basic functionality

(THIS COMMIT WILL NOT BUILD) changelog: - builder will now apply rootfs to image - builder has basic functions to shrink image
2024-09-12 22:44:10 -04:00 · 2024-09-12 22:44:10 -04:00 · e8b6a73f87
commit e8b6a73f87
parent 1b520dd06c
4 changed files with 307 additions and 0 deletions
--- a/builder/lib/detect_arch.sh
+++ b/builder/lib/detect_arch.sh
@ -0,0 +1,17 @@
+detect_arch() {
+	LOOPDEV="$1"
+	MNT_ROOT=$(mktemp -d)
+	mount -o ro "${LOOPDEV}p3" "$MNT_ROOT"
+
+	TARGET_ARCH=x86_64
+	if [ -f "$MNT_ROOT/bin/bash" ]; then
+		case "$(file -b "$MNT_ROOT/bin/bash" | awk -F ', ' '{print $2}' | tr '[:upper:]' '[:lower:]')" in
+			# for now assume arm has aarch64 kernel
+			*aarch64* | *armv8* | *arm*) TARGET_ARCH=arm64 ;;
+		esac
+	fi
+	echo "$TARGET_ARCH"
+
+	umount "$MNT_ROOT"
+	rmdir "$MNT_ROOT"
+}
--- a/builder/lib/extract_initramfs.sh
+++ b/builder/lib/extract_initramfs.sh
@ -0,0 +1,106 @@
+#!/bin/bash
+
+#utilties for reading shim disk images
+
+run_binwalk() {
+  if binwalk -h | grep -- '--run-as' >/dev/null; then
+    binwalk "$@" --run-as=root
+  else
+    binwalk "$@"
+  fi
+}
+
+#extract the initramfs from a kernel image
+extract_initramfs() {
+  local kernel_bin="$1"
+  local working_dir="$2"
+  local output_dir="$3"
+
+  #extract the compressed kernel image from the partition data
+  local kernel_file="$(basename $kernel_bin)"
+  local binwalk_out=$(run_binwalk --extract $kernel_bin --directory=$working_dir)
+  local stage1_file=$(echo $binwalk_out | pcregrep -o1 "\d+\s+0x([0-9A-F]+)\s+gzip compressed data")
+  local stage1_dir="$working_dir/_$kernel_file.extracted"
+  local stage1_path="$stage1_dir/$stage1_file"
+
+
+  #extract the initramfs cpio archive from the kernel image
+  run_binwalk --extract $stage1_path --directory=$stage1_dir > /dev/null
+  local stage2_dir="$stage1_dir/_$stage1_file.extracted/"
+  local cpio_file=$(file $stage2_dir/* | pcregrep -o1 "([0-9A-F]+):\s+ASCII cpio archive")
+  local cpio_path="$stage2_dir/$cpio_file"
+
+  rm -rf $output_dir
+  cat $cpio_path | cpio -D $output_dir -imd --quiet
+}
+
+extract_initramfs_arm() {
+  local kernel_bin="$1"
+  local working_dir="$2"
+  local output_dir="$3"
+
+  #extract the kernel lz4 archive from the partition
+  local binwalk_out="$(run_binwalk $kernel_bin)"
+  local lz4_offset="$(echo "$binwalk_out" | pcregrep -o1 "(\d+).+?LZ4 compressed data" | head -n1)"
+  local lz4_file="$working_dir/kernel.lz4"
+  local kernel_img="$working_dir/kernel_decompressed.bin"
+  dd if=$kernel_bin of=$lz4_file iflag=skip_bytes,count_bytes skip=$lz4_offset status=none
+  lz4 -d $lz4_file $kernel_img -q || true
+
+  #extract the initramfs cpio archive from the kernel image
+  local extracted_dir="$working_dir/_kernel_decompressed.bin.extracted"
+  run_binwalk --extract $kernel_img --directory=$working_dir > /dev/null
+  local cpio_file=$(file $extracted_dir/* | pcregrep -o1 "([0-9A-F]+):\s+ASCII cpio archive")
+  local cpio_path="$extracted_dir/$cpio_file"
+
+  rm -rf $output_dir
+  cat $cpio_path | cpio -D $output_dir -imd --quiet
+}
+
+create_loop() {
+  local loop_device=$(losetup -f)
+  if [ ! -b "$loop_device" ]; then
+    #we might run out of loop devices, see https://stackoverflow.com/a/66020349
+    local major=$(grep loop /proc/devices | cut -c3)
+    local number="$(echo "$loop_device" | grep -Eo '[0-9]+' | tail -n1)"
+    mknod $loop_device b $major $number
+  fi
+  losetup -P $loop_device "${1}"
+  echo $loop_device
+}
+
+copy_kernel() {
+  local shim_path="$1"
+  local kernel_dir="$2"
+
+  local shim_loop=$(create_loop "${shim_path}")
+  local kernel_loop="${shim_loop}p2" #KERN-A should always be p2
+  dd if=$kernel_loop of=$kernel_dir/kernel.bin bs=1M status=none
+  losetup -d $shim_loop
+}
+
+#copy the kernel image then extract the initramfs
+extract_initramfs_full() {
+  local shim_path="$1"
+  local rootfs_dir="$2"
+  local kernel_bin="$3"
+  local arch="$4"
+  local kernel_dir=/tmp/shim_kernel
+
+  echo "copying the shim kernel"
+  rm -rf $kernel_dir
+  mkdir $kernel_dir -p
+  copy_kernel $shim_path $kernel_dir
+
+  echo "extracting initramfs from kernel (this may take a while)"
+  if [ "$arch" = "arm64" ]; then
+    extract_initramfs_arm $kernel_dir/kernel.bin $kernel_dir $rootfs_dir
+  else
+    extract_initramfs $kernel_dir/kernel.bin $kernel_dir $rootfs_dir
+  fi
+
+  if [ "$kernel_bin" ]; then 
+    cp $kernel_dir/kernel.bin $kernel_bin
+  fi
+  rm -rf $kernel_dir
+}
--- a/builder/lib/rootfs_utils.sh
+++ b/builder/lib/rootfs_utils.sh
@ -0,0 +1,115 @@
+#!/bin/bash
+# Code was borrowed from the SH1mmer repo, credits to them
+# https://github.com/MercuryWorkshop/sh1mmer
+
+is_ext2() {
+	local rootfs="$1"
+	local offset="${2-0}"
+
+	local sb_magic_offset=$((0x438))
+	local sb_value=$(dd if="$rootfs" skip=$((offset + sb_magic_offset)) \
+		count=2 bs=1 2>/dev/null)
+	local expected_sb_value=$(printf '\123\357')
+	if [ "$sb_value" = "$expected_sb_value" ]; then
+		return 0
+	fi
+	return 1
+}
+
+enable_rw_mount() {
+	local rootfs="$1"
+	local offset="${2-0}"
+
+	if ! is_ext2 "$rootfs" $offset; then
+		echo "enable_rw_mount called on non-ext2 filesystem: $rootfs $offset" 1>&2
+		return 1
+	fi
+
+	local ro_compat_offset=$((0x464 + 3))
+	printf '\000' |
+		dd of="$rootfs" seek=$((offset + ro_compat_offset)) \
+			conv=notrunc count=1 bs=1 2>/dev/null
+}
+
+disable_rw_mount() {
+	local rootfs="$1"
+	local offset="${2-0}"
+
+	if ! is_ext2 "$rootfs" $offset; then
+		echo "disable_rw_mount called on non-ext2 filesystem: $rootfs $offset" 1>&2
+		return 1
+	fi
+
+	local ro_compat_offset=$((0x464 + 3))
+	printf '\377' |
+		dd of="$rootfs" seek=$((offset + ro_compat_offset)) \
+			conv=notrunc count=1 bs=1 2>/dev/null
+}
+
+shrink_partitions() {
+  local shim="$1"
+  fdisk "$shim" <<EOF
+  d
+  12
+  d
+  11
+  d
+  10
+  d
+  9
+  d
+  8
+  d
+  7
+  d
+  6
+  d
+  5
+  d
+  4
+  d
+  1
+  p
+  w
+EOF
+}
+
+truncate_image() {
+	local buffer=35
+	local sector_size=$("$SFDISK" -l "$1" | grep "Sector size" | awk '{print $4}')
+	local final_sector=$(get_final_sector "$1")
+	local end_bytes=$(((final_sector + buffer) * sector_size))
+
+	log "Truncating image to $(format_bytes "$end_bytes")"
+	truncate -s "$end_bytes" "$1"
+
+	# recreate backup gpt table/header
+	suppress sgdisk -e "$1" 2>&1 | sed 's/\a//g'
+}
+
+format_bytes() {
+	numfmt --to=iec-i --suffix=B "$@"
+}
+
+shrink_root() {
+  log "Shrinking ROOT-A Partition"
+
+	enable_rw_mount "${LOOPDEV}p3"
+	suppress e2fsck -fy "${LOOPDEV}p3"
+	suppress resize2fs -M "${LOOPDEV}p3"
+	disable_rw_mount "${LOOPDEV}p3"
+
+	local sector_size=$(get_sector_size "$LOOPDEV")
+	local block_size=$(tune2fs -l "${LOOPDEV}p3" | grep "Block size" | awk '{print $3}')
+	local block_count=$(tune2fs -l "${LOOPDEV}p3" | grep "Block count" | awk '{print $3}')
+
+	local original_sectors=$("$CGPT" show -i 3 -s -n -q "$LOOPDEV")
+	local original_bytes=$((original_sectors * sector_size))
+
+	local resized_bytes=$((block_count * block_size))
+	local resized_sectors=$((resized_bytes / sector_size))
+
+	echo "Resizing ROOT from $(format_bytes ${original_bytes}) to $(format_bytes ${resized_bytes})"
+	"$CGPT" add -i 3 -s "$resized_sectors" "$LOOPDEV"
+	partx -u -n 3 "$LOOPDEV"
+}
--- a/builder/picoshim.sh
+++ b/builder/picoshim.sh
@ -0,0 +1,69 @@
+#!/bin/bash
+# PicoShim Builder
+# 2024
+
+if [ $EUID -ne 0 ]; then
+  echo "You MUST run this program with sudo or as root."
+  exit 1
+fi
+
+if [ "$1" == "" ]; then
+  echo "No shim passed, please pass a shim to the args."
+  echo "$@"
+  exit 1
+fi
+
+SCRIPT_DIR=$(dirname "$0")
+VERSION=1
+
+HOST_ARCH=$(lscpu | grep Architecture | awk '{print $2}')
+if [ $HOST_ARCH == "x86_64" ]; then
+  CGPT="$SCRIPT_DIR/bins/cgpt.x86-64"
+  SFDISK="$SCRIPT_DIR/bins/sfdisk.x86-64"
+else
+  CGPT="$SCRIPT_DIR/bins/cgpt.aarch64"
+  SFDISK="$SCRIPT_DIR/bins/sfdisk.aarch64"
+fi
+
+source lib/extract_initramfs.sh
+source lib/detect_arch.sh
+
+echo "PicoShim builder"
+echo "requires: binwalk, fdisk"
+
+SHIM="$1"
+initramfs="/tmp/initramfs_path"
+ROOTFS_MNT="/tmp/picoshim_rootmnt"
+loopdev=$(losetup -f)
+STATE_SIZE=$((1 * 1024 * 1024)) 
+
+rm -rf $initramfs # cleanup previous instances of picoshim, if they existed.
+mkdir -p $initramfs
+
+rm -rf $ROOTFS_MNT # cleanup previous instances of picoshim, if they existed.
+mkdir -p $ROOTFS_MNT
+
+if [ -f "$SHIM" ]; then
+  losetup -P "$loopdev" "$SHIM"
+else
+  exit 1
+fi
+
+arch=$(detect_arch $loopdev)
+extract_initramfs_full "$SHIM" "$initramfs" ""$loopdev"p2" "$arch"
+
+echo "creating new filesystem on rootfs"
+echo "y" | mkfs.ext4 "$loopdev"p3 -L ROOT-A
+echo "mounting & moving files from initramfs to rootfs"
+mount "$loopdev"p3 "$ROOTFS_MNT"
+mv "$initramfs"/* "$ROOTFS_MNT"/
+umount "$loopdev"p3
+
+shrink_root 
+
+
+echo "cleaning up"
+losetup -D
+rm -rf $initramfs
+rm -rf $ROOTFS_MNT
+