diff options
-rw-r--r-- | .SRCINFO | 48 | ||||
-rw-r--r-- | PKGBUILD | 111 | ||||
-rw-r--r-- | arch-logo.png | bin | 0 -> 17066 bytes | |||
-rw-r--r-- | lightdm-plymouth.service | 13 | ||||
-rw-r--r-- | lxdm-plymouth.service | 13 | ||||
-rw-r--r-- | plymouth-deactivate.service | 10 | ||||
-rw-r--r-- | plymouth-quit.service.in.patch | 13 | ||||
-rw-r--r-- | plymouth-update-initrd.patch | 9 | ||||
-rw-r--r-- | plymouth.encrypt_hook | 313 | ||||
-rw-r--r-- | plymouth.encrypt_install | 48 | ||||
-rw-r--r-- | plymouth.initcpio_hook | 23 | ||||
-rw-r--r-- | plymouth.initcpio_install | 87 | ||||
-rw-r--r-- | plymouthd.conf.patch | 10 | ||||
-rw-r--r-- | sd-plymouth.initcpio_install | 92 | ||||
-rw-r--r-- | sddm-plymouth.service | 13 |
15 files changed, 803 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO new file mode 100644 index 000000000000..623404844601 --- /dev/null +++ b/.SRCINFO @@ -0,0 +1,48 @@ +pkgbase = plymouth-sigfile + pkgdesc = A graphical boot splash screen with kernel mode-setting support + pkgver = 22.02.122 + pkgrel = 1 + url = https://www.freedesktop.org/wiki/Software/Plymouth/ + arch = i686 + arch = x86_64 + license = GPL + makedepends = docbook-xsl + depends = libdrm + depends = pango + depends = systemd + optdepends = ttf-dejavu: For true type font support + optdepends = xf86-video-fbdev: Support special graphic cards on early startup + optdepends = cantarell-fonts: True Type support for BGRT theme + options = !libtool + options = !emptydirs + backup = etc/plymouth/plymouthd.conf + source = https://gitlab.freedesktop.org/plymouth/plymouth/-/archive/22.02.122/plymouth-22.02.122.tar.gz + source = arch-logo.png + source = plymouth.encrypt_hook + source = plymouth.encrypt_install + source = lxdm-plymouth.service + source = lightdm-plymouth.service + source = sddm-plymouth.service + source = plymouth-deactivate.service + source = plymouth.initcpio_hook + source = plymouth.initcpio_install + source = sd-plymouth.initcpio_install + source = plymouth-quit.service.in.patch + source = plymouth-update-initrd.patch + source = plymouthd.conf.patch + sha256sums = 8921cd61a9f32f5f8903ceffb9ab0defaef8326253e1549ef85587c19b7f2ab6 + sha256sums = b879557ef9b4be98865fa03d0eec7e661c8552ab4a431b50e029bc7b079fcbab + sha256sums = ec73f67cba0d536c90a18175277048ca1b23fbd9f2ab44505537ca30e669d2de + sha256sums = 373ec20fe4c47e693a0c45cc06dd906e35dd1d70a85546bd1d571391de11763a + sha256sums = 06b31999cf60f49e536c7a12bc1c4f75f2671feb848bf5ccb91a963147e2680d + sha256sums = 86d0230d9393c9d83eb7bb430e6b0fb5e3f32e78fcd30f3ecd4e6f3c30b18f71 + sha256sums = c39f526f7e99173bc8f012900f53257537a25e2d8c19e23df630f1fe9a7627ba + sha256sums = 3b17ed58b59a4b60d904c60bba52bae7ad685aa8273f6ceaae08a15870c0a9eb + sha256sums = 2a80e2cad8de428358647677afa166219589d3338c5f94838146c804a29e2769 + sha256sums = d2201253d9f4a1f7e556e60a04401237273a4577e157a8c4471d5c81bff88ccd + sha256sums = d254f3d01631024ed4563d39fcaa631b0ace097faf7ed05de382859ccfa48a08 + sha256sums = dec28b86ddea93704f8479d33e08f81cd7ff4ccaad57e9053c23bd046db2278a + sha256sums = 74908ba59cea53c6a9ab67bb6dec1de1616f3851a0fd89bb3c157a1c54e6633a + sha256sums = 71d34351b4313da01e1ceeb082d9776599974ce143c87e93f0a465f342a74fd2 + +pkgname = plymouth-sigfile diff --git a/PKGBUILD b/PKGBUILD new file mode 100644 index 000000000000..285aa4d93ca3 --- /dev/null +++ b/PKGBUILD @@ -0,0 +1,111 @@ +# Maintainer: Pellegrino Prevete <pellegrinoprevete@gmail.com> +# Contributor: Taijian <taijian@posteo.de> +# Contributor: Sebastian Lau <lauseb644@gmail.com> +# Contributor Damian01w <damian01w@gmail.com> +# Contributor: Padfoot <padfoot@exemail.com.au> + +_pkgname=plymouth +_variant="sigfile" +pkgname="${_pkgname}-${_variant}" +pkgver=22.02.122 +pkgrel=1 +pkgdesc="A graphical boot splash screen with kernel mode-setting support" +url="https://www.freedesktop.org/wiki/Software/Plymouth/" +arch=('i686' 'x86_64') +license=('GPL') + +depends=('libdrm' 'pango' 'systemd') +makedepends=('docbook-xsl') +optdepends=('ttf-dejavu: For true type font support' + 'xf86-video-fbdev: Support special graphic cards on early startup' + 'cantarell-fonts: True Type support for BGRT theme') +backup=('etc/plymouth/plymouthd.conf') + +options=('!libtool' '!emptydirs') +_gitlab="https://gitlab.freedesktop.org" +source=("${_gitlab}/${_pkgname}/${_pkgname}/-/archive/${pkgver}/${_pkgname}-${pkgver}.tar.gz" + 'arch-logo.png' + 'plymouth.encrypt_hook' + 'plymouth.encrypt_install' + 'lxdm-plymouth.service' + 'lightdm-plymouth.service' + 'sddm-plymouth.service' + 'plymouth-deactivate.service' # needed for sddm + 'plymouth.initcpio_hook' + 'plymouth.initcpio_install' + 'sd-plymouth.initcpio_install' + 'plymouth-quit.service.in.patch' + 'plymouth-update-initrd.patch' + 'plymouthd.conf.patch' +) + +sha256sums=('8921cd61a9f32f5f8903ceffb9ab0defaef8326253e1549ef85587c19b7f2ab6' + 'b879557ef9b4be98865fa03d0eec7e661c8552ab4a431b50e029bc7b079fcbab' + 'ec73f67cba0d536c90a18175277048ca1b23fbd9f2ab44505537ca30e669d2de' + '373ec20fe4c47e693a0c45cc06dd906e35dd1d70a85546bd1d571391de11763a' + '06b31999cf60f49e536c7a12bc1c4f75f2671feb848bf5ccb91a963147e2680d' + '86d0230d9393c9d83eb7bb430e6b0fb5e3f32e78fcd30f3ecd4e6f3c30b18f71' + 'c39f526f7e99173bc8f012900f53257537a25e2d8c19e23df630f1fe9a7627ba' + '3b17ed58b59a4b60d904c60bba52bae7ad685aa8273f6ceaae08a15870c0a9eb' + '2a80e2cad8de428358647677afa166219589d3338c5f94838146c804a29e2769' + 'd2201253d9f4a1f7e556e60a04401237273a4577e157a8c4471d5c81bff88ccd' + 'd254f3d01631024ed4563d39fcaa631b0ace097faf7ed05de382859ccfa48a08' + 'dec28b86ddea93704f8479d33e08f81cd7ff4ccaad57e9053c23bd046db2278a' + '74908ba59cea53c6a9ab67bb6dec1de1616f3851a0fd89bb3c157a1c54e6633a' + '71d34351b4313da01e1ceeb082d9776599974ce143c87e93f0a465f342a74fd2') + +prepare() { + cd "${srcdir}/${_pkgname}-${pkgver}" || exit 1 + patch -p1 -i "${srcdir}/plymouth-update-initrd.patch" + patch -p1 -i "${srcdir}/plymouth-quit.service.in.patch" + patch -p1 -i "${srcdir}/plymouthd.conf.patch" +} + +build() { + cd "${srcdir}/${_pkgname}-${pkgver}" || exit 1 + + LDFLAGS="$LDFLAGS -ludev" ./autogen.sh \ + --prefix=/usr \ + --exec-prefix=/usr \ + --sysconfdir=/etc \ + --localstatedir=/var \ + --libdir=/usr/lib \ + --libexecdir=/usr/lib \ + --sbindir=/usr/bin \ + --enable-systemd-integration \ + --enable-drm \ + --enable-tracing \ + --enable-pango \ + --enable-gtk=no \ + --with-release-file=/etc/os-release \ + --with-logo=/usr/share/plymouth/arch-logo.png \ + --with-background-color=0x000000 \ + --with-background-start-color-stop=0x000000 \ + --with-background-end-color-stop=0x4D4D4D \ + --without-rhgb-compat-link \ + --without-system-root-install \ + --with-runtimedir=/run + + make +} + +package() { + cd "$srcdir"/${_pkgname}-${pkgver} + + make DESTDIR="$pkgdir" install + + install -Dm644 "$srcdir/arch-logo.png" "$pkgdir/usr/share/plymouth/arch-logo.png" + + install -Dm644 "$srcdir/plymouth.encrypt_hook" "$pkgdir/usr/lib/initcpio/hooks/plymouth-encrypt" + install -Dm644 "$srcdir/plymouth.encrypt_install" "$pkgdir/usr/lib/initcpio/install/plymouth-encrypt" + install -Dm644 "$srcdir/plymouth.initcpio_hook" "$pkgdir/usr/lib/initcpio/hooks/plymouth" + install -Dm644 "$srcdir/plymouth.initcpio_install" "$pkgdir/usr/lib/initcpio/install/plymouth" + install -Dm644 "$srcdir/sd-plymouth.initcpio_install" "$pkgdir/usr/lib/initcpio/install/sd-plymouth" + + for i in {sddm,lxdm,lightdm}-plymouth.service; do + install -Dm644 "$srcdir/$i" "$pkgdir/usr/lib/systemd/system/$i" + done + + install -Dm644 "$srcdir/plymouth-deactivate.service" "$pkgdir/usr/lib/systemd/system/plymouth-deactivate.service" + install -Dm644 "$pkgdir/usr/share/plymouth/plymouthd.defaults" "$pkgdir/etc/plymouth/plymouthd.conf" +} diff --git a/arch-logo.png b/arch-logo.png Binary files differnew file mode 100644 index 000000000000..69e1c5e911e0 --- /dev/null +++ b/arch-logo.png diff --git a/lightdm-plymouth.service b/lightdm-plymouth.service new file mode 100644 index 000000000000..a845498fddf5 --- /dev/null +++ b/lightdm-plymouth.service @@ -0,0 +1,13 @@ +[Unit] +Description=Light Display Manager +Conflicts=getty@tty1.service plymouth-quit.service +After=systemd-user-sessions.service getty@tty1.service plymouth-quit.service + +[Service] +ExecStart=/usr/bin/lightdm +Restart=always +IgnoreSIGPIPE=no +BusName=org.freedesktop.DisplayManager + +[Install] +Alias=display-manager.service diff --git a/lxdm-plymouth.service b/lxdm-plymouth.service new file mode 100644 index 000000000000..33e0ea741d74 --- /dev/null +++ b/lxdm-plymouth.service @@ -0,0 +1,13 @@ +[Unit] +Description=LXDE Display Manager +Conflicts=getty@tty1.service plymouth-quit.service +Wants=plymouth-deactivate.service +After=systemd-user-sessions.service getty@tty1.service plymouth-deactivate.service plymouth-quit.service + +[Service] +ExecStart=/usr/sbin/lxdm +Restart=always +IgnoreSIGPIPE=no + +[Install] +Alias=display-manager.service diff --git a/plymouth-deactivate.service b/plymouth-deactivate.service new file mode 100644 index 000000000000..6f1d87eb4333 --- /dev/null +++ b/plymouth-deactivate.service @@ -0,0 +1,10 @@ +[Unit] +Description=Deactivate Plymouth Boot Screen +After=rc-local.service plymouth-start.service systemd-user-sessions.service +Before=getty@tty1.service + +[Service] +ExecStart=/usr/bin/plymouth deactivate +Type=oneshot +TimeoutSec=20 +RemainAfterExit=yes diff --git a/plymouth-quit.service.in.patch b/plymouth-quit.service.in.patch new file mode 100644 index 000000000000..cc226e1c6ba1 --- /dev/null +++ b/plymouth-quit.service.in.patch @@ -0,0 +1,13 @@ +diff -aur plymouth.src/systemd-units/plymouth-quit.service.in plymouth.patch/systemd-units/plymouth-quit.service.in +--- plymouth.src/systemd-units/plymouth-quit.service.in 2014-02-20 19:38:13.329427597 +1100 ++++ plymouth.patch/systemd-units/plymouth-quit.service.in 2014-02-20 19:40:52.619343839 +1100 +@@ -1,8 +1,9 @@ + [Unit] + Description=Terminate Plymouth Boot Screen + After=rc-local.service plymouth-start.service systemd-user-sessions.service ++Before=getty@tty1.service + + [Service] + ExecStart=-@PLYMOUTH_CLIENT_DIR@/plymouth quit + Type=oneshot + TimeoutSec=20 diff --git a/plymouth-update-initrd.patch b/plymouth-update-initrd.patch new file mode 100644 index 000000000000..0d0235cf750d --- /dev/null +++ b/plymouth-update-initrd.patch @@ -0,0 +1,9 @@ +diff -aur plymouth.src/scripts/plymouth-update-initrd plymouth.patch/scripts/plymouth-update-initrd +--- plymouth.src/scripts/plymouth-update-initrd 2014-02-20 19:38:13.319427393 +1100 ++++ plymouth.patch/scripts/plymouth-update-initrd 2014-02-20 19:54:13.035553244 +1100 +@@ -1,2 +1,4 @@ + #!/bin/bash +-dracut -f ++find /etc/mkinitcpio.d/ -name \*.preset -a \! -name example.preset | while read p; do ++ mkinitcpio -p $p ++done diff --git a/plymouth.encrypt_hook b/plymouth.encrypt_hook new file mode 100644 index 000000000000..1b83cdcaae41 --- /dev/null +++ b/plymouth.encrypt_hook @@ -0,0 +1,313 @@ +#!/usr/bin/ash +# shellcheck shell=dash + +_get_key() { + msg ":: getting key for encrypted device..." + IFS=: read ckdev ckarg1 ckarg2 <<EOF +$cryptkey +EOF + # shellcheck disable=SC2154 + if [ "$ckdev" = "rootfs" ]; then + ckeyfile=$ckarg1 + elif resolved=$(resolve_device "${ckdev}" ${rootdelay}); then + case ${ckarg1} in + *[!0-9]*) + # Use a file on the device + # ckarg1 is not numeric: ckarg1=filesystem, ckarg2=path + IFS=, read ckfs1 ckfs2 <<EOF +$ckarg1 +EOF + IFS=, read ckpath1 ckpath2 <<EOF +$ckarg2 +EOF + mkdir /ckey + msg ":: mount ${resolved} (${ckfs1})..." + mount --mkdir -r -t "$ckfs1" "$resolved" /ckey + ckey="/ckey/${ckpath1}" + is_fs=$(blkid -o value -s TYPE "${ckey}") + if [ "${is_fs}" != "" ]; then + msg ":: mount ${ckey} (${is_fs})..." + if cryptsetup isLuks "${ckey}" >/dev/null 2>&1; then + msg ":: device ${key} is a LUKS volume..." + plymouth ask-for-password --prompt="Password for ckey volume" --dont-pause-progress --number-of-tries=15 --command="/sbin/cryptsetup luksOpen --key-file=- ${ckey} ckey" + ckey="/dev/mapper/ckey" + fi + mount --mkdir -r -t "$ckfs2" "${ckey}" /ckey2 + ckey="/ckey2/${ckpath2}" + fi + dd if="${ckey}" of="${ckeyfile}" >/dev/null 2>&1 + if mountpoint -q /ckey2; then + umount /ckey2 + cryptsetup close --type luks ckey; + fi + umount /ckey + ;; + *) + # Read raw data from the block device + # ckarg1 is numeric: ckarg1=offset, ckarg2=length + dd if="${resolved}" of="${ckeyfile}" bs=1 skip="${ckarg1}" count="${ckarg2}" >/dev/null 2>&1 + ;; + esac + fi + + [ ! -f "${ckeyfile}" ] && echo "Keyfile could not be opened. Reverting to passphrase." +} + +_get_sig() { + msg ":: getting signature for airootfs encrypted container..." + DEPRECATED_CRYPT=0 + IFS=: read sigdev sigarg1 sigarg2 <<EOF +$sigdevice +EOF + if resolved=$(resolve_device "${sigdev}" ${rootdelay}); then + case ${sigarg1} in + *[!0-9]*) + # Use a file on the device + # sigarg1 is not numeric: sigarg1=filesystem, sigarg2=path + IFS=, read sigfs1 sigfs2 <<EOF +$sigarg1 +EOF + IFS=, read sigpath1 sigpath2 <<EOF +$sigarg2 +EOF + + msg ":: mount ${resolved} (${sigfs1}) over /sigdev..." + mount --mkdir -r -t "$sigfs1" "$resolved" /sigdev + sigpath="/sigdev/${sigpath1}" + is_fs=$(blkid -o value -s TYPE "${sigpath}") + if [ "${is_fs}" != "" ]; then + if cryptsetup isLuks "${sigpath}" >/dev/null 2>&1; then + plymouth ask-for-password --prompt="Password for ckey volume" --dont-pause-progress --number-of-tries=15 --command="/sbin/cryptsetup luksOpen --key-file=- ${sigpath} sigdev" + sigpath="/dev/mapper/sigdev" + fi + msg ":: mount ${sigpath} (${sigfs2}) over /sigdev2" + mount --mkdir -r -t "$sigfs2" "${sigpath}" /sigdev2 + sigpath="/sigdev2/${sigpath2}" + fi + dd if="${sigpath}" of="${sigfile}" >/dev/null 2>&1 + if mountpoint -q /sigdev2; then + umount /sigdev2 + cryptsetup close --type luks sigdev; + fi + umount /sigdev + ;; + *) + # Read raw data from the block device + # sigarg1 is numeric: sigarg1=offset, sigarg2=length + dd if="${resolved}" of="${sigfile}" bs=1 skip="${sigarg1}" count="${sigarg2}" >/dev/null 2>&1 + ;; + esac + else + err "Can't mount device ${sigdev} over /sigdev" + launch_interactive_shell + fi + if [ ! -f "${sigfile}" ]; then + err "Signature file could not be opened. " + launch_interactive_shell + fi +} + +_verify_signature() { + local _status + local _file="${1}" + local _sigfile="${2}" + local _dir _filename + + _dir="$(dirname "${_file}")" + _filename="$(basename "${_file}")" + cd "${_dir}" || exit 1 + gpg --homedir /gpg --status-fd 1 --verify "${_sigfile}" "${_filename}" 2>/dev/null | grep -E '^\[GNUPG:\] GOODSIG' + _status=$? + cd -- "${OLDPWD}" || exit 1 + return ${_status} +} + +_cryptdev() { + if [ -n "${cryptdevice}" ]; then + DEPRECATED_CRYPT=0 + IFS=: read cryptdev cryptname cryptoptions <<EOF +$cryptdevice +EOF + else + DEPRECATED_CRYPT=1 + cryptdev="${root}" + cryptname="root" + fi + + IFS=, read cryptdev cryptdevpath <<EOF +$cryptdev +EOF + + if [ -n "${cryptdevpath}" ]; then + if mount --mkdir -o "defaults" "${cryptdev}" /run/cryptdev; then + msg ":: device ${cryptdev} mounted over /run/cryptdev" + cryptdev="/run/cryptdev/${cryptdevpath}" + else + err "Can't mount device ${cryptdev} over /run/cryptdev" + launch_interactive_shell + fi + fi +} + +_set_cryptargs() { + set -f + OLDIFS="$IFS"; IFS=, + for cryptopt in ${cryptoptions}; do + case ${cryptopt} in + allow-discards|discard) + cryptargs="${cryptargs} --allow-discards" + ;; + no-read-workqueue|perf-no_read_workqueue) + cryptargs="${cryptargs} --perf-no_read_workqueue" + ;; + no-write-workqueue|perf-no_write_workqueue) + cryptargs="${cryptargs} --perf-no_write_workqueue" + ;; + readonly|read-only) + cryptargs="${cryptargs} --readonly" + ;; + *) + msg "::Encryption option '${cryptopt}' not known, ignoring." >&2 + ;; + esac + done + set +f + IFS="$OLDIFS" + unset OLDIFS +} + +warn_deprecated() { + msg "The syntax 'root=${root}' where '${root}' is an encrypted volume is deprecated" + msg "Use 'cryptdevice=${root}:root root=/dev/mapper/root' instead." +} + +_open_root() { + resolved=$(cryptsetup isLuks "${cryptdev}" >/dev/null 2>&1 && echo "${cryptdev}") + [ "${resolved}" = "" ] && resolved=$(resolve_device "${cryptdev}" ${rootdelay}) + if [ "${resolved}" != "" ]; then + if cryptsetup isLuks ${resolved} >/dev/null 2>&1; then + [ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated + dopassphrase=1 + # If keyfile exists, try to use that + if [ -f "${ckeyfile}" ]; then + if eval cryptsetup --key-file ${ckeyfile} open --type luks ${resolved} ${cryptname} ${cryptargs} ${CSQUIET}; then + dopassphrase=0 + else + echo "Invalid keyfile. Reverting to passphrase." + fi + fi + # Ask for a passphrase + if [ ${dopassphrase} -gt 0 ]; then + echo "" + echo "A password is required to access the ${cryptname} volume:" + plymouth ask-for-password --prompt="Password for ${cryptname} volume" --dont-pause-progress --number-of-tries=15 --command="/sbin/cryptsetup luksOpen --key-file=- ${resolved} ${cryptname} ${cryptargs} ${CSQUIET}" + fi + if [ -e "/dev/mapper/${cryptname}" ]; then + if [ ${DEPRECATED_CRYPT} -eq 1 ]; then + export root="/dev/mapper/root" + fi + else + err "Password succeeded, but ${cryptname} creation failed, aborting..." + return 1 + fi + elif [ -n "${crypto}" ]; then + [ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated + msg "Non-LUKS encrypted device found..." + if echo "$crypto" | awk -F: '{ exit(NF == 5) }'; then + err "Verify parameter format: crypto=hash:cipher:keysize:offset:skip" + err "Non-LUKS decryption not attempted..." + return 1 + fi + exe="cryptsetup open --type plain $resolved $cryptname $cryptargs" + IFS=: read c_hash c_cipher c_keysize c_offset c_skip <<EOF +$crypto +EOF + [ -n "$c_hash" ] && exe="$exe --hash '$c_hash'" + [ -n "$c_cipher" ] && exe="$exe --cipher '$c_cipher'" + [ -n "$c_keysize" ] && exe="$exe --key-size '$c_keysize'" + [ -n "$c_offset" ] && exe="$exe --offset '$c_offset'" + [ -n "$c_skip" ] && exe="$exe --skip '$c_skip'" + if [ -f "$ckeyfile" ]; then + exe="$exe --key-file $ckeyfile" + else + echo "" + echo "A password is required to access the ${cryptname} volume:" + fi + eval "$exe $CSQUIET" + + if [ $? -ne 0 ]; then + err "Non-LUKS device decryption failed. verify format: " + err " crypto=hash:cipher:keysize:offset:skip" + return 1 + fi + if [ -e "/dev/mapper/${cryptname}" ]; then + if [ ${DEPRECATED_CRYPT} -eq 1 ]; then + export root="/dev/mapper/root" + fi + else + err "Password succeeded, but ${cryptname} creation failed, aborting..." + return 1 + fi + else + err "Failed to open encryption mapping: The device ${cryptdev} is not a LUKS volume and the crypto= paramater was not specified." + fi + fi +} + +_compare_signatures() { + local _cryptdev_sig_sha _keys_sig_sha + _cryptdev_sig_sha=$(sha512sum "${cryptdev}.sig") + _keys_sig_sha=$(sha512sum "/crypto_sigfile.bin") + if [ "${_keys_sig_sha%% *}" != "${_cryptdev_sig_sha%% *}" ]; then + err "Signatures on devices are different." + return 1 + else + msg "Signatures match, continue booting." + fi +} + +_verify() { + _compare_signatures + if _verify_signature "${cryptdev}" "/crypto_sigfile.bin"; then + msg ":: Signature is OK, continue booting." + export verify="n" + else + err "One or more files are corrupted" + return 1 + fi +} + +run_hook() { + modprobe -a -q dm-crypt >/dev/null 2>&1 + # shellcheck disable=SC2154 + [ "${quiet}" = "y" ] && CSQUIET=">/dev/null" + _cryptdev + + # Get signature file if specified + sigfile="/crypto_sigfile.bin" + if [ -n "$sigdevice" ]; then + _get_sig + fi + + # shellcheck disable=SC2154 + [ "${verify}" = "y" ] && _verify + + # Get key file if specified + ckeyfile="/crypto_keyfile.bin" + if [ -n "$cryptkey" ]; then + _get_key + fi + + # This may happen if third party hooks do the crypt setup + if [ -b "/dev/mapper/${cryptname}" ]; then + echo "Device ${cryptname} already exists, not doing any crypt setup." + return 0 + fi + + _set_cryptargs + _open_root + rm -f ${ckeyfile} + rm -f "${sigfile}" +} + +# vim: set ft=sh ts=4 sw=4 et: diff --git a/plymouth.encrypt_install b/plymouth.encrypt_install new file mode 100644 index 000000000000..5b567e7e2211 --- /dev/null +++ b/plymouth.encrypt_install @@ -0,0 +1,48 @@ +#!/bin/bash + +build() { + local mod + + add_module dm-crypt + add_module dm-integrity + if [[ $CRYPTO_MODULES ]]; then + for mod in $CRYPTO_MODULES; do + add_module "$mod" + done + else + add_all_modules '/crypto/' + fi + + add_binary "cryptsetup" + add_binary "dmsetup" + add_file "/usr/lib/udev/rules.d/10-dm.rules" + add_file "/usr/lib/udev/rules.d/13-dm-disk.rules" + add_file "/usr/lib/udev/rules.d/95-dm-notify.rules" + add_file "/usr/lib/initcpio/udev/11-dm-initramfs.rules" "/usr/lib/udev/rules.d/11-dm-initramfs.rules" + + # cryptsetup calls pthread_create(), which dlopen()s libgcc_s.so.1 + add_binary "/usr/lib/libgcc_s.so.1" + + add_runscript +} + +help() { + cat <<HELPEOF +This hook allows for an encrypted root device. Users should specify the device +to be unlocked using 'cryptdevice=device:dmname' on the kernel command line, +where 'device' is the path to the raw device, and 'dmname' is the name given to +the device after unlocking, and will be available as /dev/mapper/dmname. + +For unlocking via keyfile, 'cryptkey=device:fstype:path' should be specified on +the kernel cmdline, where 'device' represents the raw block device where the key +exists, 'fstype' is the filesystem type of 'device' (or auto), and 'path' is +the absolute path of the keyfile within the device. + +Without specifying a keyfile, you will be prompted for the password at runtime. +This means you must have a keyboard available to input it, and you may need +the keymap hook as well to ensure that the keyboard is using the layout you +expect. +HELPEOF +} + +# vim: set ft=sh ts=4 sw=4 et: diff --git a/plymouth.initcpio_hook b/plymouth.initcpio_hook new file mode 100644 index 000000000000..3d7ec1d17377 --- /dev/null +++ b/plymouth.initcpio_hook @@ -0,0 +1,23 @@ +run_earlyhook(){ + # first trigger graphics subsystem + udevadm trigger --action=add --attr-match=class=0x030000 >/dev/null 2>&1 + # first trigger graphics and tty subsystem + udevadm trigger --action=add --subsystem-match=graphics --subsystem-match=drm --subsystem-match=tty >/dev/null 2>&1 + + udevadm settle --timeout=30 2>&1 + + /usr/bin/mknod /dev/fb c 29 &>/dev/null + /usr/bin/mkdir -p /dev/pts + /usr/bin/mount -t devpts -o noexec,nosuid,gid=5,mode=0620 devpts /dev/pts || true + /usr/bin/plymouthd --mode=boot --pid-file=/run/plymouth/pid --attach-to-session +} + +run_hook() { + /usr/bin/plymouth --show-splash +} + +run_latehook(){ + /usr/bin/plymouth update-root-fs --new-root-dir=/new_root +} + +# vim: set ft=sh: diff --git a/plymouth.initcpio_install b/plymouth.initcpio_install new file mode 100644 index 000000000000..2bd0a2ffbe45 --- /dev/null +++ b/plymouth.initcpio_install @@ -0,0 +1,87 @@ +#!/bin/bash +# /etc/initcpio/install/plymouth — mkinitcpio hook for plymouth + +build() { + add_dir /dev/pts + add_dir /usr/share/plymouth/themes + add_dir /run/plymouth + + DATADIR="/usr/share/plymouth" + PLYMOUTH_LOGO_FILE="${DATADIR}/arch-logo.png" + PLYMOUTH_THEME_NAME="$(/usr/bin/plymouth-set-default-theme)" + PLYMOUTH_THEME_DIR="${DATADIR}/themes/${PLYMOUTH_THEME_NAME}" + PLYMOUTH_IMAGE_DIR=$(grep "ImageDir *= *" ${PLYMOUTH_THEME_DIR}/${PLYMOUTH_THEME_NAME}.plymouth | sed 's/ImageDir *= *//') + PLYMOUTH_PLUGIN_PATH="$(plymouth --get-splash-plugin-path)" + PLYMOUTH_MODULE_NAME="$(grep "ModuleName *= *" ${PLYMOUTH_THEME_DIR}/${PLYMOUTH_THEME_NAME}.plymouth | sed 's/ModuleName *= *//')" + + add_binary /usr/bin/plymouthd + add_binary /usr/bin/plymouth + add_binary /usr/lib/plymouth/plymouthd-fd-escrow + + add_file ${DATADIR}/themes/text/text.plymouth + add_binary ${PLYMOUTH_PLUGIN_PATH}/text.so + add_file ${DATADIR}/themes/details/details.plymouth + add_binary ${PLYMOUTH_PLUGIN_PATH}/details.so + + add_file "${PLYMOUTH_LOGO_FILE}" + add_file /etc/os-release + add_file /etc/plymouth/plymouthd.conf + add_file ${DATADIR}/plymouthd.defaults + + + if [ -f "/usr/share/fonts/TTF/DejaVuSans.ttf" -o -f "/usr/share/fonts/cantarell/Cantarell-Thin.otf" ]; then + add_binary ${PLYMOUTH_PLUGIN_PATH}/label.so + add_file "/etc/fonts/fonts.conf" + fi + + if [ -f "/usr/share/fonts/TTF/DejaVuSans.ttf" ]; then + add_file "/usr/share/fonts/TTF/DejaVuSans.ttf" + if [ -f "/etc/fonts/conf.d/57-dejavu-sans.conf" ]; then + add_file "/etc/fonts/conf.d/57-dejavu-sans.conf" + fi + fi + + if [ -f "/usr/share/fonts/cantarell/Cantarell-Thin.otf" ]; then + add_file "/usr/share/fonts/cantarell/Cantarell-Thin.otf" + add_file "/usr/share/fonts/cantarell/Cantarell-Regular.otf" + if [ -f "/etc/fonts/conf.d/60-latin.conf" ]; then + add_file "/etc/fonts/conf.d/60-latin.conf" + fi + fi + + if [ ! -f ${PLYMOUTH_PLUGIN_PATH}/${PLYMOUTH_MODULE_NAME}.so ]; then + echo "The default plymouth plugin (${PLYMOUTH_MODULE_NAME}) doesn't exist" > /dev/stderr + exit 1 + fi + + add_binary ${PLYMOUTH_PLUGIN_PATH}/${PLYMOUTH_MODULE_NAME}.so + + add_binary ${PLYMOUTH_PLUGIN_PATH}/renderers/drm.so + add_binary ${PLYMOUTH_PLUGIN_PATH}/renderers/frame-buffer.so + + if [ -d ${PLYMOUTH_THEME_DIR} ]; then + add_full_dir ${PLYMOUTH_THEME_DIR} + fi + + if [ "${PLYMOUTH_IMAGE_DIR}" != "${PLYMOUTH_THEME_DIR}" -a -d ${PLYMOUTH_IMAGE_DIR} ]; then + add_full_dir ${PLYMOUTH_IMAGE_DIR} + fi + + add_file /usr/lib/udev/rules.d/70-uaccess.rules + add_file /usr/lib/udev/rules.d/71-seat.rules + + # suppress a warning in glib (which the label control uses) + # about uid 0 by building a dummy NSS stack (LP #649917) + add_file /etc/passwd + add_file /etc/nsswitch.conf + add_binary "$(readlink -e /lib/libnss_files.so.2)" + add_file /lib/libnss_files.so.2 + + add_runscript +} + +help() { + cat <<HELPEOF +This hook includes plymouth in the initramfs image. +HELPEOF +} diff --git a/plymouthd.conf.patch b/plymouthd.conf.patch new file mode 100644 index 000000000000..da3105178530 --- /dev/null +++ b/plymouthd.conf.patch @@ -0,0 +1,10 @@ +--- plymouth.src/src/plymouthd.defaults ++++ plymouth.patch/src/plymouthd.defaults +@@ -1,5 +1,4 @@ +-# Distribution defaults. Changes to this file will get overwritten during +-# upgrades. ++# Set your plymouth configuration here. + [Daemon] + Theme=spinner + ShowDelay=0 + diff --git a/sd-plymouth.initcpio_install b/sd-plymouth.initcpio_install new file mode 100644 index 000000000000..9944f8979dd5 --- /dev/null +++ b/sd-plymouth.initcpio_install @@ -0,0 +1,92 @@ +#!/bin/bash +# /etc/initcpio/install/sd-plymouth — mkinitcpio/systemd hook for plymouth + +build() { + add_dir /dev/pts + add_dir /usr/share/plymouth/themes + add_dir /run/plymouth + + DATADIR="/usr/share/plymouth" + PLYMOUTH_LOGO_FILE="${DATADIR}/arch-logo.png" + PLYMOUTH_THEME_NAME="$(/usr/bin/plymouth-set-default-theme)" + PLYMOUTH_THEME_DIR="${DATADIR}/themes/${PLYMOUTH_THEME_NAME}" + PLYMOUTH_IMAGE_DIR=$(grep "ImageDir *= *" ${PLYMOUTH_THEME_DIR}/${PLYMOUTH_THEME_NAME}.plymouth | sed 's/ImageDir *= *//') + PLYMOUTH_PLUGIN_PATH="$(plymouth --get-splash-plugin-path)" + PLYMOUTH_MODULE_NAME="$(grep "ModuleName *= *" ${PLYMOUTH_THEME_DIR}/${PLYMOUTH_THEME_NAME}.plymouth | sed 's/ModuleName *= *//')" + + add_binary /usr/bin/plymouthd + add_binary /usr/bin/plymouth + add_binary /usr/lib/plymouth/plymouthd-fd-escrow + + add_file ${DATADIR}/themes/text/text.plymouth + add_binary ${PLYMOUTH_PLUGIN_PATH}/text.so + add_file ${DATADIR}/themes/details/details.plymouth + add_binary ${PLYMOUTH_PLUGIN_PATH}/details.so + + add_file "${PLYMOUTH_LOGO_FILE}" + add_file /etc/os-release + add_file /etc/plymouth/plymouthd.conf + add_file ${DATADIR}/plymouthd.defaults + + + if [ -f "/usr/share/fonts/TTF/DejaVuSans.ttf" -o -f "/usr/share/fonts/cantarell/Cantarell-Thin.otf" ]; then + add_binary ${PLYMOUTH_PLUGIN_PATH}/label.so + add_file "/etc/fonts/fonts.conf" + fi + + if [ -f "/usr/share/fonts/TTF/DejaVuSans.ttf" ]; then + add_file "/usr/share/fonts/TTF/DejaVuSans.ttf" + if [ -f "/etc/fonts/conf.d/57-dejavu-sans.conf" ]; then + add_file "/etc/fonts/conf.d/57-dejavu-sans.conf" + fi + fi + + if [ -f "/usr/share/fonts/cantarell/Cantarell-Thin.otf" ]; then + add_file "/usr/share/fonts/cantarell/Cantarell-Thin.otf" + add_file "/usr/share/fonts/cantarell/Cantarell-Regular.otf" + if [ -f "/etc/fonts/conf.d/60-latin.conf" ]; then + add_file "/etc/fonts/conf.d/60-latin.conf" + fi + fi + + if [ ! -f ${PLYMOUTH_PLUGIN_PATH}/${PLYMOUTH_MODULE_NAME}.so ]; then + echo "The default plymouth plugin (${PLYMOUTH_MODULE_NAME}) doesn't exist" > /dev/stderr + exit 1 + fi + + add_binary ${PLYMOUTH_PLUGIN_PATH}/${PLYMOUTH_MODULE_NAME}.so + + add_binary ${PLYMOUTH_PLUGIN_PATH}/renderers/drm.so + add_binary ${PLYMOUTH_PLUGIN_PATH}/renderers/frame-buffer.so + + if [ -d ${PLYMOUTH_THEME_DIR} ]; then + add_full_dir ${PLYMOUTH_THEME_DIR} + fi + + if [ "${PLYMOUTH_IMAGE_DIR}" != "${PLYMOUTH_THEME_DIR}" -a -d ${PLYMOUTH_IMAGE_DIR} ]; then + add_full_dir ${PLYMOUTH_IMAGE_DIR} + fi + + add_udev_rule 70-uaccess.rules + add_udev_rule 71-seat.rules + + map add_systemd_unit \ + systemd-ask-password-plymouth.path \ + systemd-ask-password-plymouth.service \ + plymouth-halt.service \ + plymouth-kexec.service \ + plymouth-poweroff.service \ + plymouth-quit-wait.service \ + plymouth-quit.service \ + plymouth-read-write.service \ + plymouth-reboot.service \ + plymouth-start.service \ + plymouth-switch-root-initramfs.service \ + plymouth-switch-root.service +} + +help() { + cat <<HELPEOF +This hook includes plymouth in a systemd-based initramfs image. +HELPEOF +} diff --git a/sddm-plymouth.service b/sddm-plymouth.service new file mode 100644 index 000000000000..49fcf224d5f4 --- /dev/null +++ b/sddm-plymouth.service @@ -0,0 +1,13 @@ +[Unit] +Description=Simple Desktop Display Manager +Documentation=man:sddm(1) man:sddm.conf(5) +Conflicts=getty@tty1.service +Wants=plymouth-deactivate.service +After=systemd-user-sessions.service getty@tty1.service plymouth-quit.service systemd-logind.service plymouth-deactivate.service + +[Service] +ExecStart=/usr/bin/sddm +Restart=always + +[Install] +Alias=display-manager.service |