0020-read-only: iterate over all devices + improve console message layout

There might be block devices other than /dev/sd* + /dev/vd* (like
/dev/nvme0n*). Instead of hardcoding a static list, let's iterate over
all of them, and then ignore all symlinks (pointing to the actual
devices) and consider only actual block devices.
Also ensure that the device exists (checked via `blockdev --getsz ...`)
before executing `blockdev --setro ...` on it.

Reworked the according console message: using printf with field width
allows us to make this look a bit nicer and better integrate into the
boot sequence look-alike.

JFTR: it would be nice to send output also to `/boot.log` (which ends up
as `/var/log/live/boot.log` on the booted system), but if we do this
then the output is visible twice during startup, as `/boot.live` is sent
to console via `tail -f`. If changing this to only list it via
`/boot.live` it might not be always guaranteed to be visible on screen,
so we didn't change this yet.

This work was funded by Grml-Forensic.

diff --git a/components/0020-read-only b/components/0020-read-only
index f56b8cf..84d73ef 100755 (executable)
--- a/components/0020-read-only
+++ b/components/0020-read-only
@@ -29,27 +29,40 @@ Read_only ()
 
        # Marking some block devices as read-only to ensure that nothing
        # gets written as linux still writes to 'only' read-only mounted filesystems.
-       LIVE_READ_ONLY_DEVICES="${LIVE_READ_ONLY_DEVICES:-/dev/sd* /dev/vd*}"
+       LIVE_READ_ONLY_DEVICES="${LIVE_READ_ONLY_DEVICES:-/dev/* /dev/*/*}"
 
        for _DEVICE in $(echo ${LIVE_READ_ONLY_DEVICES} | sed -e 's|,| |g')
        do
+               # ignore symlinks like /dev/cdrom, /dev/block/* which point to actual devices
+               if [ -L "${_DEVICE}" ]
+               then
+                       continue
+               fi
+
+               # only consider actual block devices
                if [ ! -b "${_DEVICE}" ]
                then
                        continue
                fi
 
-               echo -n "live-boot: Setting ${_DEVICE} read-only..." > /dev/console
+               if ! blockdev --getsz "${_DEVICE}" >/dev/null 2>&1
+               then
+                       printf " * live-boot: Ignoring '%-10s' (not present?)\n" "${_DEVICE}" > /dev/console
+                       continue
+               fi
+
+               printf " * live-boot: Setting %-10s read-only..." "${_DEVICE}" > /dev/console
 
-               blockdev --setro ${_DEVICE}
+               blockdev --setro "${_DEVICE}"
                _RETURN="${?}"
 
                case "${_RETURN}" in
                        0)
-                               echo " done, use 'blockdev --setrw ${_DEVICE}' to set read-write." > /dev/console
+                               printf " done, use 'blockdev --setrw %-10s' to set read-write.\n" "${_DEVICE}" > /dev/console
                                ;;
 
                        *)
-                               echo " failed." > /dev/console
+                               printf " failed.\n" > /dev/console
                                ;;
                esac
        done