improve(lvm,cryptroot): export private key with a structurally equal naming scheme; cleanup

extensions/fs-cryptroot-support.sh

@@ -45,39 +45,44 @@ function pre_install_kernel_debs__adjust_dropbear_configuration() {
 			dropbear_config="dropbear.conf"
 		fi
 
+		# make it publicly available to export the private.key with proper naming
+		declare -g DROPBEAR_DIR=$dropbear_dir
+
 		# Set the port of the dropbear ssh daemon in the initramfs to a different one if configured
 		# this avoids the typical 'host key changed warning' - `WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!`
-		[[ -f "${dropbear_dir}/${dropbear_config}" ]] &&
+		[[ -f "${DROPBEAR_DIR}/${dropbear_config}" ]] &&
 			sed -i "s/^#DROPBEAR_OPTIONS=.*/DROPBEAR_OPTIONS=\"-I 100 -j -k -p "${CRYPTROOT_SSH_UNLOCK_PORT}" -s -c cryptroot-unlock\"/" \
-				"${dropbear_dir}/${dropbear_config}"
+				"${DROPBEAR_DIR}/${dropbear_config}"
 
 		# setup dropbear authorized_keys, either provided by userpatches or generated
 		if [[ -f $USERPATCHES_PATH/dropbear_authorized_keys ]]; then
-			cp "$USERPATCHES_PATH"/dropbear_authorized_keys "${dropbear_dir}"/authorized_keys
+			cp "$USERPATCHES_PATH"/dropbear_authorized_keys "${DROPBEAR_DIR}"/authorized_keys
 		else
 			# generate a default ssh key for login on dropbear in initramfs
 			# this key should be changed by the user on first login
 			display_alert "Extension: ${EXTENSION}: Generating a new SSH key pair for dropbear (initramfs)" "" ""
 
 			# Generate the SSH keys
-			ssh-keygen -t ecdsa -f "${dropbear_dir}"/id_ecdsa \
+			ssh-keygen -t ecdsa -f "${DROPBEAR_DIR}"/id_ecdsa \
 				-N '' -O force-command=cryptroot-unlock -C 'AUTOGENERATED_BY_ARMBIAN_BUILD' 2>&1
 
 			# /usr/share/initramfs-tools/hooks/dropbear will automatically add 'id_ecdsa.pub' to authorized_keys file
 			# during mkinitramfs of update-initramfs
-			#cat "${dropbear_dir}"/id_ecdsa.pub > "${SDCARD}"/etc/dropbear-initramfs/authorized_keys
+			# cat "${DROPBEAR_DIR}"/id_ecdsa.pub > "${SDCARD}"/etc/dropbear-initramfs/authorized_keys
-
-
-			# copy it a) later via hook to make use of a proper naming / structural equal -> "${DESTIMG}/${version}.img"
-			CRYPTROOT_SSH_UNLOCK_KEY_NAME="${VENDOR}_${REVISION}_${BOARD^}_${RELEASE}_${BRANCH}_${DESKTOP_ENVIRONMENT}".key
-			# copy dropbear ssh key to image output dir for convenience
-			cp "${dropbear_dir}"/id_ecdsa "${DEST}/images/${CRYPTROOT_SSH_UNLOCK_KEY_NAME}"
-			display_alert "Extension: ${EXTENSION}: SSH private key for dropbear (initramfs) has been copied to:" \
-				"$DEST/images/$CRYPTROOT_SSH_UNLOCK_KEY_NAME" "info"
 		fi
 	fi
 }
 
+function post_umount_final_image__export_private_key(){
+	if [[ $CRYPTROOT_SSH_UNLOCK == yes ]]; then
+		CRYPTROOT_SSH_UNLOCK_KEY_PATH="${DESTIMG}/${version}.key"
+		# copy dropbear ssh key to image output dir for convenience
+		cp "${DROPBEAR_DIR}"/id_ecdsa "${CRYPTROOT_SSH_UNLOCK_KEY_PATH}"
+		display_alert "Extension: ${EXTENSION}: SSH private key for dropbear (initramfs) has been copied to:" \
+			"$CRYPTROOT_SSH_UNLOCK_KEY_PATH" "info"
+	fi
+}
+
 function post_umount_final_image__750_cryptroot_cleanup(){
 	execute_and_remove_cleanup_handler cleanup_cryptroot
 }

extensions/lvm.sh

@@ -41,10 +41,9 @@ function post_create_partitions__setup_lvm() {
 function prepare_root_device__create_volume_group() {
 
 	# the partition to setup LVM on is defined as rootpart
-	local lvmdev=$rootdevice
+	display_alert "LVM will be on ${rootdevice}" "${EXTENSION}" "info"
-	display_alert "LVM will be on Partition ${rootpart}, thats ${lvmdev}" "${EXTENSION}" "info"
 
-	# Caculate the required volume size
+	# Calculate the required volume size
 	declare -g -i rootfs_size
 	rootfs_size=$(du --apparent-size -sm "${SDCARD}"/ | cut -f1) # MiB
 	display_alert "Current rootfs size" "$rootfs_size MiB" "info"
@@ -52,25 +51,20 @@ function prepare_root_device__create_volume_group() {
 	display_alert "Root volume size" "$volsize MiB" "info"
 
 	# Create the PV VG and VOL
-	display_alert "LVM Creating VG" "${lvmdev}" "info"
+	display_alert "LVM Creating VG" "${rootdevice}" "info"
-	check_loop_device ${lvmdev}
+	check_loop_device ${rootdevice}
-	pvcreate ${lvmdev}
+	pvcreate ${rootdevice}
-	vgcreate ${LVM_VG_NAME} ${lvmdev}
+	wait_for_disk_sync "wait for pvcreate to sync"
-	wait_for_disk_sync "wait for VG to sync"
+	vgcreate ${LVM_VG_NAME} ${rootdevice}
+	add_cleanup_handler cleanup_lvm
+	wait_for_disk_sync "wait for vgcreate to sync"
 	# Note that devices wont come up automatically inside docker
 	lvcreate -Zn --name root --size ${volsize}M ${LVM_VG_NAME}
 	vgmknodes
 	lvs >> "${DEST}"/${LOG_SUBPATH}/lvm.log 2>&1
-	# TODO [ms] check if disable-scan-enable is necessary
+	
-	vgchange -a n ${LVM_VG_NAME}
-	display_alert "LVM created volume group" "${EXTENSION}" "info"
-
-	display_alert "Using LVM root" "${EXTENSION}" "info"
-	vgscan
-	vgchange -a y ${LVM_VG_NAME}
-
 	rootdevice=/dev/mapper/${LVM_VG_NAME}-root
-	display_alert "Root device is ${rootdevice}" "${EXTENSION}" "info"
+	display_alert "LVM created volume group - root device ${rootdevice}" "${EXTENSION}" "info"
 }
 
 function format_partitions__format_lvm() {
@@ -80,7 +74,7 @@ function format_partitions__format_lvm() {
 	display_alert "LVM labeled partitions" "${EXTENSION}" "info"
 }
 
-function post_umount_final_image__lvm_cleanup(){
+function post_umount_final_image__cleanup_lvm(){
 	execute_and_remove_cleanup_handler cleanup_lvm
 }
 

lib/functions/image/partitioning.sh

@@ -252,21 +252,19 @@ function prepare_partitions() {
 
 	# stage: mount image
 	# lock access to loop devices
-	exec {FD}> /var/lock/armbian-debootstrap-losetup
-	flock -x $FD
-
-	#--partscan is using to force the kernel for scanning partition table in preventing of partprobe errors
 	if [[ -z $LOOP ]]; then
+		exec {FD}> /var/lock/armbian-debootstrap-losetup
+		flock -x $FD
+
 		LOOP=$(losetup -f)
-	#	LOOP=$(losetup --show --partscan --find "${SDCARD}".raw) || exit_with_error "Unable to find free loop device"
 		[[ -z $LOOP ]] && exit_with_error "Unable to find free loop device" 
 		display_alert "Allocated loop device" "LOOP=${LOOP}"
-		check_loop_device "$LOOP"
+		check_loop_device "${LOOP}"
 		losetup $LOOP ${SDCARD}.raw
-	fi
 
-	# loop device was grabbed here, unlock
+		# loop device was grabbed here, unlock
-	flock -u $FD
+		flock -u $FD
+	fi
 
 	display_alert "Running partprobe" "${LOOP}" "debug"
 	run_host_command_logged partprobe "${LOOP}"
@@ -320,6 +318,7 @@ function prepare_partitions() {
 			echo "$CRYPTROOT_MAPPER UUID=${physical_root_part_uuid} none luks" >> $SDCARD/etc/crypttab
 			run_host_command_logged cat $SDCARD/etc/crypttab
 		fi
+		
 		rootfs="UUID=$(blkid -s UUID -o value $rootdevice)"
 		echo "$rootfs / ${mkfs[$ROOTFS_TYPE]} defaults,noatime${mountopts[$ROOTFS_TYPE]} 0 1" >> $SDCARD/etc/fstab
 		run_host_command_logged cat $SDCARD/etc/fstab

lib/functions/image/rootfs-to-image.sh

@@ -117,7 +117,7 @@ function create_image_from_sdcard_rootfs() {
 	fi
 
 	wait_for_disk_sync "before umount MOUNT"
-	
+
 	umount_chroot_recursive "${MOUNT}" "MOUNT"
 
 	call_extension_method "post_umount_final_image" "config_post_umount_final_image" <<- 'POST_UMOUNT_FINAL_IMAGE'

lib/functions/rootfs/trap-rootfs.sh

@@ -54,17 +54,12 @@ function trap_handler_cleanup_rootfs_and_image() {
 	display_alert "Cleanup for rootfs and image" "trap_handler_cleanup_rootfs_and_image" "cleanup"
 
 	debug_tmpfs_show_usage "before cleanup of rootfs"
-
 	cd "${SRC}" || echo "Failed to cwd to ${SRC}" # Move pwd away, so unmounts work
 
 	# those will loop until they're unmounted.
-	display_alert "Cleanup sdcard begin" "trap_handler_cleanup_rootfs_and_image" "cleanup"
 	umount_chroot_recursive "${SDCARD}" "SDCARD" || true
-
-	display_alert "Cleanup mount begin" "trap_handler_cleanup_rootfs_and_image" "cleanup"
 	umount_chroot_recursive "${MOUNT}" "MOUNT" || true
 
-	display_alert "Cleanup umount sdcard begin" "trap_handler_cleanup_rootfs_and_image" "cleanup"
 	# unmount tmpfs mounted on SDCARD if it exists. #@TODO: move to new tmpfs-utils scheme
 	mountpoint -q "${SDCARD}" && umount "${SDCARD}"