Skip to content
Snippets Groups Projects
New look: Off

install osk-sdl only for encrypted installations

    • Open Imported Issue created by Administrator @root

    Based on @craftyguy's excellent work in https://gitlab.com/postmarketOS/pmbootstrap/-/merge_requests/2066 and https://gitlab.com/postmarketOS/pmaports/-/merge_requests/2242, we could make the on-device installer only install osk-sdl if the encrypted installation was selected.

    I did some quick testing, and if we did install both osk-sdl and postmarketos-base-nofde in pmbootstrap for the on-device installer, then we could uninstall either of them depending on the FDE choice, and get the desired effect. Note that the installer doesn't use network access and doesn't have a cache of packages-to-be-installed, so installing additional packages would be a problem, but uninstalling packages is not a problem.

    This is how I'd implement it in detail:

    • change cmdLuksFormat to point to a new shell script ondev-luks-format.sh (separate commit)
    #!/bin/sh -ex
cryptsetup luksFormat "$@"
touch /tmp/ondev-encrypted
    • refactor shellprocess.conf slightly: let it point to a new script ondev-post-install.sh that has all existing commands and comments, with #!/bin/sh -ex, to make this config more readable (separate commit)
    • add logic to ondev-post-install.sh: if /tmp/ondev-encrypted exists, run apk del postmarketos-base-nofde in the chroot. Otherwise run apk del osk-sdl in the chroot. (separate commit)
      • either prefix the command with "chroot" or use apk parameters to run apk from the outside system, you can set the basedir or something and then you can avoid the chroot call. I'd prefer the latter.
    • test everything properly
    • make merge request to postmarketos-ondev with these changes
    • get it merged, make a new release
    • make pmbootstrap MR: if postmarketos-ondev version XX or higher is installed (pmb.install._install.get_ondev_pkgver), and running pmbootstrap install --fde --ondev, install both postmarketos-base-nofde and osk-sdl.

    This needs proper testing! Build postmarketos-ondev from source and make sure that all components work as expected with QEMU, how do to that is described here. Make sure all modified code paths work as expected.

    Edited by Administrator
    To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

    Child items 0

    • No child items are currently assigned. Use child items to break down this issue into smaller parts.

    Activity

    Please register or sign in to reply