Skip to content
Snippets Groups Projects
  1. Jan 03, 2025
    • Luca Boccassi's avatar
      Merge branch 'zeha/readonly-nvme' into 'master' · 9cf3a2d3
      Luca Boccassi authored
      0020-read-only: iterate over all devices + improve console message layout
      
      See merge request !60
      9cf3a2d3
    • Luca Boccassi's avatar
      Merge branch 'zeha/findiso-features' into 'master' · 9d732c47
      Luca Boccassi authored
      fromiso features
      
      See merge request !59
      9d732c47
    • Michael Prokop's avatar
      0020-read-only: iterate over all devices + improve console message layout · b55d0604
      Michael Prokop authored and Chris Hofstaedtler's avatar Chris Hofstaedtler committed
      There might be block devices other than /dev/sd* + /dev/vd* (like
      /dev/nvme0n*). Instead of hardcoding a static list, let's iterate over
      all of them, and then ignore all symlinks (pointing to the actual
      devices) and consider only actual block devices.
      Also ensure that the device exists (checked via `blockdev --getsz ...`)
      before executing `blockdev --setro ...` on it.
      
      Reworked the according console message: using printf with field width
      allows us to make this look a bit nicer and better integrate into the
      boot sequence look-alike.
      
      JFTR: it would be nice to send output also to `/boot.log` (which ends up
      as `/var/log/live/boot.log` on the booted system), but if we do this
      then the output is visible twice during startup, as `/boot.live` is sent
      to console via `tail -f`. If changing this to only list it via
      `/boot.live` it might not be always guaranteed to be visible on screen,
      so we didn't change this yet.
      
      This work was funded by Grml-Forensic.
      
      [zeha@d.o: forward upstream]
      b55d0604
    • Luca Boccassi's avatar
      Merge branch 'zeha/fix-lvm' into 'master' · 5af574cd
      Luca Boccassi authored
      Activate LVM volumes if needed
      
      See merge request !58
      5af574cd
    • Mihai Moldovan's avatar
      fromiso: support lvm/mdadm as sources · 5be61896
      Mihai Moldovan authored and Chris Hofstaedtler's avatar Chris Hofstaedtler committed
      Previously, it wasn't possible to use fromiso with a Linux software RAID
      or LVM device.
      
      The code handling lvm/mdadm devices has been moved around and the
      fromiso feature split up, so that lvm/mdadm devices are now started as
      necessary even when fromiso has been passed.
      
      The usual caveats apply: if you start from an lvm/mdadm device *without*
      using the toram feature, the original volume will be kept mounted, so
      it's not safe to mount the volume containing the grml image after
      booting it.
      
      With the toram feature, this is not an issue, since all the data is read
      into a ramdisk and the original volume unmounted.
      
      [zeha@d.o: rebase, forward upstream]
      5be61896
    • Mihai Moldovan's avatar
      fromiso: allow overriding fstype · 25bac866
      Mihai Moldovan authored and Chris Hofstaedtler's avatar Chris Hofstaedtler committed
      The overriding feature can be turned on/used by prefixing the file
      system type to the path, separated from the device node with a colon.
      
      Example (good override): ext4:/dev/vda49/path/to/grml.iso
      
      If the file system specification contains any non-alphanumerical
      characters other than '-' or '_', it will be treated as part of the
      actual path, since, at least currently, all known file systems match
      this rule.
      
      Example (no override): cra$$$yf§:/dev/sr0/another_path/to/grml.iso
      
      In the former example, no file system type override is detected, which
      means that the code will eventually search for a device called
      'cra$$$yf§:/dev/sr0' (which, granted, doesn't make a lot of sense).
      
      Sometimes it's necessary or at least handy to specify the file system
      used for mounting the fromiso backing device directly.
      
      For instance, putting the ISO file on a RAID1-backed device will fail to
      mount it through autodetection (which, really, in most cases is a good
      thing to not corrupt the array).
      
      This change also mounts the backing device read-only, which should
      enable safe usage and mounting even on RAID1 devices. Note, though, that
      read-only mounts are not really very much "read-only", since they
      actually sometimes still change on-disk file system metadata, like the
      last time the device was mounted).
      
      This said, it should be safe enough and users can easily re-sync the
      array to ensure consistency later on.
      
      [zeha@d.o: rebase, forward upstream]
      25bac866
    • Luca Boccassi's avatar
      Merge branch 'zeha/findiso-mdadm' into 'master' · cb107a90
      Luca Boccassi authored
      Fix RAID detection for findiso
      
      See merge request !57
      cb107a90
    • Michael Laß's avatar
      9990-main.sh: activate LVM volumes if needed. · 0cc0263a
      Michael Laß authored and Chris Hofstaedtler's avatar Chris Hofstaedtler committed
      An update to the Debian lvm2 package removed a script in the initrd that
      would activate any LVs that are required to access the root volume. Due
      to this change, grml failed to find its live media when it was stored on
      an LVM volume.
      
      Add an explicit activation of any LVs mentioned in the `live-media` or
      `bootfrom` kernel arguments, so that the live media can be found again.
      
      Reference: https://github.com/grml/grml/issues/200
      
      [zeha@d.o: forward upstream]
      0cc0263a
    • Luca Boccassi's avatar
      Merge branch 'zeha/bootlog' into 'master' · 52ba499b
      Luca Boccassi authored
      9990-misc-helpers.sh: append to boot.log, do not overwrite it
      
      See merge request !56
      52ba499b
    • Luca Boccassi's avatar
      Merge branch 'zeha/netdev-mac' into 'master' · 60a921f3
      Luca Boccassi authored
      live-netdev: accept a MAC address for picking device
      
      See merge request !55
      60a921f3
    • Mihai Moldovan's avatar
      Fix RAID detection for findiso · 9cdbf414
      Mihai Moldovan authored and Chris Hofstaedtler's avatar Chris Hofstaedtler committed
      mdadm 3.4-2 (Debian stretch) dropped the local-top mdadm script, and
      replaced it with a local-block script and some systemd parts.
      
      Use the "new" local-block mdadm script instead.
      
      This one won't allow us to select a specific device to assemble, so just
      let it start all of them and hope for the best.
      
      Reference: https://github.com/grml/grml/issues/125
      
      [zeha@d.o: forward upstream, reword]
      9cdbf414
    • Michael Prokop's avatar
      9990-misc-helpers.sh: append to boot.log, do not overwrite it · b1876269
      Michael Prokop authored and Chris Hofstaedtler's avatar Chris Hofstaedtler committed
      boot.log might exist already when try_mount fails. Append the log
      message instead of truncating it.
      b1876269
    • ThomasToka's avatar
      live-netdev: accept a MAC address for picking device · fd5a152e
      ThomasToka authored and Chris Hofstaedtler's avatar Chris Hofstaedtler committed
      Have live-netdev accept a MAC address to pick the network device to use.
      
      Correct format is: "live-netdev=xx:xx:xx:xx:xx:xx"
      
      [mika@d.o: use tabs, drop noop assignment]
      [zeha@d.o: improve commit message and log messages, forward upstream]
      fd5a152e
    • Luca Boccassi's avatar
      Merge branch 'zeha/rm-old-location' into 'master' · 9ed98df6
      Luca Boccassi authored
      Remove support for legacy live location
      
      See merge request !54
      9ed98df6
    • Luca Boccassi's avatar
      Merge branch 'zeha/memdisk' into 'master' · 47b0c067
      Luca Boccassi authored
      Avoid executing memdiskfind under Secure Boot
      
      See merge request !53
      47b0c067
    • Chris Hofstaedtler's avatar
      Remove support for legacy live location · 3be63e6a
      Chris Hofstaedtler authored
      Remove code that was supposed to go away before the bullseye release.
      
      Finalize the migration started in
      c6a17c7b.
      
      Keeping the old path around breaks running update-initramfs *on* a live
      system, where backend/initramfs-tools/live.hook will copy
      libnss_dns.so.*, libnss_files.so.* from both /usr/lib and
      /usr/lib/live/mount/... into the initramfs.
      3be63e6a
    • Michael Prokop's avatar
      Avoid executing memdiskfind under Secure Boot · 45f68c40
      Michael Prokop authored and Chris Hofstaedtler's avatar Chris Hofstaedtler committed
      memdiskfind displays an ugly error message when running under Secure
      Boot where access to /dev/mem is restricted:
      
      | cannot open /dev/mem: Operation not permitted
      
      If reading from /dev/mem fails, skip memdiskfind and instead display a
      warning message.
      45f68c40
    • Chris Hofstaedtler's avatar
    • Chris Hofstaedtler's avatar
      Extract Setup_Memdisk out of components/9990-main.sh · 8373e285
      Chris Hofstaedtler authored
      Same code, just in a new file.
      8373e285
  2. Nov 12, 2024
    • Thomas Goirand's avatar
      d/changelog: · 68c46378
      Thomas Goirand authored
        * Non-maintainer upload.
        * Add fix to get DHCP from all nics, not only the first one seen with link
          up (Closes: #1069048).
      68c46378
    • Thomas Goirand's avatar
      Do DHCP on multiple interfaces · a96646e5
      Thomas Goirand authored
      The current behavior of live-boot is to search 5 times for network
      interfaces with the carrier link up. If there is more than one
      interface, but only one is found during a run, then it currently
      gives-up searching for other interfaces and exits.
      
      This works if one is lucky, or if only the interfaces with DHCP
      have an actual ethernet link. For cases where there is more than
      one interface with the link up, but only one is connected to a
      DHCPd server, it is possible that it will fail (depending which
      card will have the link first).
      
      This patch changes the behavior: it makes sure that all cards
      with a link that is up are reported in /conf/param.conf before
      exiting, so that live-boot will try to get an IP address from
      all cards with link up. Each card continues to have a 15 seconds
      timeout (by default) to get the IP address from DHCP.
      a96646e5
  3. May 25, 2024
  4. Apr 24, 2024
  5. Apr 22, 2024
  6. Apr 09, 2024
  7. Apr 02, 2024
  8. Feb 24, 2024
  9. Feb 07, 2024
    • Jan Schär's avatar
      Use "tmpfs" instead of "/dev/shm" as tmpfs device name · 2cb049fb
      Jan Schär authored
      A tmpfs does not have a device, so usually, "tmpfs" is used as the device name.
      
      When "/dev/shm" is used instead, this confuses systemd, which repeatedly prints this error in system logs:
      Failed to open /dev/shm device, ignoring: Inappropriate ioctl for device
      2cb049fb
  10. Mar 18, 2023
    • Luca Boccassi's avatar
      Merge branch 'luks-label' into 'master' · 51b57c33
      Luca Boccassi authored
      Introduce lukslabel option + fix for is_active_luks_mapping()
      
      See merge request !44
      51b57c33
    • Thore Sommer's avatar
      Introduce lukslabel option · d2be333c
      Thore Sommer authored
      When "lukslabel" is set for persistence-encryption then live-boot only
      tries to open containers that have the label "persistence" set. It
      takes precedence over the "luks" option.
      
      The behavior of the "luks" option is to prompt the user to open any LUKS
      container. This was required for LUKS1 because it did not support labels,
      but LUKS2 does. On systems were there are multiple encrypted containers
      this is not ideal, because for users it is not clear why they should
      decrypt their internal hard drive to boot a live system.
      d2be333c
    • Thore Sommer's avatar
      luks: is_active_luks_mapping() check explicitly for type · 769531e4
      Thore Sommer authored
      cryptsetup status also works on other device mapper devices that are not
      LUKS or LUKS2.
      769531e4
  11. Jan 31, 2023
  12. May 15, 2022
Loading