logo

make-initrd

Unnamed repository; edit this file 'description' to name the repository.
commit: 899c53f1a51dbb9b33d38944b269acbd7e913391
Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Date:   Mon, 12 Mar 2018 11:18:53 +0100

Initial Commit

Diffstat:

AREADME9+++++++++
Ainit75+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Amake-initrd.bash74++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 158 insertions(+), 0 deletions(-)

diff --git a/README b/README @@ -0,0 +1,9 @@ +# make-initrd + +A custom initrd (aka initramfs) generator. It’s quite at the first steps, configuration is mainly done in ``init`` and ``make-initrd.bash`` scripts at this point but it works (I use it in production actually). + +## Tested systems +All are running Gentoo (GNU+)Linux with ZFS on LUKS. +* arm musl +* amd64 musl +* amd64 Hardened glibc (tends to have bugs because of how broken glibc is) diff --git a/init b/init @@ -0,0 +1,75 @@ +#!/bin/sh +# Copyright 2017-2018 Haelwenn (lanodan) Monnier <contact@hacktivis.me> +# Distributed under the terms of the ISC license + +export PATH=/bin:/sbin:/usr/bin:/usr/sbin +export init=/sbin/init newroot=/newroot root=zroot/ROOT/gentoo sh=/bin/sh level=3\ -a dev_hotplug=mdev + + +rescueshell() { + export PS1='rsh:$(tty | cut -c6-):$PWD # ' + if which setsid $>/dev/null; then + setsid $sh -i -0<$console 1>$console 2>&1 + else + $sh -i 0<$console 1>$console 2>&1 + fi +} + +die() { + echo -e "$@" + echo -e "Dropping into a rescueshell..." + rescueshell || exec $sh -i +} + +getdev() { + echo $(blkid | grep $1 | cut -d: -f1) +} + +set -v + +umask 0077 +mount -t proc proc /proc +mount -t sysfs sysfs /sys +if grep devtmpfs /proc/filesystems &>/dev/null; then + mount -t devtmpfs devtmpfs /dev +else + mount -t tmpfs tmpfs /dev +fi + +for arg in $(cat /proc/cmdline); do + case $arg in + rescue*) export rescue=1;; + single) export level=2;; + level*|init*|root*|crypt_root*|sh*|dev_hotplug*) export $arg;; + esac +done + + +$dev_hotplug -s || die + +echo $(which $dev_hotplug) > /proc/sys/kernel/hotplug + +[ -h /dev/fd ] || ln -fs /proc/self/fd /dev/fd +[ -h /dev/stderr ] || ln -fs /proc/self/stderr /dev/stderr +[ -h /dev/stdin ] || ln -fs /proc/self/stdin /dev/stdin +[ -h /dev/stdout ] || ln -fs /proc/self/stdout /dev/stdout +: ${console:=/dev/console} +exec 0<$console 1>$console 2>&1 + +#root=$(getdev $crypt_root) +#[ $root ] || root=/dev/sda2 +#cryptsetup open $root root || die +# +#mount /dev/mapper/root $newroot || die + +modprobe zfs || die + +cryptsetup open /dev/sda2 cryptrpool || die + +zpool import -d /dev/mapper -d /dev -N rpool || die + +mount -t zfs -o rw,zfsutil $root $newroot || die + +umount -l /{sys,dev,proc} + +exec switch_root $newroot ${init:-/sbin/init} $level || die diff --git a/make-initrd.bash b/make-initrd.bash @@ -0,0 +1,74 @@ +#!/bin/bash +# Copyright 2017-2018 Haelwenn (lanodan) Monnier <contact@hacktivis.me> +# Distributed under the terms of the ISC license + +kv=${1:-$(uname -r)} +arc=$(getconf LONG_BIT) +out_base=initramfs-${kv} +elves="lvm busybox blkid lsblk cryptsetup mksh zfs zpool" +WORKDIR="$(pwd)" + +function docp() { + local link=${1} prefix + [[ -n ${link} ]] || return + cp -a {,.}${link} + + [[ -h ${link} ]] && + while true; do + prefix=${link%/*} + link=$(readlink ${link}) + [[ ${link%/*} == ${link} ]] && link=${prefix}/${link} + cp -a {,.}${link} || die + [[ -h ${link} ]] || break + done + + return 0 +} + +test -e $out_base && rm -fr $out_base +mkdir -p $out_base && pushd $out_base +mkdir -p {usr/,}{bin,lib$arc} dev proc sys newroot etc +ln -s lib{$arc,} +ln -s /proc/mounts etc/mtab +pushd usr && ln -s lib{$arc,} && popd + +mkdir -p lib/modules ; cp -pr /lib/modules/$kv lib/modules + +mknod -m 600 dev/console c 5 1 +mknod -m 666 dev/urandom c 1 9 +mknod -m 666 dev/random c 1 8 +mknod -m 640 dev/mem c 1 1 +mknod -m 666 dev/null c 1 3 +mknod -m 666 dev/tty c 5 0 +mknod -m 666 dev/zero c 1 5 +mknod -m 640 dev/tty1 c 4 1 + +[[ $(echo "$kv" | cut -d'.' -f1 ) -eq 3 ]] && + [[ $(echo "$kv" | cut -d'.' -f2) -ge 1 ]] && + mknod -m 600 /dev/loop-control c 10 237 + +for i in $elves; do + cp $(which $i) bin +done + +cp "${WORKDIR}/init" . && chmod 755 init || exit +ln bin/mksh bin/sh +bin/busybox --install usr/bin + +for bin in $(find bin); do + ldd $bin >/dev/null || continue + for lib in $(ldd $bin | sed -nre 's,.* (/.*lib.*/.*.so.*) .*,\1,p' \ + -e 's,.*(/lib.*/ld.*.so.*) .*,\1,p') + do + mkdir -p ${lib%/*} && docp {,.}$lib + done +done + +if find . -print0 | cpio --null -ov --format=newc | xz -9 --check=crc32 > ../${out_base}.cpio.xz; then + test -e /boot/${out_base}.cpio.xz && mv /boot/${out_base}.cpio.xz /boot/${out_base}.cpio.xz.old + cp ../${out_base}.cpio.xz /boot +fi + +popd + +unset -v arc kv out_base elves