1 |
On Wed, 26 Dec 2012 07:58:34 -0800, Mark Knecht wrote: |
2 |
|
3 |
> OK, it's the day after Christmas and this little kid wants to play |
4 |
> with the new toys Uncle Neil gave us yesterday - a copy of his well |
5 |
> worn setup file for building an initramfs into the kernel - a copy of |
6 |
> which I place here: |
7 |
> |
8 |
> [QUOTE] |
9 |
> |
10 |
> This is the file I use on a system that has / on a LUKS filesystem on |
11 |
> top of LVM. The format is documented in the kernel docs at |
12 |
> Documentation/filesystems/ramfs-rootfs-initramfs.txt |
13 |
> |
14 |
> |
15 |
> dir /bin 755 0 0 |
16 |
> file /bin/busybox /bin/busybox 755 0 0 |
17 |
> slink /bin/sh busybox 777 0 0 |
18 |
> |
19 |
> dir /realroot 755 0 0 |
20 |
> dir /etc 755 0 0 |
21 |
> dir /proc 755 0 0 |
22 |
> dir /sys 755 0 0 |
23 |
> |
24 |
> dir /sbin 755 0 0 |
25 |
> file /sbin/lvm.static /sbin/lvm.static 755 0 0 |
26 |
> #file /sbin/mdadm /sbin/mdadm 755 0 0 |
27 |
> file /sbin/cryptsetup /sbin/cryptsetup 755 0 0 |
28 |
> |
29 |
> file /sbin/e2fsck /sbin/e2fsck 755 0 0 |
30 |
> dir /lib 755 0 0 |
31 |
> file /lib/libext2fs.so /usr/lib64/libext2fs.so 755 0 0 |
32 |
> |
33 |
> dir /dev 755 0 0 |
34 |
> nod /dev/console 600 0 0 c 5 1 |
35 |
> nod /dev/null 666 0 0 c 1 3 |
36 |
> nod /dev/tty 666 0 0 c 5 0 |
37 |
> nod /dev/urandom 666 0 0 c 1 9 |
38 |
> |
39 |
> file /init /usr/src/init.sh 755 0 0 |
40 |
> |
41 |
> [/QUOTE] |
42 |
> |
43 |
> |
44 |
> OK, so reading through this it seems moderately straight forward. My |
45 |
> reading: |
46 |
> |
47 |
> a) Create some directories |
48 |
> b) Populate them with some executables |
49 |
> c) Make some nodes |
50 |
> d) Execute a script |
51 |
> |
52 |
> |
53 |
> I do have a few questions: |
54 |
> |
55 |
> 1) dir /realroot 755 0 0 |
56 |
> |
57 |
> Is this something required to make the machine boot? Or is it possibly |
58 |
> a mount point in case of problems and just used inside the initramfs |
59 |
> if trouble arises? Something else? Google didn't point me toward |
60 |
> anything meaningful. |
61 |
|
62 |
It's where init.sh mounts the real root filesystem before running |
63 |
switchroot. |
64 |
|
65 |
> 2) Contained executables, as I understand them, either need to be |
66 |
> built with the static flag or you have to include all the libraries. |
67 |
> Static seems simpler so (in my case) should I rebuild mdadm & |
68 |
> e2fsprogs with +static? (I don't currently use lvm or any crypt stuff) |
69 |
|
70 |
Yes. |
71 |
|
72 |
> 3) My system uses RAID today. Is there any significant risk in |
73 |
> rebuilding mdadm with static support, rebooting the existing kernel |
74 |
> without an initramfs and then mdadm having trouble? |
75 |
|
76 |
Static mdadm has given me no problems whatsoever, I guarantee that you |
77 |
will have no fewer problems than me :) |
78 |
|
79 |
> 4) What's in /usr/src/init.sh ? From the Gentoo initramfs wiki I find |
80 |
> this as an example: |
81 |
|
82 |
I use one based on the wiki example |
83 |
|
84 |
|
85 |
#!/bin/busybox sh |
86 |
|
87 |
rescue_shell() { |
88 |
busybox --install -s |
89 |
echo $1 |
90 |
exec /bin/sh |
91 |
} |
92 |
|
93 |
### Mount the /proc and /sys filesystems. |
94 |
mount -t proc none /proc |
95 |
grep -q initdebug </proc/cmdline && set -x && DEBUG=1 |
96 |
mount -t sysfs none /sys |
97 |
mount -t devtmpfs none /dev |
98 |
|
99 |
### Get root and init parameters from cmdline |
100 |
REAL_ROOT="$(sed 's/.*root=\(\S*\).*/\1/' <proc/cmdline)" |
101 |
if grep -q init= </proc/cmdline; then |
102 |
REAL_INIT="$(sed 's/.*init=\(\S*\).*/\1/' <proc/cmdline)" |
103 |
else |
104 |
REAL_INIT="/sbin/init" |
105 |
fi |
106 |
|
107 |
### Assemble RAID |
108 |
[[ -f /sbin/mdadm ]] && mdadm --assemble --scan |
109 |
|
110 |
### Initialise LVM |
111 |
if [[ -f /sbin/lvm.static ]]; then |
112 |
lvm.static vgchange -a y |
113 |
lvm.static vgscan --mknodes |
114 |
[[ -n "$DEBUG" ]] && sleep 10 |
115 |
fi |
116 |
|
117 |
### Mount the root filesystem. |
118 |
if [[ -f /sbin/cryptsetup ]] && cryptsetup isLuks $REAL_ROOT; then |
119 |
busybox echo -e "\e[0;32m\n=====================\nEncrypted root device\n=====================\n\e[m" |
120 |
cryptsetup luksOpen $REAL_ROOT cryptroot |
121 |
REAL_ROOT="/dev/mapper/cryptroot" |
122 |
[[ -n "$DEBUG" ]] && echo $REAL_ROOT && sleep 10 |
123 |
fi |
124 |
mount -o ro $REAL_ROOT /realroot || rescue_shell "Could not mount REAL_ROOT" |
125 |
[[ -n "$DEBUG" ]] && df -h /realroot && sleep 10 |
126 |
|
127 |
### Mount /usr if separate |
128 |
if grep -qE '^[^#].*\s\/usr\s' /realroot/etc/fstab; then |
129 |
#mount $(awk '/\s\/usr\s/ {print $1, "/realroot"$2, "-t", $3, "-o", $4 ",ro"}' /realroot/etc/fstab) |
130 |
mount $(awk '/^[^#].*\s\/usr\s/ {print $1, "/realroot"$2, "-t", $3, "-o", $4 ",ro"}' /realroot/etc/fstab) |
131 |
[[ -n "$DEBUG" ]] && df -h /realroot//usr && sleep 10 |
132 |
fi |
133 |
|
134 |
grep -q waitforkey </proc/cmdline && WAITFORKEY=1 |
135 |
grep -q rescue </proc/cmdline && rescue_shell "...because you asked for it." |
136 |
|
137 |
### Clean up. |
138 |
umount /dev |
139 |
umount /sys |
140 |
umount /proc |
141 |
|
142 |
### Boot the real thing |
143 |
[[ -n "$DEBUG" ]] && echo "Ready to switch" && sleep 10 |
144 |
[[ -n "$WAITFORKEY" ]] && busybox showkey -a |
145 |
exec busybox switch_root /realroot $REAL_INIT || rescue_shell "Failed to switch_root" |
146 |
|
147 |
Most of it is debug stuff that I haven't used since I first started using |
148 |
it. |
149 |
|
150 |
|
151 |
-- |
152 |
Neil Bothwick |
153 |
|
154 |
For security reasons, all text in this mail is double-rot13 encrypted. |