/${LIVE_MEDIA_PATH}"
+ dest="${mountpoint}/${LIVE_MEDIA_PATH}"
mount -t ramfs ram "${mountpoint}"
mkdir -p "${dest}"
fi
diff --git a/scripts/boot/9990-mount-iscsi.sh b/scripts/boot/9990-mount-iscsi.sh
index fd29d91..6ce9851 100755
--- a/scripts/boot/9990-mount-iscsi.sh
+++ b/scripts/boot/9990-mount-iscsi.sh
@@ -7,7 +7,8 @@ do_iscsi()
do_netsetup
#modprobe ib_iser
modprobe iscsi_tcp
- local debugopt=""
+ local debugopt
+ debugopt=""
[ "${DEBUG}" = "true" ] && debugopt="-d 8"
#FIXME this name is supposed to be unique - some date + ifconfig hash?
ISCSI_INITIATORNAME="iqn.1993-08.org.debian.live:01:$(echo "${HWADDR}" | sed -e s/://g)"
@@ -21,12 +22,14 @@ do_iscsi()
then
panic "Failed to log into iscsi target"
fi
- local host="$(ls -d /sys/class/scsi_host/host*/device/iscsi_host:host* \
- /sys/class/scsi_host/host*/device/iscsi_host/host* | sed -e 's:/device.*::' -e 's:.*host::')"
+ local host
+ host="$(ls -d /sys/class/scsi_host/host*/device/iscsi_host:host* \
+ /sys/class/scsi_host/host*/device/iscsi_host/host* | sed -e 's:/device.*::' -e 's:.*host::')"
if [ -n "${host}" ]
then
- local devices=""
- local i=0
+ local devices i
+ devices=""
+ i=0
while [ -z "${devices}" -a $i -lt 60 ]
do
sleep 1
diff --git a/scripts/boot/9990-overlay.sh b/scripts/boot/9990-overlay.sh
index 96c3331..80b5726 100755
--- a/scripts/boot/9990-overlay.sh
+++ b/scripts/boot/9990-overlay.sh
@@ -189,7 +189,8 @@ setup_unionfs ()
done
fi
- local whitelistdev=""
+ local whitelistdev
+ whitelistdev=""
if [ -n "${PERSISTENCE_MEDIA}" ]
then
case "${PERSISTENCE_MEDIA}" in
@@ -212,7 +213,8 @@ setup_unionfs ()
overlays="${old_root_overlay_label} ${old_home_overlay_label} ${custom_overlay_label}"
fi
- local overlay_devices=""
+ local overlay_devices
+ overlay_devices=""
if [ "${whitelistdev}" != "ignore_all_devices" ]
then
for media in $(find_persistence_media "${overlays}" "${whitelistdev}")
@@ -406,7 +408,8 @@ setup_unionfs ()
# Adding custom persistence
if [ -n "${PERSISTENCE}" ] && [ -z "${NOPERSISTENCE}" ]
then
- local custom_mounts="/tmp/custom_mounts.list"
+ local custom_mounts
+ custom_mounts="/tmp/custom_mounts.list"
rm -rf ${custom_mounts} 2> /dev/null
# Gather information about custom mounts from devies detected as overlays
@@ -415,7 +418,8 @@ setup_unionfs ()
[ -n "${DEBUG}" ] && cp ${custom_mounts} "/lib/live/mount/persistence"
# Now we do the actual mounting (and symlinking)
- local used_overlays=""
+ local used_overlays
+ used_overlays=""
used_overlays=$(activate_custom_mounts ${custom_mounts})
rm ${custom_mounts}
--
1.7.10.4
Reply to: