| 1 |
On Wed, 26 Dec 2012 07:58:34 -0800, Mark Knecht wrote: |
| 2 |
|
| 3 |
> OK, it's the day after Christmas and this little kid wants to play |
| 4 |
> with the new toys Uncle Neil gave us yesterday - a copy of his well |
| 5 |
> worn setup file for building an initramfs into the kernel - a copy of |
| 6 |
> which I place here: |
| 7 |
> |
| 8 |
> [QUOTE] |
| 9 |
> |
| 10 |
> This is the file I use on a system that has / on a LUKS filesystem on |
| 11 |
> top of LVM. The format is documented in the kernel docs at |
| 12 |
> Documentation/filesystems/ramfs-rootfs-initramfs.txt |
| 13 |
> |
| 14 |
> |
| 15 |
> dir /bin 755 0 0 |
| 16 |
> file /bin/busybox /bin/busybox 755 0 0 |
| 17 |
> slink /bin/sh busybox 777 0 0 |
| 18 |
> |
| 19 |
> dir /realroot 755 0 0 |
| 20 |
> dir /etc 755 0 0 |
| 21 |
> dir /proc 755 0 0 |
| 22 |
> dir /sys 755 0 0 |
| 23 |
> |
| 24 |
> dir /sbin 755 0 0 |
| 25 |
> file /sbin/lvm.static /sbin/lvm.static 755 0 0 |
| 26 |
> #file /sbin/mdadm /sbin/mdadm 755 0 0 |
| 27 |
> file /sbin/cryptsetup /sbin/cryptsetup 755 0 0 |
| 28 |
> |
| 29 |
> file /sbin/e2fsck /sbin/e2fsck 755 0 0 |
| 30 |
> dir /lib 755 0 0 |
| 31 |
> file /lib/libext2fs.so /usr/lib64/libext2fs.so 755 0 0 |
| 32 |
> |
| 33 |
> dir /dev 755 0 0 |
| 34 |
> nod /dev/console 600 0 0 c 5 1 |
| 35 |
> nod /dev/null 666 0 0 c 1 3 |
| 36 |
> nod /dev/tty 666 0 0 c 5 0 |
| 37 |
> nod /dev/urandom 666 0 0 c 1 9 |
| 38 |
> |
| 39 |
> file /init /usr/src/init.sh 755 0 0 |
| 40 |
> |
| 41 |
> [/QUOTE] |
| 42 |
> |
| 43 |
> |
| 44 |
> OK, so reading through this it seems moderately straight forward. My |
| 45 |
> reading: |
| 46 |
> |
| 47 |
> a) Create some directories |
| 48 |
> b) Populate them with some executables |
| 49 |
> c) Make some nodes |
| 50 |
> d) Execute a script |
| 51 |
> |
| 52 |
> |
| 53 |
> I do have a few questions: |
| 54 |
> |
| 55 |
> 1) dir /realroot 755 0 0 |
| 56 |
> |
| 57 |
> Is this something required to make the machine boot? Or is it possibly |
| 58 |
> a mount point in case of problems and just used inside the initramfs |
| 59 |
> if trouble arises? Something else? Google didn't point me toward |
| 60 |
> anything meaningful. |
| 61 |
|
| 62 |
It's where init.sh mounts the real root filesystem before running |
| 63 |
switchroot. |
| 64 |
|
| 65 |
> 2) Contained executables, as I understand them, either need to be |
| 66 |
> built with the static flag or you have to include all the libraries. |
| 67 |
> Static seems simpler so (in my case) should I rebuild mdadm & |
| 68 |
> e2fsprogs with +static? (I don't currently use lvm or any crypt stuff) |
| 69 |
|
| 70 |
Yes. |
| 71 |
|
| 72 |
> 3) My system uses RAID today. Is there any significant risk in |
| 73 |
> rebuilding mdadm with static support, rebooting the existing kernel |
| 74 |
> without an initramfs and then mdadm having trouble? |
| 75 |
|
| 76 |
Static mdadm has given me no problems whatsoever, I guarantee that you |
| 77 |
will have no fewer problems than me :) |
| 78 |
|
| 79 |
> 4) What's in /usr/src/init.sh ? From the Gentoo initramfs wiki I find |
| 80 |
> this as an example: |
| 81 |
|
| 82 |
I use one based on the wiki example |
| 83 |
|
| 84 |
|
| 85 |
#!/bin/busybox sh |
| 86 |
|
| 87 |
rescue_shell() { |
| 88 |
busybox --install -s |
| 89 |
echo $1 |
| 90 |
exec /bin/sh |
| 91 |
} |
| 92 |
|
| 93 |
### Mount the /proc and /sys filesystems. |
| 94 |
mount -t proc none /proc |
| 95 |
grep -q initdebug </proc/cmdline && set -x && DEBUG=1 |
| 96 |
mount -t sysfs none /sys |
| 97 |
mount -t devtmpfs none /dev |
| 98 |
|
| 99 |
### Get root and init parameters from cmdline |
| 100 |
REAL_ROOT="$(sed 's/.*root=\(\S*\).*/\1/' <proc/cmdline)" |
| 101 |
if grep -q init= </proc/cmdline; then |
| 102 |
REAL_INIT="$(sed 's/.*init=\(\S*\).*/\1/' <proc/cmdline)" |
| 103 |
else |
| 104 |
REAL_INIT="/sbin/init" |
| 105 |
fi |
| 106 |
|
| 107 |
### Assemble RAID |
| 108 |
[[ -f /sbin/mdadm ]] && mdadm --assemble --scan |
| 109 |
|
| 110 |
### Initialise LVM |
| 111 |
if [[ -f /sbin/lvm.static ]]; then |
| 112 |
lvm.static vgchange -a y |
| 113 |
lvm.static vgscan --mknodes |
| 114 |
[[ -n "$DEBUG" ]] && sleep 10 |
| 115 |
fi |
| 116 |
|
| 117 |
### Mount the root filesystem. |
| 118 |
if [[ -f /sbin/cryptsetup ]] && cryptsetup isLuks $REAL_ROOT; then |
| 119 |
busybox echo -e "\e[0;32m\n=====================\nEncrypted root device\n=====================\n\e[m" |
| 120 |
cryptsetup luksOpen $REAL_ROOT cryptroot |
| 121 |
REAL_ROOT="/dev/mapper/cryptroot" |
| 122 |
[[ -n "$DEBUG" ]] && echo $REAL_ROOT && sleep 10 |
| 123 |
fi |
| 124 |
mount -o ro $REAL_ROOT /realroot || rescue_shell "Could not mount REAL_ROOT" |
| 125 |
[[ -n "$DEBUG" ]] && df -h /realroot && sleep 10 |
| 126 |
|
| 127 |
### Mount /usr if separate |
| 128 |
if grep -qE '^[^#].*\s\/usr\s' /realroot/etc/fstab; then |
| 129 |
#mount $(awk '/\s\/usr\s/ {print $1, "/realroot"$2, "-t", $3, "-o", $4 ",ro"}' /realroot/etc/fstab) |
| 130 |
mount $(awk '/^[^#].*\s\/usr\s/ {print $1, "/realroot"$2, "-t", $3, "-o", $4 ",ro"}' /realroot/etc/fstab) |
| 131 |
[[ -n "$DEBUG" ]] && df -h /realroot//usr && sleep 10 |
| 132 |
fi |
| 133 |
|
| 134 |
grep -q waitforkey </proc/cmdline && WAITFORKEY=1 |
| 135 |
grep -q rescue </proc/cmdline && rescue_shell "...because you asked for it." |
| 136 |
|
| 137 |
### Clean up. |
| 138 |
umount /dev |
| 139 |
umount /sys |
| 140 |
umount /proc |
| 141 |
|
| 142 |
### Boot the real thing |
| 143 |
[[ -n "$DEBUG" ]] && echo "Ready to switch" && sleep 10 |
| 144 |
[[ -n "$WAITFORKEY" ]] && busybox showkey -a |
| 145 |
exec busybox switch_root /realroot $REAL_INIT || rescue_shell "Failed to switch_root" |
| 146 |
|
| 147 |
Most of it is debug stuff that I haven't used since I first started using |
| 148 |
it. |
| 149 |
|
| 150 |
|
| 151 |
-- |
| 152 |
Neil Bothwick |
| 153 |
|
| 154 |
For security reasons, all text in this mail is double-rot13 encrypted. |
Archives