better rootfs patcher script

README.md

@@ -8,14 +8,20 @@ This is a set of scripts for patching a Chrome OS RMA shim to serve as a bootloa
 - ~~switch_root into an actual rootfs~~
 - ~~start X11 in the actual rootfs~~
 - ~~ui improvements in the bootloader~~
-- load all needed drivers
+- ~~load all needed drivers~~
-- autostart X11
+- ~~autostart X11~~
+- ~~host repo for patched systemd packages~~
+- ~~use debootstrap to install debian~~
 
 ## Usage:
 1. Grab a Chrome OS RMA Shim from somewhere. Most of them have already been leaked and aren't too difficult to find.
-2. Download a [Devuan live ISO](https://www.devuan.org/get-devuan). Run it inside a VM and install it to a disk image. Mount the disk image in the host. (Use `losetup -P` for this.)
+2. Download a Chrome OS [recovery image](https://chromiumdash.appspot.com/serving-builds?deviceCategory=ChromeOS) for your board.
-3. Run `sudo DEBUG=1 ./build.sh`. The `rootfs_dir` argument should point to where you mounted the rootfs in part 2.
+3. Clone this repository and cd into it.
-4. Flash the generated image to a USB drive or SD card.
+4. Run `mkdir -P data/rootfs` to make a directory for the rootfs.
+5. Run `sudo ./build_rootfs.sh data/rootfs bookworm` to build the base rootfs.
+6. Run `sudo ./patch_rootfs.sh path_to_shim path_to_reco data/rootfs` to build the base rootfs.
+7. Run `sudo ./build.sh image.bin path_to_shim data/rootfs`. This will generate a disk image at image.bin. 
+8. Flash the generated image to a USB drive or SD card.
 
 ## License:
 ```

build.sh

@@ -8,7 +8,6 @@ if [ "$DEBUG" ]; then
 fi
 
 . ./patch_initramfs.sh
-. ./patch_rootfs.sh
 . ./build_image.sh
 
 print_help() {
@@ -107,13 +106,7 @@ make_mountable "${shim_loop}p3"
 safe_mount "${shim_loop}p3" $shim_rootfs
 
 echo "copying data into the image"
-rootfs_mount=/tmp/new_rootfs
+populate_partitions $image_loop $initramfs_dir $rootfs_dir
-populate_partitions $image_loop $initramfs_dir $rootfs_dir $rootfs_mount
-
-#echo "copying modules into the rootfs"
-#patch_rootfs $shim_rootfs $rootfs_mount || echo "failed patching rootfs"
-#umount $rootfs_mount
-#umount $shim_rootfs
 
 echo "cleaning up loop devices"
 losetup -d $shim_loop

build_image.sh

@@ -95,7 +95,6 @@ populate_partitions() {
   local image_loop=$(realpath "${1}")
   local bootloader_dir=$(realpath "${2}")
   local rootfs_dir=$(realpath "${3}")
-  local rootfs_mount=$(realpath "${4}")
 
   #mount and write empty file to stateful
   local stateful_mount=/tmp/shim_stateful
@@ -111,8 +110,10 @@ populate_partitions() {
   umount $bootloader_mount
 
   #write rootfs to image
+  local rootfs_mount=/tmp/new_rootfs
   safe_mount "${image_loop}p4" $rootfs_mount
   cp -r $rootfs_dir/* $rootfs_mount
+  umount $rootfs_mount
 }
 
 create_image() {

patch_rootfs.sh

@@ -7,20 +7,77 @@ if [ "$DEBUG" ]; then
   set -x
 fi
 
+. ./build_image.sh
+
+print_help() {
+  echo "Usage: ./patch_rootfs.sh shim_path reco_path rootfs_dir"
+}
+
+if [ "$EUID" -ne 0 ]; then
+  echo "this needs to be run as root."
+  exit 1
+fi
+
+if [ -z "$3" ]; then
+  print_help
+  exit 1
+fi
+
 copy_modules() {
   local shim_rootfs=$(realpath $1)
   local reco_rootfs=$(realpath $2)
   local target_rootfs=$(realpath $3)
 
   cp -r "${shim_rootfs}/lib/modules/"* "${target_rootfs}/lib/modules/"
-  cp -r "${shim_rootfs}/lib/firmware/"* "${target_rootfs}/lib/firmware/"
+  cp -r --remove-destination "${shim_rootfs}/lib/firmware/"* "${target_rootfs}/lib/firmware/"
   cp -r "${reco_rootfs}/lib/modprobe.d/"* "${target_rootfs}/lib/modprobe.d/"
   cp -r "${reco_rootfs}/etc/modprobe.d/"* "${target_rootfs}/etc/modprobe.d/"
 }
 
+copy_firmware() {
+  local firmware_path="/tmp/chromium-firmware"
+  local target_rootfs=$(realpath $1)
+
+  if [ ! -e "$firmware_path" ]; then
+    download_firmware $firmware_path
+  fi
+
+  cp -r --remove-destination "${firmware_path}/"* "${target_rootfs}/lib/modules/"
+}
+
 download_firmware() {
   local firmware_url="https://chromium.googlesource.com/chromiumos/third_party/linux-firmware"
-  local firmware_path="/tmp/chromium-firmware"
+  local firmware_path=$(realpath $1)
 
   git clone --branch master --depth=1 "${firmware_url}" $firmware_path
 }
+
+shim_path=$(realpath $1)
+reco_path=$(realpath $2)
+target_rootfs=$(realpath $3)
+shim_rootfs="/tmp/shim_rootfs"
+reco_rootfs="/tmp/reco_rootfs"
+
+echo "mounting shim"
+shim_loop=$(create_loop "${shim_path}")
+make_mountable "${shim_loop}p3"
+safe_mount "${shim_loop}p3" $shim_rootfs
+
+echo "mounting recovery image"
+reco_loop=$(create_loop "${reco_path}")
+make_mountable "${reco_loop}p3"
+safe_mount "${reco_loop}p3" $reco_rootfs
+
+echo "copying modules to rootfs"
+copy_modules $shim_rootfs $reco_rootfs $target_rootfs
+
+echo "downloading misc firmware"
+copy_firmware $target_rootfs
+
+echo "unmounting and cleaning up"
+umount $shim_rootfs
+umount $reco_rootfs
+losetup -d $shim_loop
+losetup -d $reco_loop
+
+echo "done"

rootfs/opt/setup_rootfs.sh

@@ -9,13 +9,14 @@ if [ "$DEBUG" ]; then
 fi
 
 custom_repo="https://shimboot.ading.dev/debian"
+custom_repo_domain="shimboot.ading.dev"
 sources_entry="deb [trusted=yes] ${custom_repo} ${release_name} main"
 
 #add shimboot repos
 echo -e "${sources_entry}\n$(cat /etc/apt/sources.list)" > /etc/apt/sources.list
 tee -a /etc/apt/preferences << END
 Package: *
-Pin: origin "${custom_repo}"
+Pin: origin ${custom_repo_domain}
 Pin-Priority: 1001
 END