From d4b60d191d63255d2e126d7cb6a4e81e7f95b411 Mon Sep 17 00:00:00 2001 From: "Lance R. Vick" Date: Tue, 11 Aug 2020 20:23:25 -0700 Subject: [PATCH] working autorun stack --- config/buildroot/rootfs_overlay/.gnupg/gpg.conf | 1 + .../etc/init.d/S04cbfs-key-import | 9 +++++++++ config/buildroot/rootfs_overlay/etc/profile | 3 ++- .../etc/udev/rules.d/sdcard-autorun.rules | 12 ++++++++++++ .../rootfs_overlay/usr/local/bin/autorun | 17 +++++++++++++++++ release/1.0.0rc7/hashes.txt | 3 +++ 6 files changed, 44 insertions(+), 1 deletion(-) create mode 100644 config/buildroot/rootfs_overlay/.gnupg/gpg.conf create mode 100644 config/buildroot/rootfs_overlay/etc/udev/rules.d/sdcard-autorun.rules create mode 100755 config/buildroot/rootfs_overlay/usr/local/bin/autorun create mode 100644 release/1.0.0rc7/hashes.txt diff --git a/config/buildroot/rootfs_overlay/.gnupg/gpg.conf b/config/buildroot/rootfs_overlay/.gnupg/gpg.conf new file mode 100644 index 0000000..065d80c --- /dev/null +++ b/config/buildroot/rootfs_overlay/.gnupg/gpg.conf @@ -0,0 +1 @@ +pinentry-mode loopback diff --git a/config/buildroot/rootfs_overlay/etc/init.d/S04cbfs-key-import b/config/buildroot/rootfs_overlay/etc/init.d/S04cbfs-key-import index 3fdef50..94429e8 100755 --- a/config/buildroot/rootfs_overlay/etc/init.d/S04cbfs-key-import +++ b/config/buildroot/rootfs_overlay/etc/init.d/S04cbfs-key-import @@ -6,6 +6,15 @@ case "${1}" in mkdir -p /.gnupg cbfs -r heads/initrd/.gnupg/pubring.kbx > /.gnupg/pubring.kbx cbfs -r heads/initrd/.gnupg/trustdb.gpg > /.gnupg/trustdb.gpg + fingerprint=$( \ + gpg \ + --list-keys \ + --list-options no-show-unusable-uids \ + --with-colons \ + | awk -F: '$1 == "fpr" {print $10;}' \ + | head -n1 \ + ) + echo "export HEADS_KEY=${fingerprint}" >> /etc/environment if [ $? -eq 0 ]; then echo "OK" else diff --git a/config/buildroot/rootfs_overlay/etc/profile b/config/buildroot/rootfs_overlay/etc/profile index f6f163f..8177b8c 100644 --- a/config/buildroot/rootfs_overlay/etc/profile +++ b/config/buildroot/rootfs_overlay/etc/profile @@ -1,6 +1,7 @@ export EDITOR=/bin/vi -export PATH="/bin:/sbin:/usr/bin:/usr/sbin" +export PATH="/usr/local/bin:/bin:/sbin:/usr/bin:/usr/sbin" export PS1="[\h \t] \\$ " +export GNUPGHOME=/.gnupg source /etc/environment clear diff --git a/config/buildroot/rootfs_overlay/etc/udev/rules.d/sdcard-autorun.rules b/config/buildroot/rootfs_overlay/etc/udev/rules.d/sdcard-autorun.rules new file mode 100644 index 0000000..6e7cd32 --- /dev/null +++ b/config/buildroot/rootfs_overlay/etc/udev/rules.d/sdcard-autorun.rules @@ -0,0 +1,12 @@ +KERNEL!="sd[a-z][0-9]", GOTO="sd_cards_auto_mount_end" + +# Global mount options +ACTION=="add", ENV{mount_options}="relatime" + +# Filesystem specific options +ACTION=="add", IMPORT{program}="/sbin/blkid -o udev -p %N" +ACTION=="add", ENV{ID_FS_TYPE}=="vfat|ntfs", ENV{mount_options}="$env{mount_options},utf8,flush,user,umask=0000" +ACTION=="add", RUN+="/bin/mkdir -p /media/sd-%k", RUN+="/bin/mount -o $env{mount_options} /dev/%k /media/sd-%k" +ACTION=="add", RUN+="/usr/local/bin/autorun /media/sd-%k" +ACTION=="remove", RUN+="/bin/umount -l /media/sd-%k", RUN+="/bin/rmdir /media/sd-%k" +LABEL="sd_cards_auto_mount_end" diff --git a/config/buildroot/rootfs_overlay/usr/local/bin/autorun b/config/buildroot/rootfs_overlay/usr/local/bin/autorun new file mode 100755 index 0000000..c054d59 --- /dev/null +++ b/config/buildroot/rootfs_overlay/usr/local/bin/autorun @@ -0,0 +1,17 @@ +#!/bin/bash +set -e +source /etc/profile + +folder=${1?} + +if [ -f "${folder}/autorun.sh.asc" ]; then + echo "++ Autorun: Found ${folder}/autorun.sh" >/dev/console; + gpg --verify "${folder}/autorun.sh.asc" || { + echo "!! Autorun: Verification Failed for ${folder}/autorun.sh" \ + >/dev/console; + exit 1; + } + echo "++ Autorun: Verified ${folder}/autorun.sh" >/dev/console + echo "** Autorun: Executing ${folder}/autorun.sh" >/dev/console + /bin/bash "${folder}/autorun.sh" >/dev/console +fi diff --git a/release/1.0.0rc7/hashes.txt b/release/1.0.0rc7/hashes.txt new file mode 100644 index 0000000..df6da59 --- /dev/null +++ b/release/1.0.0rc7/hashes.txt @@ -0,0 +1,3 @@ +7a1a01c10aa23be3a961c295e791dbd9d7d1db59a5cf599521163ae2fd35a15f *release/1.0.0rc7/librem13v4.rom +85dbfbb107f90ee7a61107551641af92387d0b3a83feb86e3891a522d7d68e3a *release/1.0.0rc7/librem15v4.rom +e9f6de612c80bcd5ac646eb36d668b192c66e8cdb458dbfbf5747a650473da8e *release/1.0.0rc7/airgap_x86_64.iso