From: "J. Roeleveld" <joost@antarean.org>
To: gentoo-user@lists.gentoo.org
Subject: [gentoo-user] My initramfs, embedded in the kernel (Requested from "remote installation, dual boot")
Date: Sat, 25 Apr 2015 11:39:43 +0200 [thread overview]
Message-ID: <5127577.bRe6ssi7Km@andromeda> (raw)
[-- Attachment #1: Type: text/plain, Size: 1508 bytes --]
On Friday, April 24, 2015 03:38:53 PM james wrote:
> J. Roeleveld <joost <at> antarean.org> writes:
> > This is one of the reasons why I have given up on genkernel and dracut for
> > initramfs creation and now simply build my own and have it integrated
> > into the kernel:
> > $ zcat /proc/config.gz | grep INITRAMFS_SOURCE
> > CONFIG_INITRAMFS_SOURCE="/usr/src/initramfs/config"
> >
> > If you're interested I will send you the required files.
> >
> > Joost
>
> I'd be curious to look at exactly how you are doing this,
> if you want to post them somewhere, or send me a copy too,
> It would be appreciated.
The final solution was quite simple. Attached the "init" file and the "config"
file.
Both of these live in " /usr/src/initramfs " on my laptop.
I have 2 drives in my laptop which are both encrypted. The actual encryption
key is in a file called 'key.iso'. You can remove those references if you want.
For completeness, the commands to create the 'key.iso' are in "create_key"
And the commands to encrypt a drive/partition/... using that key.iso are in
"encrypt_partition"
Something neither genkernel or drucat support is to enter an encryption key
once and use that to decrypt all the drives. This is why I looked into doing
my own.
The part that occasionally needs to be updated is the list of dynamic
libraries needed for the applications embedded in the initramfs.
The command I use to build that list is in the "config" file.
If you have any questions let me know.
--
Joost
[-- Attachment #2: init --]
[-- Type: application/x-shellscript, Size: 1355 bytes --]
[-- Attachment #3: config --]
[-- Type: text/plain, Size: 6634 bytes --]
# vim: set ft=initramfs :
# init script
file /init /usr/src/initramfs/init 0755 0 0
# encryption key
file /key.iso /usr/src/initramfs/key.iso 0755 0 0
# basic device nodes
dir /dev 0755 0 0
nod /dev/console 0600 0 0 c 5 1
# mount point for our real root
dir /root 0700 0 0
dir /lib 0755 0 0
dir /etc 755 0 0
# utilities needed to do anything useful
dir /bin 0755 0 0
dir /sbin 0755 0 0
dir /usr 755 0 0
dir /usr/lib 755 0 0
dir /usr/sbin 755 0 0
dir /usr/bin 755 0 0
dir /lib64 755 0 0
dir /usr/lib64 755 0 0
file /bin/busybox /bin/busybox 0755 0 0
# some busybox symlinks
slink /bin/dd busybox 777 0 0
slink /bin/cp busybox 777 0 0
slink /bin/df busybox 777 0 0
slink /bin/ln busybox 777 0 0
slink /bin/ls busybox 777 0 0
slink /bin/mv busybox 777 0 0
slink /bin/ps busybox 777 0 0
slink /bin/rm busybox 777 0 0
slink /bin/sh busybox 777 0 0
slink /bin/vi busybox 777 0 0
slink /bin/ash busybox 777 0 0
slink /bin/cat busybox 777 0 0
slink /bin/pwd busybox 777 0 0
slink /bin/sed busybox 777 0 0
slink /bin/tar busybox 777 0 0
slink /bin/date busybox 777 0 0
slink /bin/echo busybox 777 0 0
slink /bin/grep busybox 777 0 0
slink /bin/gzip busybox 777 0 0
slink /bin/kill busybox 777 0 0
slink /bin/more busybox 777 0 0
slink /bin/ping busybox 777 0 0
slink /bin/sync busybox 777 0 0
slink /bin/true busybox 777 0 0
slink /bin/zcat busybox 777 0 0
slink /bin/chgrp busybox 777 0 0
slink /bin/chmod busybox 777 0 0
slink /bin/chown busybox 777 0 0
slink /bin/dmesg busybox 777 0 0
slink /bin/egrep busybox 777 0 0
slink /bin/false busybox 777 0 0
slink /bin/fgrep busybox 777 0 0
slink /bin/mkdir busybox 777 0 0
slink /bin/mknod busybox 777 0 0
slink /bin/mount busybox 777 0 0
slink /bin/pidof busybox 777 0 0
slink /bin/rmdir busybox 777 0 0
slink /bin/sleep busybox 777 0 0
slink /bin/touch busybox 777 0 0
slink /bin/uname busybox 777 0 0
slink /bin/gunzip busybox 777 0 0
slink /bin/hostname busybox 777 0 0
slink /bin/mktemp busybox 777 0 0
slink /bin/umount busybox 777 0 0
slink /bin/usleep busybox 777 0 0
slink /usr/bin/[ ../../bin/busybox 777 0 0
slink /usr/bin/du ../../bin/busybox 777 0 0
slink /usr/bin/id ../../bin/busybox 777 0 0
slink /usr/bin/tr ../../bin/busybox 777 0 0
slink /usr/bin/wc ../../bin/busybox 777 0 0
slink /usr/bin/cmp ../../bin/busybox 777 0 0
slink /usr/bin/cut ../../bin/busybox 777 0 0
slink /usr/bin/env ../../bin/busybox 777 0 0
slink /usr/bin/tee ../../bin/busybox 777 0 0
slink /usr/bin/tty ../../bin/busybox 777 0 0
slink /usr/bin/yes ../../bin/busybox 777 0 0
slink /usr/bin/chvt ../../bin/busybox 777 0 0
slink /usr/bin/find ../../bin/busybox 777 0 0
slink /usr/bin/expr ../../bin/busybox 777 0 0
slink /usr/bin/free ../../bin/busybox 777 0 0
slink /usr/bin/head ../../bin/busybox 777 0 0
slink /usr/bin/deallocvt ../../bin/busybox 777 0 0
slink /usr/bin/tail ../../bin/busybox 777 0 0
slink /usr/bin/sort ../../bin/busybox 777 0 0
slink /usr/bin/test ../../bin/busybox 777 0 0
slink /usr/bin/time ../../bin/busybox 777 0 0
slink /usr/bin/uniq ../../bin/busybox 777 0 0
slink /usr/bin/wget ../../bin/busybox 777 0 0
slink /usr/bin/dirname ../../bin/busybox 777 0 0
slink /usr/bin/killall ../../bin/busybox 777 0 0
slink /usr/bin/clear ../../bin/busybox 777 0 0
slink /usr/bin/bzcat ../../bin/busybox 777 0 0
slink /usr/bin/reset ../../bin/busybox 777 0 0
slink /usr/bin/unzip ../../bin/busybox 777 0 0
slink /usr/bin/which ../../bin/busybox 777 0 0
slink /usr/bin/xargs ../../bin/busybox 777 0 0
slink /usr/bin/strings ../../bin/busybox 777 0 0
slink /usr/bin/logger ../../bin/busybox 777 0 0
slink /usr/bin/openvt ../../bin/busybox 777 0 0
slink /usr/bin/hexdump ../../bin/busybox 777 0 0
slink /usr/bin/uptime ../../bin/busybox 777 0 0
slink /usr/bin/whoami ../../bin/busybox 777 0 0
slink /usr/bin/readlink ../../bin/busybox 777 0 0
slink /usr/bin/install ../../bin/busybox 777 0 0
slink /usr/bin/basename ../../bin/busybox 777 0 0
slink /usr/bin/bunzip2 ../../bin/busybox 777 0 0
slink /sbin/halt ../bin/busybox 777 0 0
slink /sbin/init ../bin/busybox 777 0 0
slink /sbin/klogd ../bin/busybox 777 0 0
slink /sbin/route ../bin/busybox 777 0 0
slink /sbin/poweroff ../bin/busybox 777 0 0
slink /sbin/swapoff ../bin/busybox 777 0 0
slink /sbin/switch_root ../bin/busybox 777 0 0
slink /sbin/syslogd ../bin/busybox 777 0 0
slink /sbin/ifconfig ../bin/busybox 777 0 0
slink /sbin/reboot ../bin/busybox 777 0 0
slink /sbin/pivot_root ../bin/busybox 777 0 0
slink /sbin/swapon ../bin/busybox 777 0 0
slink /sbin/mdev ../bin/busybox 777 0 0
slink /usr/sbin/chroot ../../bin/busybox 777 0 0
# end of busybox symlinks
# cryptsetup, for opening our encrypted swap
file /sbin/cryptsetup /sbin/cryptsetup 0755 0 0
# losetup
file /sbin/losetup /sbin/losetup 0755 0 0
# lvm configuration
dir /etc/lvm 755 0 0
file /etc/lvm/lvm.conf /usr/src/initramfs/lvm.conf 644 0 0
file /sbin/lvm /sbin/lvm 555 0 0
slink /sbin/vgchange lvm 777 0 0
slink /sbin/vgscan lvm 777 0 0
dir /var 755 0 0
dir /var/log 755 0 0
dir /var/lock 755 0 0
# proc and sysfs mountpoints
dir /proc 755 0 0
dir /sys 755 0 0
dir /newroot 755 0 0
# Auto-add dependencies
# for i in lvm gpg gpg-agent busybox losetup cryptsetup ; do ldd `which ${i}` | cut -d'>' -f2 | awk '{print $1}' ; done | sort -u | grep -v linux-vdso.so.1 | grep -v not | sed 's/\(.*\)/file \1 \1 0755 0 0/'
file /lib64/ld-linux-x86-64.so.2 /lib64/ld-linux-x86-64.so.2 0755 0 0
file /lib64/libblkid.so.1 /lib64/libblkid.so.1 0755 0 0
file /lib64/libbz2.so.1 /lib64/libbz2.so.1 0755 0 0
file /lib64/libc.so.6 /lib64/libc.so.6 0755 0 0
file /lib64/libdevmapper-event.so.1.02 /lib64/libdevmapper-event.so.1.02 0755 0 0
file /lib64/libdevmapper.so.1.02 /lib64/libdevmapper.so.1.02 0755 0 0
file /lib64/libdl.so.2 /lib64/libdl.so.2 0755 0 0
file /lib64/libncurses.so.5 /lib64/libncurses.so.5 0755 0 0
file /lib64/libpthread.so.0 /lib64/libpthread.so.0 0755 0 0
file /lib64/libreadline.so.6 /lib64/libreadline.so.6 0755 0 0
file /lib64/libresolv.so.2 /lib64/libresolv.so.2 0755 0 0
file /lib64/librt.so.1 /lib64/librt.so.1 0755 0 0
file /lib64/libsmartcols.so.1 /lib64/libsmartcols.so.1 0755 0 0
file /lib64/libudev.so.1 /lib64/libudev.so.1 0755 0 0
file /lib64/libuuid.so.1 /lib64/libuuid.so.1 0755 0 0
file /lib64/libz.so.1 /lib64/libz.so.1 0755 0 0
file /usr/lib64/libassuan.so.0 /usr/lib64/libassuan.so.0 0755 0 0
file /usr/lib64/libcryptsetup.so.4 /usr/lib64/libcryptsetup.so.4 0755 0 0
file /usr/lib64/libgcrypt.so.11 /usr/lib64/libgcrypt.so.11 0755 0 0
file /usr/lib64/libgpg-error.so.0 /usr/lib64/libgpg-error.so.0 0755 0 0
file /usr/lib64/libpopt.so.0 /usr/lib64/libpopt.so.0 0755 0 0
file /usr/lib64/libpth.so.20 /usr/lib64/libpth.so.20 0755 0 0
[-- Attachment #4: encrypt_partition --]
[-- Type: text/plain, Size: 252 bytes --]
losetup /dev/loop0 key.iso
cryptsetup luksOpen /dev/loop0 key
cryptsetup --key-file /dev/mapper/key luksFormat /dev/XXX
cryptsetup --key-file /dev/mapper/key luksOpen /dev/XXX YYY
cryptsetup luksClose key
losetup -d /dev/loop0
mkfs.... /dev/mapper/YYY
[-- Attachment #5: create_key --]
[-- Type: text/plain, Size: 195 bytes --]
dd if=/dev/null of=key.iso bs=512 seek=2057
losetup /dev/loop0 key.iso
cryptsetup --align-payload=1 luksFormat /dev/loop0
cryptsetup luksOpen /dev/loop0 key
dd if=/dev/random of=/dev/mapper/key
reply other threads:[~2015-04-25 9:40 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5127577.bRe6ssi7Km@andromeda \
--to=joost@antarean.org \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox