diff options
-rw-r--r-- | profiles/base/amd64/package.accept_keywords | 1 | ||||
-rw-r--r-- | profiles/base/amd64/packages | 1 | ||||
-rwxr-xr-x | sys-boot/myinitramfs/files/init | 93 | ||||
-rw-r--r-- | sys-boot/myinitramfs/files/list | 35 | ||||
-rw-r--r-- | sys-boot/myinitramfs/myinitramfs-1.0.ebuild | 40 |
5 files changed, 170 insertions, 0 deletions
diff --git a/profiles/base/amd64/package.accept_keywords b/profiles/base/amd64/package.accept_keywords new file mode 100644 index 0000000..b025ab2 --- /dev/null +++ b/profiles/base/amd64/package.accept_keywords @@ -0,0 +1 @@ +sys-apps/linux-misc-apps ~amd64 diff --git a/profiles/base/amd64/packages b/profiles/base/amd64/packages index 74632d0..ec7f01b 100644 --- a/profiles/base/amd64/packages +++ b/profiles/base/amd64/packages @@ -7,3 +7,4 @@ sys-apps/smartmontools # Linux sys-boot/efibootmgr sys-boot/syslinux +sys-boot/myinitramfs diff --git a/sys-boot/myinitramfs/files/init b/sys-boot/myinitramfs/files/init new file mode 100755 index 0000000..3cd6ce9 --- /dev/null +++ b/sys-boot/myinitramfs/files/init @@ -0,0 +1,93 @@ +#!/bin/busybox sh +# vim:ft=sh + +# Init must have pid 1 otherwise switch_root won't work. +if [ $$ -ne 1 ]; then + echo "init must have pid 1!" + exit 1 +fi + +# Predefice colors +C_NO="\e[0m" +C_GRAY="\e[1;30m" +C_RED="\e[1;31m" +C_GREEN="\e[1;32m" +C_YELLOW="\e[1;33m" + +PATH="$PATH:/bin:/sbin" + +# disable kernel message from terminal and clear screen +echo 0 > /proc/sys/kernel/printk +clear + +# TODO print some welcome ascii art :-) + +# Function called if we fail. Argument is error message. +fail() { + echo -e "${C_RED}$@${C_NO}" + echo -e "${C_YELLOW}Dropping to interactive shell${C_NO}" + busybox --install -s + while true; do + echo -e "${C_GRAY}Mount root to /mnt/root and exit shell to switch root.${C_NO}" + # Note this is hack to enable job control + setsid sh -c 'exec sh </dev/tty1 >/dev/tty1 2>&1' + echo + exec switch_root /mnt/root /sbin/init || echo -e "${C_RED}Root switch failed!${C_NO}" + done +} + +# Preliminary mounts +busybox mount -t proc none /proc || fail "/proc mount failed!" +busybox mount -t sysfs none /sys || fail "/sys mount failed!" +busybox mount -t devtmpfs none /dev || fail "/dev mount failed!" + +# Now open and mount root +root="" +rootflags="" + +for opt in $(cat /proc/cmdline); do + case "$opt" in + root=*) + root=${opt:5} + ;; + rootflags=*) + rootflags=${opt:10} + ;; + BOOT_IMAGE=*|initrd=*) + # Ignore those + ;; + *) + echo -e "${C_YELLOW}Unknown kernel argument: $opt${C_NO}" + ;; + esac +done + +[ -z "$root" ] && fail "Missing root argument!" + +echo -ne "${C_GRAY}Waiting for root ($root)..." +CNT=10 +while [ ! -e "$root" ] && [ $CNT -gt 0 ]; do + CNT=$(expr $CNT - 1) + sleep 1 + echo -n " $CNT" +done +echo -e "${C_NO}" +[ -e "$root" ] || fail "Root not located!" + +# TODO mount boot parition and look for key saved there (on unlock remove it) + +echo -e "${C_GREEN}Unlocking root...${C_NO}" +cryptsetup open "$root" encroot || fail "Unlocking root failed! /proc/cmdline=$(cat /proc/cmdline)" + +echo -e "${C_GREEN}Mounting root...${C_NO}" +mount -t btrfs -o "$rootflags" /dev/mapper/encroot /mnt/root \ + || fail "Mounting root failed! /proc/cmdline=$(cat /proc/cmdline)" + + +echo -e "${C_GREEN}Switching to real root${C_NO}" + +# First clean up. The init process will remount proc, sys and dev later on +busybox umount /dev /sys /proc || fail "Unmouns failed!" + +# Now do switch +exec switch_root /mnt/root /sbin/init || fail "Root switch failed!" diff --git a/sys-boot/myinitramfs/files/list b/sys-boot/myinitramfs/files/list new file mode 100644 index 0000000..9645521 --- /dev/null +++ b/sys-boot/myinitramfs/files/list @@ -0,0 +1,35 @@ +# Dirs +dir /bin 755 0 0 +dir /dev 755 0 0 +dir /etc 755 0 0 +dir /lib 755 0 0 +dir /lib64 755 0 0 +dir /mnt 755 0 0 +dir /mnt/root 755 0 0 +dir /proc 755 0 0 +dir /root 755 0 0 +dir /sbin 755 0 0 +dir /sys 755 0 0 + +# Binaries +file /bin/busybox /bin/busybox 755 0 0 +file /sbin/cryptsetup /sbin/cryptsetup 755 0 0 +file /sbin/btrfs /sbin/btrfs 755 0 0 + +# Ld +file /lib64/ld-linux-x86-64.so.2 /lib64/ld-linux-x86-64.so.2 755 0 0 +# Libraries +file /lib64/libblkid.so.1 /lib64/libblkid.so.1 755 0 0 +file /lib64/libc.so.6 /lib64/libc.so.6 755 0 0 +file /lib64/libdevmapper.so.1.02 /lib64/libdevmapper.so.1.02 755 0 0 +file /lib64/liblzo2.so.2 /lib64/liblzo2.so.2 755 0 0 +file /lib64/libm.so.6 /lib64/libm.so.6 755 0 0 +file /lib64/libpthread.so.0 /lib64/libpthread.so.0 755 0 0 +file /lib64/librt.so.1 /lib64/librt.so.1 755 0 0 +file /lib64/libudev.so.1 /lib64/libudev.so.1 755 0 0 +file /lib64/libuuid.so.1 /lib64/libuuid.so.1 755 0 0 +file /lib64/libz.so.1 /lib64/libz.so.1 755 0 0 +file /lib64/libcryptsetup.so.4 /usr/lib64/libcryptsetup.so.4 755 0 0 +file /lib64/libgcrypt.so.20 /usr/lib64/libgcrypt.so.20 755 0 0 +file /lib64/libgpg-error.so.0 /usr/lib64/libgpg-error.so.0 755 0 0 +file /lib64/libpopt.so.0 /usr/lib64/libpopt.so.0 755 0 0 diff --git a/sys-boot/myinitramfs/myinitramfs-1.0.ebuild b/sys-boot/myinitramfs/myinitramfs-1.0.ebuild new file mode 100644 index 0000000..9e8e999 --- /dev/null +++ b/sys-boot/myinitramfs/myinitramfs-1.0.ebuild @@ -0,0 +1,40 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# TODO support encrytion and btrfs only as option + +EAPI=6 + +DESCRIPTION="My personal initramfs (verry simple with encryption support)" +HOMEPAGE="" +SRC_URI="" + +LICENSE="GPLv2" +SLOT="0" +KEYWORDS="amd64 x86" +IUSE="" + +DEPEND="sys-fs/cryptsetup +sys-fs/btrfs-progs +sys-apps/linux-misc-apps +sys-apps/busybox[static]" +RDEPEND="${DEPENDS}" + +src_unpack() { + # Well we have no sources so just create empty directory + mkdir -p "${S}" +} + +src_compile() { + # TODO generate list dynamically + cp "${FILESDIR}"/list list + echo "file /init ${FILESDIR}/init 755 0 0" >> list + gen_init_cpio list > initramfs.cpio + gzip initramfs.cpio +} + +src_install() { + dodir /boot + insinto /boot + newins initramfs.cpio.gz initramfs-gentoo +} |