-
Notifications
You must be signed in to change notification settings - Fork 62
/
patch-tails.sh
180 lines (142 loc) · 4.9 KB
/
patch-tails.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
#!/usr/bin/bash
# ... break=premount
# ... break=init
# ... debug
#
# sudo unsquashfs -d /tmp/test -f /srv/nfs/tails-x64/live/filesystem.squashfs
# $ ls /tmp/test/bin/live-*
# $ ls -r /tmp/test/lib/live/*
# 2024-02-27 for tails 6.0, renamed to all-net-blocklist.conf
# 2024-02-27 for tails 6.0, updated path from /lib/modules/ to /usr/lib/modules/
# 2023-09-11 skip network de-init on boot option "break=init" to keep network alive for debugging
# 2021-11-07 /conf/net_drivers.tar.xz, /conf/conf.d/zzzz-hotfix-pxe, /etc/live/boot/zzzz-hotfix-pxe
# requires:
# squashfs-tools (unsquashfs)
# initramfs-tools (cpio)
# xz-utils (xz)
# location, where to store temporary files
TMP=/tmp/tails-net
# full filename of the filesystem.squashfs from tails ISO
SRC=/srv/nfs/tails-x64/live/filesystem.squashfs
# full filename of the hotfix-pxe image
DST=/srv/nfs/tails-x64-hotfix-pxe.cpio.xz
if [[ -z "${TMP}" ]] || [[ -z "${SRC}" ]] || [[ -z "${DST}" ]]; then
echo "ERROR: undefined variable"
return -1
fi
if ! [[ -d "$(dirname ${TMP:?})" ]] && ! [[ -r "${SRC:?}" ]] && ! [[ -d "$(dirname ${DST:?})" ]]; then
echo "ERROR: wrong file or folder"
return -2
fi
# kernel version of tails
KVER=$(basename $(unsquashfs -l "${SRC:?}" -e /usr/lib/modules/ | grep /usr/lib/modules/ | head -n 1))
(( $? != 0 )) && return -4
# test if kernel version is correct
if [[ -n "${KVER}" ]]; then
echo "INFO: KVER='${KVER:?}'"
else
echo "ERROR: unknown kernel version"
return -3
fi
do_modules() {
# extract missing network kernel drivers modules from tails
sudo unsquashfs \
-d "${TMP:?}" \
-f "${SRC:?}" \
-e "/usr/lib/modules/${KVER:?}/kernel/drivers/net/phy" \
-e "/usr/lib/modules/${KVER:?}/kernel/drivers/net/ethernet" \
;
(( $? != 0 )) && exit -4
# compress missing network kernel drivers modules to file
[[ -e "${TMP:?}/conf/" ]] || sudo mkdir -p "${TMP:?}/conf/"
sudo tar -ravf "${TMP:?}/conf/net_drivers.tar.xz" -C "${TMP:?}" "usr/lib"
sudo rm -rf "${TMP:?}/usr/lib"
}
do_patch_top() {
# add hotfix for pxe boot to initrd image
[[ -e "${TMP:?}/conf/conf.d/" ]] || sudo mkdir -p "${TMP:?}/conf/conf.d/"
cat << EOF | sudo tee "${TMP:?}/conf/conf.d/zzzz-hotfix-pxe" &>/dev/null
#!/usr/bin/sh
patch_top()
{
# check if we dealing with same kernel version
if [ "\$(uname -r)" != "${KVER:?}" ]; then
. /scripts/functions
log_failure_msg "wrong kernel version. '\$(uname -r)'!='${KVER:?}'"
panic "please visit: https://github.com/beta-tester/RPi-PXE-Server/issues/31"
fi
# comment out all blacklist entries
sed "s/^install/# install/g" -i /etc/modprobe.d/all-net-blocklist.conf
# replace wget script by busybox, for normal behavior
mv /usr/bin/wget /usr/bin/wget.bak
ln -sf /usr/bin/busybox /usr/bin/wget
# replace depmod, for normal behavior
mv /usr/sbin/depmod /usr/sbin/depmod.bak
ln -sf /usr/bin/kmod /usr/sbin/depmod
# excract the compressed drivers in place
tar -xf "/conf/net_drivers.tar.xz" -C /
# rebulid dependencies for added network kernel drivers modules
depmod -b /usr
# enqueue hot fix for patch_bottom
echo '/scripts/init-bottom/zzzz-hotfix-pxe' | tee -a /scripts/init-bottom/ORDER
}
patch_top
EOF
(( $? != 0 )) && return -4
sudo chmod +x "${TMP:?}/conf/conf.d/zzzz-hotfix-pxe"
(( $? != 0 )) && return -4
}
do_patch_bottom() {
[[ -e "${TMP:?}/scripts/init-bottom/" ]] || sudo mkdir -p "${TMP:?}/scripts/init-bottom/"
cat << EOF | sudo tee "${TMP:?}/scripts/init-bottom/zzzz-hotfix-pxe" &>/dev/null
#!/usr/bin/sh
patch_bottom()
{
if ! [ -n "\$break" ]; then
# hotfix-pxe for issue with network initialisation in tails
local path_device
for path_device in /sys/class/net/*; do
local name_device
name_device=\$(basename \$path_device)
if [ "\$name_device" != "lo" ]; then
# set network devices down
ip link set \$name_device down
local path_module
path_module=\$(readlink \$path_device/device/driver/module)
if [ -n "\$path_module" ]; then
# remove used network drivers
local name_module
name_module=\$(basename \$path_module)
modprobe -r \$name_module
fi
fi
done
fi
}
patch_bottom
EOF
(( $? != 0 )) && return -4
sudo chmod +x "${TMP:?}/scripts/init-bottom/zzzz-hotfix-pxe"
(( $? != 0 )) && return -4
}
do_initrd() {
# create an initrd image to overlay at boot time
sudo rm "${DST:?}"
cd "${TMP:?}"
(( $? != 0 )) && return -4
find . -type f -print0 | cpio --null --create --verbose --format=newc \
| xz --compress --extreme --check=crc32 | sudo tee "${DST:?}" &>/dev/null
(( $? != 0 )) && return -4
cd -
}
do_cleanup() {
# clean up temporary files
sudo rm -rf "${TMP:?}"
(( $? != 0 )) && return -4
}
do_modules
do_patch_top
do_patch_bottom
do_initrd
do_cleanup
echo done.