summaryrefslogtreecommitdiff
path: root/sys-boot
diff options
context:
space:
mode:
authorKarel Kočí <cynerd@email.cz>2017-10-12 21:14:52 +0200
committerKarel Kočí <cynerd@email.cz>2017-10-12 21:14:52 +0200
commit5fe047ebc4de0666dfa83dc83ff4f6aec3ac23c8 (patch)
treeae7b0dcc8832a13ee6728f74acea50cfe87db53e /sys-boot
parent2eec23e530ffe94ada11d9cb3f4f2fac6db6dfcd (diff)
downloadgentoo-personal-overlay-5fe047ebc4de0666dfa83dc83ff4f6aec3ac23c8.tar.gz
gentoo-personal-overlay-5fe047ebc4de0666dfa83dc83ff4f6aec3ac23c8.tar.bz2
gentoo-personal-overlay-5fe047ebc4de0666dfa83dc83ff4f6aec3ac23c8.zip
Add myinitramfs encryption use
Diffstat (limited to 'sys-boot')
-rwxr-xr-xsys-boot/myinitramfs/files/init.enc (renamed from sys-boot/myinitramfs/files/init)0
-rwxr-xr-xsys-boot/myinitramfs/files/init.plain94
-rw-r--r--sys-boot/myinitramfs/myinitramfs-1.2.ebuild (renamed from sys-boot/myinitramfs/myinitramfs-1.1.ebuild)8
3 files changed, 100 insertions, 2 deletions
diff --git a/sys-boot/myinitramfs/files/init b/sys-boot/myinitramfs/files/init.enc
index 134d85c..134d85c 100755
--- a/sys-boot/myinitramfs/files/init
+++ b/sys-boot/myinitramfs/files/init.enc
diff --git a/sys-boot/myinitramfs/files/init.plain b/sys-boot/myinitramfs/files/init.plain
new file mode 100755
index 0000000..08a47b8
--- /dev/null
+++ b/sys-boot/myinitramfs/files/init.plain
@@ -0,0 +1,94 @@
+#!/bin/busybox sh
+# vim:ft=sh
+
+# Init must have pid 1 otherwise switch_root won't work.
+if [ $$ -ne 1 ]; then
+ echo "init must have pid 1!"
+ exit 1
+fi
+
+# Predefice colors
+C_NO="\e[0m"
+C_GRAY="\e[1;30m"
+C_RED="\e[1;31m"
+C_GREEN="\e[1;32m"
+C_YELLOW="\e[1;33m"
+
+PATH="$PATH:/bin:/sbin"
+
+# disable kernel message from terminal and clear screen
+echo 0 > /proc/sys/kernel/printk
+clear
+
+# TODO print some welcome ascii art :-)
+
+# Function called if we fail. Argument is error message.
+fail() {
+ echo -e "${C_RED}$@${C_NO}"
+ echo -e "${C_YELLOW}Dropping to interactive shell${C_NO}"
+ busybox --install -s
+ while true; do
+ echo -e "${C_GRAY}Mount root to /mnt/root and exit shell to switch root.${C_NO}"
+ # Note: this is hack to enable job control
+ setsid sh -c 'exec sh </dev/tty1 >/dev/tty1 2>&1'
+ echo
+ exec switch_root /mnt/root /sbin/init || echo -e "${C_RED}Root switch failed!${C_NO}"
+ done
+}
+
+# Preliminary mounts
+busybox mount -t proc none /proc || fail "/proc mount failed!"
+busybox mount -t sysfs none /sys || fail "/sys mount failed!"
+busybox mount -t devtmpfs none /dev || fail "/dev mount failed!"
+
+# Now open and mount root
+root=""
+rootflags=""
+recovery=false
+
+for opt in $(cat /proc/cmdline); do
+ case "$opt" in
+ root=*)
+ root=${opt:5}
+ ;;
+ rootflags=*)
+ rootflags=${opt:10}
+ ;;
+ recovery)
+ recovery=true
+ ;;
+ BOOT_IMAGE=*|initrd=*)
+ # Ignore those
+ ;;
+ *)
+ echo -e "${C_YELLOW}Unknown kernel argument: $opt${C_NO}"
+ ;;
+ esac
+done
+
+$recovery && fail "Requested recovery."
+
+[ -z "$root" ] && fail "Missing root argument!"
+
+echo -ne "${C_GRAY}Waiting for root ($root)..."
+CNT=10
+while [ ! -e "$root" ] && [ $CNT -gt 0 ]; do
+ CNT=$(expr $CNT - 1)
+ sleep 1
+ echo -n " $CNT"
+done
+echo -e "${C_NO}"
+[ -e "$root" ] || fail "Root not located!"
+
+echo -e "${C_GREEN}Mounting root...${C_NO}"
+mount -t btrfs -o "$rootflags" "$root" /mnt/root \
+ || fail "Mounting root failed! /proc/cmdline=$(cat /proc/cmdline)"
+
+
+echo -e "${C_GREEN}Switching to real root${C_NO}"
+
+# First clean up. The init process will remount proc, sys and dev later on
+busybox umount /dev /sys /proc || fail "Unmouns failed!"
+
+# Now do switch
+exec switch_root /mnt/root /sbin/init || fail "Root switch failed!"
diff --git a/sys-boot/myinitramfs/myinitramfs-1.1.ebuild b/sys-boot/myinitramfs/myinitramfs-1.2.ebuild
index 9e8e999..8d1ed52 100644
--- a/sys-boot/myinitramfs/myinitramfs-1.1.ebuild
+++ b/sys-boot/myinitramfs/myinitramfs-1.2.ebuild
@@ -12,7 +12,7 @@ SRC_URI=""
LICENSE="GPLv2"
SLOT="0"
KEYWORDS="amd64 x86"
-IUSE=""
+IUSE="+encrypted"
DEPEND="sys-fs/cryptsetup
sys-fs/btrfs-progs
@@ -28,7 +28,11 @@ src_unpack() {
src_compile() {
# TODO generate list dynamically
cp "${FILESDIR}"/list list
- echo "file /init ${FILESDIR}/init 755 0 0" >> list
+ if use encrypted; then
+ echo "file /init ${FILESDIR}/init.enc 755 0 0" >> list
+ else
+ echo "file /init ${FILESDIR}/init.plain 755 0 0" >> list
+ fi
gen_init_cpio list > initramfs.cpio
gzip initramfs.cpio
}