Commit 4ff7dd22 authored by Natanael Copa's avatar Natanael Copa
Browse files

setup-disk: support for encrypted apkovls and let ovl have precedence

also, fix issue when /var/lib/apk/installed is included
parent 13d1c081
......@@ -69,6 +69,41 @@ disk_from_part() {
return 1
unpack_apkovl() {
local ovl="$1"
local dest="$2"
local suffix=${ovl##*.}
local i
if [ "$suffix" = "gz" ]; then
if ! tar -C "$dest" --numeric-owner -zxvf "$ovl" > $ovlfiles; then
echo -n "Continue anyway? [Y/n]: "
read i
case "$i" in
n*|N*) return 1;;
return 0
apk add -q openssl
if ! openssl list-cipher-commands | grep "^$suffix$" > /dev/null; then
errstr="Cipher $suffix is not supported"
return 1
local count=0
# beep
echo -e "\007"
while [ $count -lt 3 ]; do
openssl enc -d -$suffix -in "$ovl" | tar --numeric-owner \
-C "$dest" -zxv >$ovlfiles 2>/dev/null && return 0
count=$(( $count + 1 ))
return 1
install_mounted_root() {
local mnt="$1"
local features="ata base bootchart cdrom ext2 ext3 ide scsi usb"
......@@ -88,20 +123,28 @@ install_mounted_root() {
rootdisk=$(disk_from_part $rootdev)
if [ -z "$APKOVL" ]; then
lbu package - | tar -C "$mnt" -zx
lbu package - | tar -C "$mnt" -zxv > "$ovlfiles"
echo "Restoring backup from $APKOVL to $rootdev..."
tar -C "$mnt" -zxf "$APKOVL"
unpack_apkovl "$APKOVL" "$mnt" || return 1
# remove the installed db in case its there so we force re-install
rm -f "$mnt"/var/lib/apk/installed
echon "Installing system on $rootdev: "
# apk reads config from target root so we need to copy the config
mkdir -p "$mnt"/etc/apk/keys/
cp /etc/apk/keys/* "$mnt"/etc/apk/keys/
apk add -q --progress --update-cache --root "$mnt" \
$(cat "$mnt"/var/lib/apk/world) \
acct linux-grsec alpine-base >/dev/null || return 1
local apkflags="--quiet --progress --update-cache --clean-protected"
local pkgs=$(cat "$mnt"/var/lib/apk/world)
pkgs="$pkgs acct linux-grsec alpine-base"
apk add --root "$mnt" $apkflags --overlay-from-stdin \
--repositories-file /etc/apk/repositories \
$pkgs <$ovlfiles>/dev/null || return 1
echo ""
# make things bootable
if [ -e "/sys/block/${rootdev#/dev/}/md" ]; then
local md=${rootdev#/dev/}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment