fix(image): finally have working mount of encrypted volumes!
This commit is contained in:
parent
adb2e90c13
commit
10090a75b0
3 changed files with 30 additions and 23 deletions
pkgs
|
|
@ -14,7 +14,6 @@ ln -sf multi-user.target rootfs/usr/lib/systemd/system/default.target
|
|||
|
||||
# mount /etc overlay and patos state
|
||||
ln -sf ../etc.mount rootfs/usr/lib/systemd/system/local-fs.target.wants/etc.mount
|
||||
ln -sf ../var.mount rootfs/usr/lib/systemd/system/sysinit.target.wants/var.mount
|
||||
|
||||
# enable dbus
|
||||
ln -sf ../dbus.service rootfs/usr/lib/systemd/system/multi-user.target.wants/dbus.service
|
||||
|
|
|
|||
|
|
@ -16,6 +16,29 @@ echo patos > ./etc/hostname
|
|||
|
||||
ln -sf /etc/os-release ./etc/initrd-release
|
||||
|
||||
# set default target to initrd inside initrd
|
||||
ln -sf initrd.target ./usr/lib/systemd/system/default.target
|
||||
|
||||
mkdir ./usr/lib/systemd/system/systemd-repart.service.d
|
||||
cat <<EOF > ./usr/lib/systemd/system/systemd-repart.service.d/override.conf
|
||||
[Service]
|
||||
ExecStart=systemd-repart --dry-run=no --generate-crypttab=/run/crypttab --generate-fstab=/run/fstab
|
||||
EOF
|
||||
|
||||
cat <<EOF > ./usr/lib/systemd/system/sysroot-run.mount
|
||||
[Unit]
|
||||
Before=initrd-fs.target
|
||||
DefaultDependencies=false
|
||||
|
||||
[Mount]
|
||||
Options=bind
|
||||
What=/run
|
||||
Where=/sysroot/run
|
||||
EOF
|
||||
# bind mount /run to /sysroot/run
|
||||
mkdir ./usr/lib/systemd/system/initrd-fs.target.requires/
|
||||
ln -sf ../sysroot-run.mount ./usr/lib/systemd/system/initrd-fs.target.requires/sysroot-run.mount
|
||||
|
||||
# gen initrd
|
||||
find . -print0 | cpio --null --owner=root:root -o --format=newc | xz -9 --check=crc32 > ../initrd.xz
|
||||
|
||||
|
|
|
|||
|
|
@ -53,13 +53,6 @@ cat <<EOF > $out/etc/repart.d/22-root.conf
|
|||
Type=root
|
||||
EOF
|
||||
|
||||
mkdir $out/usr/lib/systemd/system/systemd-repart.service.d
|
||||
cat <<EOF > $out/usr/lib/systemd/system/systemd-repart.service.d/override.conf
|
||||
[Service]
|
||||
ExecStart=
|
||||
ExecStart=systemd-repart --dry-run=no --generate-crypttab=/etc/crypttab
|
||||
EOF
|
||||
|
||||
cat <<EOF > $out/etc/repart.d/40-var.conf
|
||||
[Partition]
|
||||
Type=var
|
||||
|
|
@ -69,26 +62,18 @@ Label=patos-state
|
|||
Minimize=off
|
||||
Encrypt=tpm2
|
||||
EncryptedVolume=patos-state:none:tpm2-device=auto,luks,discard
|
||||
MountPoint=/var
|
||||
FactoryReset=yes
|
||||
SizeMinBytes=1G
|
||||
SplitName=-
|
||||
EOF
|
||||
|
||||
# cat <<EOF > $out/usr/lib/systemd/system/var.mount
|
||||
# [Unit]
|
||||
# Description=Mount for /var
|
||||
# Before=local-fs.target
|
||||
# After=systemd-repart.service
|
||||
#
|
||||
# [Mount]
|
||||
# What=/dev/mapper/patos-state
|
||||
# Where=/var
|
||||
# Type=btrfs
|
||||
# Options=defaults
|
||||
#
|
||||
# [Install]
|
||||
# WantedBy=multi-user.target
|
||||
# EOF
|
||||
rm -f $out/etc/systemd/system.conf
|
||||
cat <<EOF > $out/etc/systemd/system.conf
|
||||
[Manager]
|
||||
DefaultEnvironment=PATH=/bin:/sbin:/usr/bin
|
||||
ManagerEnvironment=PATH=/bin:/sbin:/usr/bin SYSTEMD_CRYPTTAB=/run/crypttab SYSTEMD_SYSROOT_FSTAB=/run/fstab SYSTEMD_FSTAB=/run/fstab
|
||||
EOF
|
||||
|
||||
cat <<EOF > $out/usr/lib/systemd/system/etc.mount
|
||||
[Unit]
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue