Make compatible with cryptsetup's encrypt hook

This merge request makes archiso hook compatible with the correct output of the encrypt hook, that can so be enabled and configured to handle LUKS encrypted archiso systems.

Changes

When the encrypt successfully ends, it exports a static root variable containing the path of the device mapper representing the root device (by default /dev/mapper/root).

Since the root device here is on a file on the bootmnt and not on a disk directly, I've changed the cryptsetup encrypt hook to support an intermediate mount for bootmnt on /run/cryptdev.

Compatibility is obtained by bind mounting /run/cryptdev to bootmnt and replacing the loopmount with root if it exists.

Value of archisodevice has been changed from /dev/disk/by-label/$archisolabel to dev/disk/by-uuid/$archisouuid to avoid boot problems when multiple archisolabel'd devices are inserted.

Depends on nested cryptkey support cryptsetup merge request (where should it be submitted for review?).

Solves #14 and #15 (moved).

See specular MR on archlinux/archiso!217 (closed).

hooks/archiso

@@ -85,7 +85,13 @@ _mnt_fs() {
         img="/run/archiso/copytoram/${img_fullname}"
         msg "done."
     fi
-    img_loopdev="$(losetup --find --show --read-only -- "${img}")"
+
+    # shellcheck disable=SC2154
+    if [ -e "${root}" ]; then
+        img_loopdev="${root}"
+    else
+        img_loopdev="$(losetup --find --show --read-only -- "${img}")"
+    fi
     _mnt_dev "${img_loopdev}" "${mnt}" "-r" "defaults"
 }
 
@@ -98,7 +104,7 @@ _mnt_dev() {
 
     msg ":: Mounting '${dev}' to '${mnt}'"
 
-    while ! poll_device "${dev}" 30; do
+    while ! [ -d "${dev}" ] && ! poll_device "${dev}" 30; do
         echo "ERROR: '${dev}' device did not show up after 30 seconds..."
         echo "   Falling back to interactive prompt"
         echo "   You can try to fix the problem manually, log out when you are finished"
@@ -117,7 +123,7 @@ _mnt_dev() {
 
 _verify_checksum() {
     local _status
-    cd "/run/archiso/bootmnt/${archisobasedir}/${arch}" || exit 1
+    cd "${airootfs_dir}" || exit 1
     sha512sum -c airootfs.sha512 >/tmp/checksum.log 2>&1
     _status=$?
     cd -- "${OLDPWD}" || exit 1
@@ -127,13 +133,24 @@ _verify_checksum() {
 _verify_signature() {
     local _status
     local sigfile="${1}"
-    cd "/run/archiso/bootmnt/${archisobasedir}/${arch}" || exit 1
+    cd "${airootfs_dir}" || exit 1
     gpg --homedir /gpg --status-fd 1 --verify "${sigfile}" 2>/dev/null | grep -E '^\[GNUPG:\] GOODSIG'
     _status=$?
     cd -- "${OLDPWD}" || exit 1
     return ${_status}
 }
 
+_archisodevice() {
+    # shellcheck disable=SC2154
+    if [ -e "${root}" ]; then
+        archisodevice="/run/cryptdev"
+        bootmnt_opts="bind"
+    else
+        archisodevice="/dev/disk/by-uuid/${archisouuid}"
+        bootmnt_opts="defaults"
+    fi
+}
+
 run_hook() {
     [ -z "${arch}" ] && arch="$(uname -m)"
     [ -z "${copytoram_size}" ] && copytoram_size="75%"
@@ -141,7 +158,7 @@ run_hook() {
     [ -z "${dm_snap_prefix}" ] && dm_snap_prefix="arch"
     # shellcheck disable=SC2154
     # defined via initcpio's parse_cmdline()
-    [ -z "${archisodevice}" ] && archisodevice="/dev/disk/by-label/${archisolabel}"
+    [ -z "${archisodevice}" ] && _archisodevice
     [ -z "${cow_spacesize}" ] && cow_spacesize="256M"
     # shellcheck disable=SC2154
     # defined via initcpio's parse_cmdline()
@@ -155,6 +172,7 @@ run_hook() {
     fi
 
     [ -z "${cow_flags}" ] && cow_flags="defaults"
+    # shellcheck disable=SC2154
     [ -z "${cow_directory}" ] && cow_directory="persistent_${archisolabel}/${arch}"
     [ -z "${cow_chunksize}" ] && cow_chunksize="8"
 
@@ -167,16 +185,25 @@ run_hook() {
 # args: /path/to/newroot
 archiso_mount_handler() {
     local newroot="${1}"
-    local sigfile fs_img
+    local airootfs sigfile fs_img
+    bootmnt="/run/archiso/bootmnt"
 
-    if ! mountpoint -q "/run/archiso/bootmnt"; then
-        _mnt_dev "${archisodevice}" "/run/archiso/bootmnt" "-r" "defaults"
+    if ! mountpoint -q "${bootmnt}"; then
+        _mnt_dev "${archisodevice}" "${bootmnt}" "-r" "${bootmnt_opts}"
+    fi
+
+    local airootfs_dir="${bootmnt}/${archisobasedir}/${arch}"
+
+    if [ -f "${airootfs_dir}/airootfs.sfs" ]; then
+        airootfs="${airootfs_dir}/airootfs.sfs"
+    elif [ -f "${airootfs_dir}/airootfs.erofs" ]; then
+        airootfs="${airootfs_dir}/airootfs.erofs"
     fi
 
     # shellcheck disable=SC2154
     # defined via initcpio's parse_cmdline()
     if [ "${checksum}" = "y" ]; then
-        if [ -f "/run/archiso/bootmnt/${archisobasedir}/${arch}/airootfs.sha512" ]; then
+        if [ -f "${airootfs%.*}.sha512" ]; then
             msg ":: Self-test requested, please wait..."
             if _verify_checksum; then
                 msg "Checksum is OK, continue booting."
@@ -194,11 +221,7 @@ archiso_mount_handler() {
     # shellcheck disable=SC2154
     # defined via initcpio's parse_cmdline()
     if [ "${verify}" = "y" ]; then
-        if [ -f "/run/archiso/bootmnt/${archisobasedir}/${arch}/airootfs.sfs.sig" ]; then
-            sigfile="airootfs.sfs.sig"
-        elif [ -f "/run/archiso/bootmnt/${archisobasedir}/${arch}/airootfs.erofs.sig" ]; then
-            sigfile="airootfs.erofs.sig"
-        fi
+        [ -f "${airootfs}.sig" ] && sigfile="$(basename "${airootfs}.sig")"
         if [ -n "${sigfile}" ]; then
             msg ":: Signature verification requested, please wait..."
             if _verify_signature "${sigfile}"; then
@@ -230,10 +253,11 @@ archiso_mount_handler() {
     mkdir -p "/run/archiso/cowspace/${cow_directory}"
     chmod 0700 "/run/archiso/cowspace/${cow_directory}"
 
-    if [ -f "/run/archiso/bootmnt/${archisobasedir}/${arch}/airootfs.sfs" ]; then
-        fs_img="/run/archiso/bootmnt/${archisobasedir}/${arch}/airootfs.sfs"
-    elif [ -f "/run/archiso/bootmnt/${archisobasedir}/${arch}/airootfs.erofs" ]; then
-        fs_img="/run/archiso/bootmnt/${archisobasedir}/${arch}/airootfs.erofs"
+    # shellcheck disable=SC2154
+    if [ -f "${airootfs}" ]; then
+        fs_img="${airootfs}"
+    elif [ -f "${root}" ]; then
+        fs_img="${root}"
     else
         echo "ERROR: no root file system image found"
         launch_interactive_shell
@@ -246,8 +270,8 @@ archiso_mount_handler() {
     fi
 
     if [ "${copytoram}" = "y" ]; then
-        umount -d /run/archiso/bootmnt
-        rmdir /run/archiso/bootmnt
+        umount -d "${bootmnt}"
+        rmdir "${bootmnt}"
     fi
 }