Minor tweaks to signing params and boot options

Also split out usb-scan to allow manual initiation of scan from the recovery shell
2024-12-18 20:47:55 +00:00 · 2017-07-03 13:07:03 -04:00 · 2017-07-03 13:07:03 -04:00 · ce4b91cad9
commit ce4b91cad9
parent 3614044fff
5 changed files with 95 additions and 71 deletions
--- a/initrd/bin/kexec-check-config
+++ b/initrd/bin/kexec-check-config
@ -6,13 +6,16 @@ MEDIA="$1"
 if [ ! -d /tmp/kexec ]; then
 	mkdir /tmp/kexec \
 		|| recovery 'failed to make kexec tmp dir'
+else
+	rm -rf /tmp/kexec/* \
+		|| recovert 'failed to empty kexec tmp dir'
 fi

 if [ ! -r $MEDIA/kexec.sig ]; then
 	exit 0
 fi

-if [ -z `find $MEDIA/kexec*.txt` ]; then
+if [ `find $MEDIA/kexec*.txt | wc -l` -eq 0 ]; then
 	exit 0
 fi

--- a/initrd/bin/kexec-select-boot
+++ b/initrd/bin/kexec-select-boot
@ -10,24 +10,35 @@ HASH_NAME="kexec_hashes.txt"
 TMP_MENU_FILE=/tmp/kexec/$MENU_NAME
 TMP_HASH_FILE=/tmp/kexec/$HASH_NAME

+first_menu="y"
 get_menu_option() {
-	echo "+++ Select your boot option:"
-	n=0
-	while read option
-	do
-		parse_option
-		n=`expr $n + 1`
-		echo "$n. $name [$kernel]"
-	done < $TMP_MENU_FILE
-
-	read \
-		-p "Choose the boot option [1-$n, a to abort]: " \
-		option_index
-
-	if [ "$option_index" = "a" ]; then
-		recovery "Aborting boot attempt"
+	num_options=`cat $TMP_MENU_FILE | wc -l`
+	if [ $num_options -eq 0 ]; then
+		recovery "No boot options"
 	fi

+	if [ $num_options -eq 1 -a $first_menu = "y" ]; then
+		option_index=1
+	else
+		echo "+++ Select your boot option:"
+		n=0
+		while read option
+		do
+			parse_option
+			n=`expr $n + 1`
+			echo "$n. $name [$kernel]"
+		done < $TMP_MENU_FILE
+
+		read \
+			-p "Choose the boot option [1-$n, a to abort]: " \
+			option_index
+
+		if [ "$option_index" = "a" ]; then
+			recovery "Aborting boot attempt"
+		fi
+	fi
+	first_menu="n"
+
 	option=`head -n $option_index $TMP_MENU_FILE | tail -1`
 	parse_option
 }
@ -59,7 +70,7 @@ if [ -r $TMP_HASH_FILE ]; then
 	fi
 fi

-# otherwise scan the boot directory and generate options
+# if no saved options, scan the boot directory and generate
 if [ ! -r $TMP_MENU_FILE ]; then
 	echo "+++ Scanning for unsigned boot options"
 	option_file="/tmp/kexec_options.txt"
--- a/initrd/bin/local-init
+++ b/initrd/bin/local-init
@ -23,7 +23,7 @@ if ! grep -q /boot /proc/mounts ; then
 fi

 # Attempt to pull verified config from device
-kexec-check-config /boot
-exec kexec-select-boot /boot
+kexec-check-config /boot/
+kexec-select-boot /boot/

 recovery "Something failed..."
--- a/initrd/bin/usb-init
+++ b/initrd/bin/usb-init
@ -16,56 +16,5 @@ if [ ! "$totp_confirm" = "y" ]; then
 	recovery "Failed to confirm validity of TOTP"
 fi

-# Mount the USB boot device
-mount-usb "$CONFIG_USB_BOOT_DEV" \
-	|| recovery '$CONFIG_USB_BOOT_DEV: Unable to mount /media'
-
-# Check for ISO first
-get_menu_option() {
-	echo "+++ Select your ISO boot option:"
-	n=0
-	while read option
-	do
-		n=`expr $n + 1`
-		echo "$n. $option"
-	done < /tmp/iso_menu.txt
-
-	read \
-		-p "Choose the ISO boot option [1-$n, s for standard boot, a to abort]: " \
-		option_index
-
-	if [ "$option_index" = "a" ]; then
-		recovery "Aborting boot attempt"
-	fi
-
-	if [ "$option_index" = "s" ]; then
-			option=""
-			return
-	fi
-
-	option=`head -n $option_index /tmp/iso_menu.txt | tail -1`
-}
-
-# create ISO menu options
-ls -1r /media/*.iso 2>/dev/null > /tmp/iso_menu.txt
-if [ `wc -l /tmp/iso_menu.txt | cut -d\  -f1` -gt 0 ]; then
-	option_confirm=""
-	while [ -z "$option" -a "$option_index" != "s" ]
-	do
-		get_menu_option
-	done
-
-	if [ -n "$option" ]; then
-		MOUNTED_ISO=$option
-		ISO=${option:7} # remove /media/ to get device relative path
-		kexec-check-config /media/kexec_iso/$ISO
-		exec kexec-iso-init $MOUNTED_ISO $ISO $CONFIG_USB_BOOT_DEV
-	fi
-fi
-
-echo "!!! Could not find any ISO, trying bootable USB"
-# Attempt to pull verified config from device
-kexec-check-config /media
-exec kexec-select-boot /media
-
+usb-scan
 recovery "Something failed..."
--- a/initrd/bin/usb-scan
+++ b/initrd/bin/usb-scan
@ -0,0 +1,61 @@
+#!/bin/sh
+# Scan for USB installation options
+
+. /etc/functions
+. /etc/config
+
+# Mount the USB boot device
+mount-usb "$CONFIG_USB_BOOT_DEV" \
+	|| recovery '$CONFIG_USB_BOOT_DEV: Unable to mount /media'
+
+# Check for ISO first
+get_menu_option() {
+	echo "+++ Select your ISO boot option:"
+	n=0
+	while read option
+	do
+		n=`expr $n + 1`
+		echo "$n. $option"
+	done < /tmp/iso_menu.txt
+
+	read \
+		-p "Choose the ISO boot option [1-$n, s for standard boot, a to abort]: " \
+		option_index
+
+	if [ "$option_index" = "a" ]; then
+		recovery "Aborting boot attempt"
+	fi
+
+	if [ "$option_index" = "s" ]; then
+			option=""
+			return
+	fi
+
+	option=`head -n $option_index /tmp/iso_menu.txt | tail -1`
+}
+
+# create ISO menu options
+ls -1r /media/*.iso 2>/dev/null > /tmp/iso_menu.txt
+if [ `cat /tmp/iso_menu.txt | wc -l` -gt 0 ]; then
+	option_confirm=""
+	while [ -z "$option" -a "$option_index" != "s" ]
+	do
+		get_menu_option
+	done
+
+	if [ -n "$option" ]; then
+		MOUNTED_ISO=$option
+		ISO=${option:7} # remove /media/ to get device relative path
+		kexec-check-config /media/kexec_iso/$ISO/
+		kexec-iso-init $MOUNTED_ISO $ISO $CONFIG_USB_BOOT_DEV
+
+		recovery "Something failed..."
+	fi
+fi
+
+echo "!!! Could not find any ISO, trying bootable USB"
+# Attempt to pull verified config from device
+kexec-check-config /media/
+kexec-select-boot /media/
+
+recovery "Something failed..."