mirror of
https://github.com/linuxboot/heads.git
synced 2024-12-30 01:38:56 +00:00
faa77d4064
Removes spurious errors thrown for exfat in dmesg in that function. Something better to propose? Signed-off-by: Thierry Laurion <insurgo@riseup.net>
871 lines
27 KiB
Bash
Executable File
871 lines
27 KiB
Bash
Executable File
#!/bin/bash
|
|
# Shell functions for most initialization scripts
|
|
. /etc/ash_functions
|
|
|
|
# Print <hidden> or <empty> depending on whether $1 is empty. Useful to mask an
|
|
# optional password parameter.
|
|
mask_param() {
|
|
if [ -z "$1" ]; then
|
|
echo "<empty>"
|
|
else
|
|
echo "<hidden>"
|
|
fi
|
|
}
|
|
|
|
# Pipe input to this to sink it to the debug log, with a name prefix.
|
|
# If the input is empty, no output is produced, so actual output is
|
|
# readily visible in logs.
|
|
#
|
|
# For example:
|
|
# ls /boot/vmlinux* | SINK_LOG "/boot kernels"
|
|
SINK_LOG() {
|
|
local name="$1"
|
|
local line haveblank
|
|
# If the input doesn't end with a line break, read won't give us the
|
|
# last (unterminated) line. Add a line break with echo to ensure we
|
|
# don't lose any input. Buffer up to one blank line so we can avoid
|
|
# emitting a final (or only) blank line.
|
|
(cat; echo) | while IFS= read -r line; do
|
|
[[ -n "$haveblank" ]] && DEBUG "$name: " # Emit buffered blank line
|
|
if [[ -z "$line" ]]; then
|
|
haveblank=y
|
|
else
|
|
haveblank=
|
|
LOG "$name: $line"
|
|
fi
|
|
done
|
|
}
|
|
|
|
# Trace a command with DEBUG, then execute it. Trace failed exit status, stdout
|
|
# and stderr, etc.
|
|
#
|
|
# DO_WITH_DEBUG is designed so it can be dropped in to most command invocations
|
|
# without side effects - it adds visibility without actually affecting the
|
|
# execution of the script. Exit statuses, stdout, and stderr are traced, but
|
|
# they are still returned/written to the caller.
|
|
#
|
|
# A password parameter can be masked by passing --mask-position N before the
|
|
# command to execute, the debug trace will just indicate whether the password
|
|
# was empty or nonempty (which is important when use of a password is optional).
|
|
# N=0 is the name of the command to be executed, N=1 is its first parameter,
|
|
# etc.
|
|
#
|
|
# DO_WITH_DEBUG() can be added in most places where a command is executed to
|
|
# add visibility in the debug log. For example:
|
|
#
|
|
# [DO_WITH_DEBUG] mount "$BLOCK" "$MOUNTPOINT"
|
|
# ^-- adding DO_WITH_DEBUG will show the block device, mountpoint, and whether
|
|
# the mount fails
|
|
#
|
|
# [DO_WITH_DEBUG --mask-position 7] tpmr seal "$KEY" "$IDX" "$pcrs" "$pcrf" "$size" "$PASSWORD"
|
|
# ^-- trace the resulting invocation, but mask the password in the log
|
|
#
|
|
# if ! [DO_WITH_DEBUG] umount "$MOUNTPOINT"; then [...]
|
|
# ^-- it can be used when the exit status is checked, like the condition of `if`
|
|
#
|
|
# hotp_token_info="$([DO_WITH_DEBUG] hotp_verification info)"
|
|
# ^-- output of hotp_verification info becomes visible in debug log while
|
|
# still being captured by script
|
|
#
|
|
# [DO_WITH_DEBUG] umount "$MOUNTPOINT" &>/dev/null || true
|
|
# ^-- if the command's stdout/stderr/failure are ignored, this still works the
|
|
# same way with DO_WITH_DEBUG
|
|
DO_WITH_DEBUG() {
|
|
local exit_status=0
|
|
local cmd_output
|
|
if [[ "$1" == "--mask-position" ]]; then
|
|
local mask_position="$2"
|
|
shift
|
|
shift
|
|
local show_args=("$@")
|
|
show_args[$mask_position]="$(mask_param "${show_args[$mask_position]}")"
|
|
DEBUG "${show_args[@]}"
|
|
else
|
|
DEBUG "$@"
|
|
fi
|
|
|
|
# Execute the command and capture the exit status. Tee stdout/stderr to
|
|
# debug sinks, so they're visible but still can be used by the caller
|
|
#
|
|
# This is tricky when set -e / set -o pipefail may or may not be in
|
|
# effect.
|
|
# - Putting the command in an `if` ensures set -e won't terminate us,
|
|
# and also does not overwrite $? (like `|| true` would).
|
|
# - We capture PIPESTATUS[0] whether the command succeeds or fails,
|
|
# since we don't know whether the pipeline status will be that of the
|
|
# command or 'tee' (depends on set -o pipefail).
|
|
if ! "$@" 2> >(tee /dev/stderr | SINK_LOG "$1 stderr") | tee >(SINK_LOG "$1 stdout"); then
|
|
exit_status="${PIPESTATUS[0]}"
|
|
else
|
|
exit_status="${PIPESTATUS[0]}"
|
|
fi
|
|
if [[ "$exit_status" -ne 0 ]]; then
|
|
# Trace unsuccessful exit status, but only at DEBUG because this
|
|
# may be expected. Include the command name in case the command
|
|
# also invoked a DO_WITH_DEBUG (it could be a script).
|
|
DEBUG "$1: exited with status $exit_status"
|
|
fi
|
|
# If the command was (probably) not found, trace PATH in case it
|
|
# prevented the command from being found
|
|
if [[ "$exit_status" -eq 127 ]]; then
|
|
DEBUG "$1: PATH=$PATH"
|
|
fi
|
|
|
|
return "$exit_status"
|
|
}
|
|
|
|
# Trace the current script and function.
|
|
TRACE_FUNC() {
|
|
# Index [1] for BASH_SOURCE and FUNCNAME give us the caller location.
|
|
# FUNCNAME is 'main' if called from a script outside any function.
|
|
# BASH_LINENO is offset by 1, it provides the line that the
|
|
# corresponding FUNCNAME was _called from_, so BASH_LINENO[0] is the
|
|
# location of the caller.
|
|
TRACE "${BASH_SOURCE[1]}(${BASH_LINENO[0]}): ${FUNCNAME[1]}"
|
|
}
|
|
|
|
# Show the entire current call stack in debug output - useful if a catastrophic
|
|
# error or something very unexpected occurs, like totally invalid parameters.
|
|
DEBUG_STACK() {
|
|
local FRAMES
|
|
FRAMES="${#FUNCNAME[@]}"
|
|
DEBUG "call stack: ($((FRAMES-1)) frames)"
|
|
# Don't print DEBUG_STACK itself, start from 1
|
|
for i in $(seq 1 "$((FRAMES-1))"); do
|
|
DEBUG "- $((i-1)) - ${BASH_SOURCE[$i]}(${BASH_LINENO[$((i-1))]}): ${FUNCNAME[$i]}"
|
|
done
|
|
}
|
|
|
|
pcrs() {
|
|
if [ "$CONFIG_TPM2_TOOLS" = "y" ]; then
|
|
tpm2 pcrread sha256
|
|
elif [ "$CONFIG_TPM" = "y" ]; then
|
|
head -8 /sys/class/tpm/tpm0/pcrs
|
|
fi
|
|
}
|
|
|
|
confirm_totp() {
|
|
TRACE_FUNC
|
|
prompt="$1"
|
|
last_half=X
|
|
unset totp_confirm
|
|
|
|
while true; do
|
|
|
|
# update the TOTP code every thirty seconds
|
|
date=$(date "+%Y-%m-%d %H:%M:%S")
|
|
seconds=$(date "+%s")
|
|
half=$(expr \( $seconds % 60 \) / 30)
|
|
if [ "$CONFIG_TPM" != "y" ]; then
|
|
TOTP="NO TPM"
|
|
elif [ "$half" != "$last_half" ]; then
|
|
last_half=$half
|
|
TOTP=$(unseal-totp) ||
|
|
recovery "TOTP code generation failed"
|
|
fi
|
|
|
|
echo -n "$date $TOTP: "
|
|
|
|
# read the first character, non-blocking
|
|
read \
|
|
-t 1 \
|
|
-n 1 \
|
|
-s \
|
|
-p "$prompt" \
|
|
totp_confirm &&
|
|
break
|
|
|
|
# nothing typed, redraw the line
|
|
echo -ne '\r'
|
|
done
|
|
|
|
# clean up with a newline
|
|
echo
|
|
}
|
|
|
|
reseal_tpm_disk_decryption_key() {
|
|
TRACE_FUNC
|
|
#For robustness, exit early if LUKS TPM Disk Unlock Key is prohibited in board configs
|
|
if [ "$CONFIG_TPM_DISK_UNLOCK_KEY" == "n" ]; then
|
|
DEBUG "LUKS TPM Disk Unlock Key is prohibited in board configs"
|
|
return
|
|
else
|
|
DEBUG "LUKS TPM Disk Unlock Key is allowed in board configs. Continuing"
|
|
fi
|
|
|
|
if ! grep -q /boot /proc/mounts; then
|
|
mount -o ro /boot ||
|
|
recovery "Unable to mount /boot"
|
|
fi
|
|
|
|
if [ -s /boot/kexec_key_devices.txt ] || [ -s /boot/kexec_key_lvm.txt ]; then
|
|
warn "LUKS TPM sealed Disk Unlock Key secret needs to be resealed alongside TOTP/HOTP secret"
|
|
echo "Resealing LUKS TPM Disk Unlock Key to be unsealed by LUKS TPM Disk Unlock Key passphrase"
|
|
while ! kexec-seal-key /boot; do
|
|
warn "Recovery Disk Encryption key passphrase/TPM Owner Password may be invalid. Please try again"
|
|
done
|
|
warn "LUKS header hash changed under /boot/kexec_luks_hdr_hash.txt"
|
|
echo "Updating checksums and signing all files under /boot/kexec.sig"
|
|
while ! update_checksums; do
|
|
warn "Checksums were not signed. Preceding errors should explain possible causes"
|
|
done
|
|
warn "Rebooting in 3 seconds to enable booting default boot option"
|
|
sleep 3
|
|
reboot
|
|
else
|
|
DEBUG "No TPM disk decryption key to reseal"
|
|
fi
|
|
}
|
|
|
|
# Enable USB storage (if not already enabled), and wait for storage devices to
|
|
# be detected. If USB storage was already enabled, no wait occurs, this would
|
|
# have happened already when USB storage was enabled.
|
|
enable_usb_storage() {
|
|
TRACE_FUNC
|
|
if ! lsmod | grep -q usb_storage; then
|
|
timeout=0
|
|
echo "Scanning for USB storage devices..."
|
|
insmod /lib/modules/usb-storage.ko >/dev/null 2>&1 ||
|
|
die "usb_storage: module load failed"
|
|
while [[ $(list_usb_storage | wc -l) -eq 0 ]]; do
|
|
[[ $timeout -ge 8 ]] && break
|
|
sleep 1
|
|
timeout=$(($timeout + 1))
|
|
done
|
|
fi
|
|
}
|
|
|
|
device_has_partitions() {
|
|
local DEVICE="$1"
|
|
# fdisk normally says "doesn't contain a valid partition table" for
|
|
# devices that lack a partition table - except for FAT32.
|
|
#
|
|
# FAT32 devices have a volume boot record that looks enough like an MBR
|
|
# to satisfy fdisk. In that case, fdisk prints a partition table header
|
|
# but no partitions.
|
|
#
|
|
# This check covers that: [ $(fdisk -l "$b" | wc -l) -eq 5 ]
|
|
# In both cases the output is 5 lines: 3 about device info, 1 empty line
|
|
# and the 5th will be the table header or the invalid message.
|
|
local DISK_DATA=$(fdisk -l "$DEVICE")
|
|
if echo "$DISK_DATA" | grep -q "doesn't contain a valid partition table" || \
|
|
[ "$(echo "$DISK_DATA" | wc -l)" -eq 5 ]; then
|
|
# No partition table
|
|
return 1
|
|
fi
|
|
# There is a partition table
|
|
return 0
|
|
}
|
|
|
|
list_usb_storage() {
|
|
TRACE_FUNC
|
|
# List all USB storage devices, including partitions unless we received argument stating we want drives only
|
|
# The output is a list of device names, one per line.
|
|
|
|
if [ "$1" = "disks" ]; then
|
|
DEBUG "Listing USB storage devices (disks only) since list_usb_storage was called with 'disks' argument"
|
|
else
|
|
DEBUG "Listing USB storage devices (including partitions)"
|
|
fi
|
|
|
|
stat -c %N /sys/block/sd* 2>/dev/null | grep usb |
|
|
cut -f1 -d ' ' |
|
|
sed "s/[']//g" |
|
|
while read b; do
|
|
# Ignore devices of size 0, such as empty SD card
|
|
# readers on laptops attached via USB.
|
|
if [ "$(cat "$b/size")" -gt 0 ]; then
|
|
DEBUG "USB storage device of size greater then 0: $b"
|
|
echo "$b"
|
|
fi
|
|
done |
|
|
sed "s|/sys/block|/dev|" |
|
|
while read b; do
|
|
# If the device has a partition table, ignore it and
|
|
# include the partitions instead - even if the kernel
|
|
# hasn't detected the partitions yet. Such a device is
|
|
# never usable directly, and this allows the "wait for
|
|
# disks" loop in mount-usb to correctly wait for the
|
|
# partitions.
|
|
if ! device_has_partitions "$b"; then
|
|
# No partition table, include this device
|
|
DEBUG "USB storage device without partition table: $b"
|
|
echo "$b"
|
|
#Bypass the check for partitions if we want only disks
|
|
elif [ "$1" = "disks" ]; then
|
|
# disks only were requested, so we don't list partitions
|
|
DEBUG "USB storage device with partition table: $b"
|
|
DEBUG "We asked for disks only, so we don't want to list partitions"
|
|
echo "$b"
|
|
else
|
|
# Has a partition table, include partitions
|
|
DEBUG "USB storage device with partition table: $b"
|
|
ls -1 "$b"* | awk 'NR!=1 {print $0}'
|
|
fi
|
|
done
|
|
}
|
|
|
|
# Prompt for a TPM Owner Password if it is not already cached in /tmp/secret/tpm_owner_password.
|
|
# Sets tpm_owner_password variable reused in flow, and cache file used until recovery shell is accessed.
|
|
# Tools should optionally accept a TPM password on the command line, since some flows need
|
|
# it multiple times and only one prompt is ideal.
|
|
prompt_tpm_owner_password() {
|
|
TRACE_FUNC
|
|
|
|
if [ -s /tmp/secret/tpm_owner_password ]; then
|
|
DEBUG "/tmp/secret/tpm_owner_password already cached in file. Reusing"
|
|
tpm_owner_password=$(cat /tmp/secret/tpm_owner_password)
|
|
return 0
|
|
fi
|
|
|
|
read -s -p "TPM Owner Password: " tpm_owner_password
|
|
echo # new line after password prompt
|
|
|
|
# Cache the password externally to be reused by who needs it
|
|
DEBUG "Caching TPM Owner Password to /tmp/secret/tpm_owner_password"
|
|
mkdir -p /tmp/secret || die "Unable to create /tmp/secret"
|
|
echo -n "$tpm_owner_password" >/tmp/secret/tpm_owner_password || die "Unable to cache TPM owner_password under /tmp/secret/tpm_owner_password"
|
|
}
|
|
|
|
# Prompt for a new TPM Owner Password when resetting the TPM.
|
|
# Returned in tpm_owner_passpword and cached under /tpm/secret/tpm_owner_password
|
|
# The password must be 1-32 characters and must be entered twice,
|
|
# the script will loop until this is met.
|
|
prompt_new_owner_password() {
|
|
TRACE_FUNC
|
|
local tpm_owner_password2
|
|
tpm_owner_password=1
|
|
tpm_owner_password2=2
|
|
while [ "$tpm_owner_password" != "$tpm_owner_password2" ] || [ "${#tpm_owner_password}" -gt 32 ] || [ -z "$tpm_owner_password" ]; do
|
|
read -s -p "New TPM Owner Password (2 words suggested, 1-32 characters max): " tpm_owner_password
|
|
echo
|
|
|
|
read -s -p "Repeat chosen TPM Owner Password: " tpm_owner_password2
|
|
echo
|
|
|
|
if [ "$tpm_owner_password" != "$tpm_owner_password2" ]; then
|
|
echo "Passphrases entered do not match. Try again!"
|
|
echo
|
|
fi
|
|
done
|
|
|
|
# Cache the password externally to be reused by who needs it
|
|
DEBUG "Caching TPM Owner Password to /tmp/secret/tpm_owner_password"
|
|
mkdir -p /tmp/secret || die "Unable to create /tmp/secret"
|
|
echo -n "$tpm_owner_password" >/tmp/secret/tpm_owner_password || die "Unable to cache TPM password under /tmp/secret"
|
|
}
|
|
|
|
check_tpm_counter() {
|
|
TRACE_FUNC
|
|
|
|
LABEL=${2:-3135106223}
|
|
tpm_password="$3"
|
|
# if the /boot.hashes file already exists, read the TPM counter ID
|
|
# from it.
|
|
if [ -r "$1" ]; then
|
|
TPM_COUNTER=$(grep counter- "$1" | cut -d- -f2)
|
|
else
|
|
warn "$1 does not exist; creating new TPM counter"
|
|
tpmr counter_create \
|
|
-pwdc '' \
|
|
-la $LABEL |
|
|
tee /tmp/counter ||
|
|
die "Unable to create TPM counter"
|
|
TPM_COUNTER=$(cut -d: -f1 </tmp/counter)
|
|
fi
|
|
|
|
if [ -z "$TPM_COUNTER" ]; then
|
|
die "$1: TPM Counter not found?"
|
|
fi
|
|
}
|
|
|
|
read_tpm_counter() {
|
|
TRACE_FUNC
|
|
tpmr counter_read -ix "$1" | tee "/tmp/counter-$1" ||
|
|
die "Counter read failed"
|
|
}
|
|
|
|
increment_tpm_counter() {
|
|
TRACE_FUNC
|
|
tpmr counter_increment -ix "$1" -pwdc '' |
|
|
tee /tmp/counter-$1 ||
|
|
die "TPM counter increment failed for rollback prevention. Please reset the TPM"
|
|
}
|
|
|
|
check_config() {
|
|
TRACE_FUNC
|
|
if [ ! -d /tmp/kexec ]; then
|
|
mkdir /tmp/kexec ||
|
|
die 'Failed to make kexec tmp dir'
|
|
else
|
|
rm -rf /tmp/kexec/* ||
|
|
die 'Failed to empty kexec tmp dir'
|
|
fi
|
|
|
|
if [ ! -r $1/kexec.sig -a "$CONFIG_BASIC" != "y" ]; then
|
|
return
|
|
fi
|
|
|
|
if [ $(find $1/kexec*.txt | wc -l) -eq 0 ]; then
|
|
return
|
|
fi
|
|
|
|
if [ "$2" != "force" ]; then
|
|
if ! sha256sum $(find $1/kexec*.txt) | gpgv $1/kexec.sig -; then
|
|
die 'Invalid signature on kexec boot params'
|
|
fi
|
|
fi
|
|
|
|
echo "+++ Found verified kexec boot params"
|
|
cp $1/kexec*.txt /tmp/kexec ||
|
|
die "Failed to copy kexec boot params to tmp"
|
|
}
|
|
|
|
# Replace a file in a ROM (add it if the file does not exist)
|
|
replace_rom_file() {
|
|
ROM="$1"
|
|
ROM_FILE="$2"
|
|
NEW_FILE="$3"
|
|
|
|
if (cbfs.sh -o "$ROM" -l | grep -q "$ROM_FILE"); then
|
|
cbfs.sh -o "$ROM" -d "$ROM_FILE"
|
|
fi
|
|
cbfs.sh -o "$ROM" -a "$ROM_FILE" -f "$NEW_FILE"
|
|
}
|
|
|
|
replace_config() {
|
|
TRACE_FUNC
|
|
CONFIG_FILE=$1
|
|
CONFIG_OPTION=$2
|
|
NEW_SETTING=$3
|
|
|
|
touch $CONFIG_FILE
|
|
# first pull out the existing option from the global config and place in a tmp file
|
|
awk "gsub(\"^export ${CONFIG_OPTION}=.*\",\"export ${CONFIG_OPTION}=\\\"${NEW_SETTING}\\\"\")" /tmp/config >${CONFIG_FILE}.tmp
|
|
awk "gsub(\"^${CONFIG_OPTION}=.*\",\"${CONFIG_OPTION}=\\\"${NEW_SETTING}\\\"\")" /tmp/config >>${CONFIG_FILE}.tmp
|
|
|
|
# then copy any remaining settings from the existing config file, minus the option you changed
|
|
grep -v "^export ${CONFIG_OPTION}=" ${CONFIG_FILE} | grep -v "^${CONFIG_OPTION}=" >>${CONFIG_FILE}.tmp || true
|
|
sort ${CONFIG_FILE}.tmp | uniq >${CONFIG_FILE}
|
|
rm -f ${CONFIG_FILE}.tmp
|
|
}
|
|
|
|
# Generate a secret for TPM-less HOTP by reading the ROM. Output is the
|
|
# sha256sum of the ROM (binary, not printable), which can be truncated to the
|
|
# supported secret length.
|
|
secret_from_rom_hash() {
|
|
local ROM_IMAGE="/tmp/coreboot-notpm.rom"
|
|
|
|
echo -e "\nTPM not detected; measuring ROM directly\n" 1>&2
|
|
|
|
# Read the ROM if we haven't read it yet
|
|
if [ ! -f "${ROM_IMAGE}" ]; then
|
|
flash.sh -r "${ROM_IMAGE}" >/dev/null 2>&1 || return 1
|
|
fi
|
|
|
|
sha256sum "${ROM_IMAGE}" | cut -f1 -d ' ' | fromhex_plain
|
|
}
|
|
|
|
update_checksums() {
|
|
TRACE_FUNC
|
|
# ensure /boot mounted
|
|
if ! grep -q /boot /proc/mounts; then
|
|
mount -o ro /boot ||
|
|
recovery "Unable to mount /boot"
|
|
fi
|
|
|
|
# remount RW
|
|
mount -o rw,remount /boot
|
|
|
|
# sign and auto-roll config counter
|
|
extparam=
|
|
if [ "$CONFIG_TPM" = "y" ]; then
|
|
if [ "$CONFIG_IGNORE_ROLLBACK" != "y" ]; then
|
|
extparam=-r
|
|
fi
|
|
fi
|
|
if ! kexec-sign-config -p /boot -u $extparam; then
|
|
rv=1
|
|
else
|
|
rv=0
|
|
fi
|
|
|
|
# switch back to ro mode
|
|
mount -o ro,remount /boot
|
|
|
|
return $rv
|
|
}
|
|
|
|
print_tree() {
|
|
TRACE_FUNC
|
|
find ./ ! -path './kexec*' -print0 | sort -z
|
|
}
|
|
|
|
# Escape zero-delimited standard input to safely display it to the user in e.g.
|
|
# `whiptail`, `less`, `echo`, `cat`. Doesn't produce shell-escaped output.
|
|
# Most printable characters are passed verbatim (exception: \).
|
|
# These escapes are used to replace their corresponding characters: #n#r#t#v#b
|
|
# Other characters are rendered as hexadecimal escapes.
|
|
# escape_zero [prefix] [escape character]
|
|
# prefix: \0 in the input will result in \n[prefix]
|
|
# escape character: character to use for escapes (default: #); \ may be interpreted by `whiptail`
|
|
escape_zero() {
|
|
local prefix="$1"
|
|
local echar="${2:-#}"
|
|
local todo=""
|
|
local echar_hex="$(echo -n "$echar" | xxd -p -c1)"
|
|
[ ${#echar_hex} -eq 2 ] || die "Invalid escape character $echar passed to escape_zero(). Programming error?!"
|
|
|
|
echo -e -n "$prefix"
|
|
xxd -p -c1 | tr -d '\n' |
|
|
{
|
|
while IFS= read -r -n2 -d ''; do
|
|
if [ -n "$todo" ]; then
|
|
#REPLY == " " is EOF
|
|
[[ "$REPLY" == " " ]] && echo '' || echo -e -n "$todo"
|
|
todo=""
|
|
fi
|
|
|
|
case "$REPLY" in
|
|
00)
|
|
todo="\n$prefix"
|
|
;;
|
|
08)
|
|
echo -n "${echar}b"
|
|
;;
|
|
09)
|
|
echo -n "${echar}t"
|
|
;;
|
|
0a)
|
|
echo -n "${echar}n"
|
|
;;
|
|
0b)
|
|
echo -n "${echar}v"
|
|
;;
|
|
0d)
|
|
echo -n "${echar}r"
|
|
;;
|
|
"$echar_hex")
|
|
echo -n "$echar$echar"
|
|
;;
|
|
#interpreted characters:
|
|
2[0-9a-f] | 3[0-9a-f] | 4[0-9a-f] | 5[0-9abd-f] | 6[0-9a-f] | 7[0-9a-e])
|
|
echo -e -n '\x'"$REPLY"
|
|
;;
|
|
# All others are escaped
|
|
*)
|
|
echo -n "${echar}x$REPLY"
|
|
;;
|
|
esac
|
|
done
|
|
}
|
|
}
|
|
|
|
# Currently heads doesn't support signing file names with certain characters
|
|
# due to https://bugs.busybox.net/show_bug.cgi?id=14226. Also, certain characters
|
|
# may be intepreted by `whiptail`, `less` et al (e.g. \n, \b, ...).
|
|
assert_signable() {
|
|
TRACE_FUNC
|
|
# ensure /boot mounted
|
|
if ! grep -q /boot /proc/mounts; then
|
|
mount -o ro /boot || die "Unable to mount /boot"
|
|
fi
|
|
|
|
find /boot -print0 >/tmp/signable.ref
|
|
local del='\001-\037\134\177-\377'
|
|
LC_ALL=C tr -d "$del" </tmp/signable.ref >/tmp/signable.del || die "Failed to execute tr."
|
|
if ! cmp -s "/tmp/signable.ref" "/tmp/signable.del" &>/dev/null; then
|
|
local user_out="/tmp/hash_output_mismatches"
|
|
local add="Please investigate!"
|
|
[ -f "$user_out" ] && add="Please investigate the following relative paths to /boot (where # are sanitized invalid characters):"$'\n'"$(cat "$user_out")"
|
|
recovery "Some /boot file names contain characters that are currently not supported by heads: $del"$'\n'"$add"
|
|
fi
|
|
rm -f /tmp/signable.*
|
|
}
|
|
|
|
verify_checksums() {
|
|
TRACE_FUNC
|
|
local boot_dir="$1"
|
|
local gui="${2:-y}"
|
|
|
|
(
|
|
set +e -o pipefail
|
|
local ret=0
|
|
cd "$boot_dir" || ret=1
|
|
sha256sum -c "$TMP_HASH_FILE" >/tmp/hash_output || ret=1
|
|
|
|
# also make sure that the file & directory structure didn't change
|
|
# (sha256sum won't detect added files)
|
|
print_tree >/tmp/tree_output || ret=1
|
|
if ! cmp -s "$TMP_TREE_FILE" /tmp/tree_output &>/dev/null; then
|
|
ret=1
|
|
[[ "$gui" != "y" ]] && exit "$ret"
|
|
# produce a diff that can safely be presented to the user
|
|
# this is relatively hard as file names may e.g. contain backslashes etc.,
|
|
# which are interpreted by whiptail, less, ...
|
|
escape_zero "(new) " <"$TMP_TREE_FILE" >"${TMP_TREE_FILE}.user"
|
|
escape_zero "(new) " </tmp/tree_output >/tmp/tree_output.user
|
|
diff "${TMP_TREE_FILE}.user" /tmp/tree_output.user | grep -E '^\+\(new\).*$' | sed -r 's/^\+\(new\)/(new)/g' >>/tmp/hash_output
|
|
rm -f "${TMP_TREE_FILE}.user"
|
|
rm -f /tmp/tree_output.user
|
|
fi
|
|
exit $ret
|
|
)
|
|
return $?
|
|
}
|
|
|
|
# Check if a device is an LVM2 PV, and if so print the VG name
|
|
find_lvm_vg_name() {
|
|
TRACE_FUNC
|
|
local DEVICE VG
|
|
DEVICE="$1"
|
|
|
|
mkdir -p /tmp/root-hashes-gui
|
|
if ! lvm pvs "$DEVICE" >/tmp/root-hashes-gui/lvm_vg 2>/dev/null; then
|
|
# It's not an LVM PV
|
|
return 1
|
|
fi
|
|
|
|
VG="$(tail -n +2 /tmp/root-hashes-gui/lvm_vg | awk '{print $2}')"
|
|
if [ -z "$VG" ]; then
|
|
DEBUG "Could not find LVM2 VG from lvm pvs output:"
|
|
DEBUG "$(cat /tmp/root-hashes-gui/lvm_vg)"
|
|
return 1
|
|
fi
|
|
|
|
echo "$VG"
|
|
}
|
|
|
|
# If a block device is a partition, check if it is a bios-grub partition on a
|
|
# GPT-partitioned disk.
|
|
is_gpt_bios_grub() {
|
|
TRACE_FUNC
|
|
|
|
local PART_DEV="$1" DEVICE NUMBER
|
|
|
|
# Figure out the partitioned device containing this device (if there is
|
|
# one) from /sys/class/block.
|
|
local DEVICE_MATCHES=("/sys/class/block/"*"/$(basename "$PART_DEV")")
|
|
|
|
DEVICE="$(echo "${DEVICE_MATCHES[0]}" | cut -d/ -f5)"
|
|
if [ "${#DEVICE_MATCHES[@]}" -ne 1 ] || [ "$DEVICE" = "*" ]; then
|
|
return 0
|
|
fi
|
|
|
|
# Extract the partition number
|
|
if ! [[ $(basename "$PART_DEV") =~ ([0-9]+)$ ]]; then
|
|
return 0 # Can't figure out the partition number
|
|
fi
|
|
|
|
NUMBER="${BASH_REMATCH[1]}"
|
|
|
|
# Now we know the device and partition number, get the type. This is
|
|
# specific to GPT disks, MBR disks are shown differently by fdisk.
|
|
TRACE "$PART_DEV is partition $NUMBER of $DEVICE"
|
|
if [ "$(fdisk -l "/dev/$DEVICE" | awk '$1 == '"$NUMBER"' {print $5}')" == grub ]; then
|
|
return 0
|
|
fi
|
|
return 1
|
|
}
|
|
|
|
# Test if a block device could be used as /boot - we can mount it and it
|
|
# contains /boot/grub* files. (Here, the block device could be a partition or
|
|
# an unpartitioned device.)
|
|
#
|
|
# If the device is a partition, its type is also checked. Some common types
|
|
# that we definitely can't mount this way are excluded to silence spurious exFAT
|
|
# errors.
|
|
#
|
|
# Any existing /boot is unmounted. If the device is a reasonable boot device,
|
|
# it's left mounted on /boot.
|
|
mount_possible_boot_device() {
|
|
TRACE_FUNC
|
|
|
|
local BOOT_DEV="$1"
|
|
local PARTITION_TYPE
|
|
|
|
# Unmount anything on /boot. Ignore failure since there might not be
|
|
# anything. If there is something mounted and we cannot unmount it for
|
|
# some reason, mount will fail, which is handled.
|
|
umount /boot 2>/dev/null || true
|
|
|
|
# Skip bios-grub partitions on GPT disks, LUKS partitions, and LVM PVs,
|
|
# we can't mount these as /boot.
|
|
if is_gpt_bios_grub "$BOOT_DEV" || cryptsetup isLuks "$BOOT_DEV" ||
|
|
find_lvm_vg_name "$BOOT_DEV" >/dev/null; then
|
|
TRACE "$BOOT_DEV is not a mountable partition for /boot"
|
|
return 1
|
|
fi
|
|
|
|
# Get the size of BOOT_DEV in 512-byte sectors
|
|
sectors=$(blockdev --getsz "$BOOT_DEV")
|
|
|
|
# Check if the partition is small (less than 2MB, which is 4096 sectors)
|
|
if [ "$sectors" -lt 4096 ]; then
|
|
TRACE_FUNC
|
|
DEBUG "Partition $BOOT_DEV is very small, likely BIOS boot. Skipping mount."
|
|
return 1
|
|
else
|
|
TRACE_FUNC
|
|
DEBUG "Try mounting $BOOT_DEV as /boot"
|
|
if mount -o ro "$BOOT_DEV" /boot >/dev/null 2>&1; then
|
|
if ls -d /boot/grub* >/dev/null 2>&1; then
|
|
# This device is a reasonable boot device
|
|
return 0
|
|
fi
|
|
umount /boot || true
|
|
fi
|
|
fi
|
|
|
|
return 1
|
|
}
|
|
|
|
# detect and set /boot device
|
|
# mount /boot if successful
|
|
detect_boot_device() {
|
|
TRACE_FUNC
|
|
local devname
|
|
# unmount /boot to be safe
|
|
cd / && umount /boot 2>/dev/null
|
|
|
|
# check $CONFIG_BOOT_DEV if set/valid
|
|
if [ -e "$CONFIG_BOOT_DEV" ] && mount_possible_boot_device "$CONFIG_BOOT_DEV"; then
|
|
# CONFIG_BOOT_DEV is valid device and contains an installed OS
|
|
return 0
|
|
fi
|
|
|
|
# generate list of possible boot devices
|
|
fdisk -l | grep "Disk /dev/" | cut -f2 -d " " | cut -f1 -d ":" >/tmp/disklist
|
|
|
|
# Check each possible boot device
|
|
for i in $(cat /tmp/disklist); do
|
|
# If the device has partitions, check the partitions instead
|
|
if device_has_partitions "$i"; then
|
|
devname="$(basename "$i")"
|
|
partitions=("/sys/class/block/$devname/$devname"?*)
|
|
else
|
|
partitions=("$i") # Use the device itself
|
|
fi
|
|
for partition in "${partitions[@]}"; do
|
|
partition_dev=/dev/"$(basename "$partition")"
|
|
# No sense trying something we already tried above
|
|
if [ "$partition_dev" = "$CONFIG_BOOT_DEV" ]; then
|
|
continue
|
|
fi
|
|
# If this is a reasonable boot device, select it and finish
|
|
if mount_possible_boot_device "$partition_dev"; then
|
|
CONFIG_BOOT_DEV="$partition_dev"
|
|
return 0
|
|
fi
|
|
done
|
|
done
|
|
|
|
# no valid boot device found
|
|
echo "Unable to locate /boot files on any mounted disk"
|
|
return 1
|
|
}
|
|
|
|
scan_boot_options() {
|
|
TRACE_FUNC
|
|
local bootdir config option_file
|
|
bootdir="$1"
|
|
config="$2"
|
|
option_file="$3"
|
|
|
|
if [ -r $option_file ]; then rm $option_file; fi
|
|
for i in $(find $bootdir -name "$config"); do
|
|
DO_WITH_DEBUG kexec-parse-boot "$bootdir" "$i" >>$option_file
|
|
done
|
|
# FC29/30+ may use BLS format grub config files
|
|
# https://fedoraproject.org/wiki/Changes/BootLoaderSpecByDefault
|
|
# only parse these if $option_file is still empty
|
|
if [ ! -s $option_file ] && [ -d "$bootdir/loader/entries" ]; then
|
|
for i in $(find $bootdir -name "$config"); do
|
|
kexec-parse-bls "$bootdir" "$i" "$bootdir/loader/entries" >>$option_file
|
|
done
|
|
fi
|
|
}
|
|
|
|
calc() {
|
|
awk "BEGIN { print "$*" }"
|
|
}
|
|
|
|
# truncate a file to a size only if it is longer (busybox truncate lacks '<' and
|
|
# always sets the file size)
|
|
truncate_max_bytes() {
|
|
local bytes="$1"
|
|
local file="$2"
|
|
if [ "$(stat -c %s "$file")" -gt "$bytes" ]; then
|
|
truncate -s "$bytes" "$file"
|
|
fi
|
|
}
|
|
|
|
# Busybox xxd -p pads the last line with spaces to 60 columns, which not only
|
|
# trips up many scripts, it's very difficult to diagnose by looking at the
|
|
# output. Delete line breaks and spaces to really get plain hex output.
|
|
tohex_plain() {
|
|
xxd -p | tr -d '\n '
|
|
}
|
|
|
|
# Busybox xxd -p -r silently truncates lines longer than 60 hex chars.
|
|
# Shorter lines are OK, spaces are OK, and even splitting a byte across lines is
|
|
# allowed, so just fold the text to maximum 60 column lines.
|
|
# Note that also unlike GNU xxd, non-hex chars in input corrupt the output (GNU
|
|
# xxd ignores them).
|
|
fromhex_plain() {
|
|
fold -w 60 | xxd -p -r
|
|
}
|
|
|
|
print_battery_health() {
|
|
if [ -d /sys/class/power_supply/BAT* ]; then
|
|
battery_health=$(calc $(cat /sys/class/power_supply/BAT*/charge_full)/$(cat /sys/class/power_supply/BAT*/charge_full_design)*100 | awk -F "." {'print $1'})
|
|
echo "$battery_health"
|
|
fi
|
|
}
|
|
|
|
print_battery_charge() {
|
|
if [ -d /sys/class/power_supply/BAT* ]; then
|
|
battery_charge=$(calc $(cat /sys/class/power_supply/BAT*/charge_now)/$(cat /sys/class/power_supply/BAT*/charge_full)*100 | awk -F "." {'print $1'})
|
|
echo "$battery_charge"
|
|
fi
|
|
}
|
|
|
|
generate_random_mac_address() {
|
|
#Borrowed from https://stackoverflow.com/questions/42660218/bash-generate-random-mac-address-unicast
|
|
hexdump -n 6 -ve '1/1 "%.2x "' /dev/urandom | awk -v a="2,6,a,e" -v r="$RANDOM" 'BEGIN{srand(r);}NR==1{split(a,b,",");r=int(rand()*4+1);printf "%s%s:%s:%s:%s:%s:%s\n",substr($1,0,1),b[r],$2,$3,$4,$5,$6}'
|
|
}
|
|
|
|
# Add a command to be invoked at exit. (Note that trap EXIT replaces any
|
|
# existing handler.) Commands are invoked in reverse order, so they can be used
|
|
# to clean up resources, etc.
|
|
# The parameters are all executed as-is and do _not_ require additional quoting
|
|
# (unlike trap). E.g.:
|
|
# at_exit shred "$file" #<-- file is expanded when calling at_exit, no extra quoting needed
|
|
at_exit() {
|
|
AT_EXIT_HANDLERS+=("$@") # Command and args
|
|
AT_EXIT_HANDLERS+=("$#") # Number of elements in this command
|
|
}
|
|
|
|
# Array of all exit handler command arguments with lengths of each command at
|
|
# the end. For example:
|
|
# at_exit echo hello
|
|
# at_exit echo a b c
|
|
# results in:
|
|
# AT_EXIT_HANDLERS=(echo hello 2 echo a b c 4)
|
|
|
|
AT_EXIT_HANDLERS=()
|
|
# Each handler is an array AT_EXIT_HANDLER_{i}
|
|
run_at_exit_handlers() {
|
|
local cmd_pos cmd_len
|
|
cmd_pos="${#AT_EXIT_HANDLERS[@]}"
|
|
# Silence trace if there are no handlers, this is common and occurs a lot
|
|
[ "$cmd_pos" -gt 0 ] && DEBUG "Running at_exit handlers"
|
|
while [ "$cmd_pos" -gt 0 ]; do
|
|
cmd_pos="$((cmd_pos - 1))"
|
|
cmd_len="${AT_EXIT_HANDLERS[$cmd_pos]}"
|
|
cmd_pos="$((cmd_pos - cmd_len))"
|
|
"${AT_EXIT_HANDLERS[@]:$cmd_pos:$cmd_len}"
|
|
done
|
|
}
|
|
trap run_at_exit_handlers EXIT
|