diff --git a/Containerfile b/Containerfile index 7f215b3..3f5b9e0 100644 --- a/Containerfile +++ b/Containerfile @@ -20,15 +20,20 @@ FROM stagex/libgpg-error AS libgpg-error FROM stagex/libassuan AS libassuan FROM stagex/libgcrypt AS libgcrypt FROM stagex/jq AS jq +FROM stagex/yq AS yq FROM stagex/bc AS bc FROM stagex/git AS git FROM stagex/zlib AS zlib FROM stagex/tpm2-tools AS tpm2-tools FROM stagex/tpm2-tss AS tpm2-tss FROM stagex/openssl AS openssl +FROM stagex/sops AS sops FROM stagex/pcsc-lite AS pcsc-lite FROM stagex/pcsc-tools AS pcsc-tools FROM stagex/flashtools AS flashtools +FROM stagex/libqrencode AS libqrencode +FROM stagex/util-linux AS util-linux +FROM stagex/opensc AS opensc FROM scratch AS base ARG VERSION development @@ -63,6 +68,7 @@ COPY --from=keyfork . initramfs COPY --from=bash . initramfs COPY --from=gpg . initramfs COPY --from=jq . initramfs +COPY --from=yq . initramfs COPY --from=bc . initramfs COPY --from=git . initramfs COPY --from=flashtools . initramfs @@ -74,6 +80,10 @@ COPY --from=ccid . initramfs COPY --from=pcsc-lite . initramfs COPY --from=pcsc-tools . initramfs COPY --from=openpgp-card-tools . initramfs +COPY --from=libqrencode . initramfs +COPY --from=opensc . initramfs +COPY --from=util-linux . initramfs +COPY --from=sops . initramfs COPY rootfs/ initramfs COPY <<-EOF initramfs/etc/environment export VERSION="$VERSION" @@ -154,6 +164,17 @@ RUN xorrisofs \ -follow-links \ iso/ +## Minimal Autorun SD card image +COPY sdcard sdcard +RUN <<-EOF + set -eux + dd if=/dev/zero of=sdcard.img bs=1M count=32 + mformat -i sdcard.img :: + mcopy -i sdcard.img -s sdcard/* :: +EOF + FROM scratch AS package +COPY --from=install /iso /iso COPY --from=install /initramfs /initramfs +COPY --from=install /sdcard.img / COPY --from=install /airgap.iso / diff --git a/Makefile b/Makefile index f9d39e4..1ca64f8 100644 --- a/Makefile +++ b/Makefile @@ -18,6 +18,10 @@ vm-bios: out/airgap.iso -m 4G \ -machine pc \ -serial stdio \ + -usb \ + -device sdhci-pci \ + -device sd-card,drive=external \ + -drive id=external,if=none,format=raw,file=out/sdcard.img \ -cdrom "out/airgap.iso" .PHONY: vm-efi @@ -27,6 +31,10 @@ vm-efi: out/airgap.iso -machine pc \ -serial stdio \ -bios /usr/share/ovmf/OVMF.fd \ + -usb \ + -device sdhci-pci \ + -device sd-card,drive=external \ + -drive id=external,if=none,format=raw,file=out/sdcard.img \ -cdrom "out/airgap.iso" out/airgap.iso: Containerfile $(shell git ls-files rootfs) diff --git a/rootfs/etc/udev/rules.d/sdcard-autorun.rules b/rootfs/usr/lib/udev/rules.d/sdcard-autorun.rules similarity index 81% rename from rootfs/etc/udev/rules.d/sdcard-autorun.rules rename to rootfs/usr/lib/udev/rules.d/sdcard-autorun.rules index b37ccb5..2b0f41d 100644 --- a/rootfs/etc/udev/rules.d/sdcard-autorun.rules +++ b/rootfs/usr/lib/udev/rules.d/sdcard-autorun.rules @@ -1,4 +1,5 @@ -KERNEL!="sd[a-z][0-9]", GOTO="sd_cards_auto_mount_end" +#KERNEL!="sd[a-z][0-9]", GOTO="sd_cards_auto_mount_end" +KERNEL!="mmcblk[0-9]p[0-9]|sd[a-z][0-9]", GOTO="sd_cards_auto_mount_end" # Global mount options ACTION=="add", ENV{mount_options}="relatime" diff --git a/sdcard/autorun.sh b/sdcard/autorun.sh new file mode 100644 index 0000000..58f8b93 --- /dev/null +++ b/sdcard/autorun.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +echo "Autorun.sh executed"