On Friday, April 24, 2015 03:38:53 PM james wrote: > J. Roeleveld <joost <at> antarean.org> writes: > > This is one of the reasons why I have given up on genkernel and dracut for > > initramfs creation and now simply build my own and have it integrated > > into the kernel: > > $ zcat /proc/config.gz | grep INITRAMFS_SOURCE > > CONFIG_INITRAMFS_SOURCE="/usr/src/initramfs/config" > > > > If you're interested I will send you the required files. > > > > Joost > > I'd be curious to look at exactly how you are doing this, > if you want to post them somewhere, or send me a copy too, > It would be appreciated.
The final solution was quite simple. Attached the "init" file and the "config" file. Both of these live in " /usr/src/initramfs " on my laptop. I have 2 drives in my laptop which are both encrypted. The actual encryption key is in a file called 'key.iso'. You can remove those references if you want. For completeness, the commands to create the 'key.iso' are in "create_key" And the commands to encrypt a drive/partition/... using that key.iso are in "encrypt_partition" Something neither genkernel or drucat support is to enter an encryption key once and use that to decrypt all the drives. This is why I looked into doing my own. The part that occasionally needs to be updated is the list of dynamic libraries needed for the applications embedded in the initramfs. The command I use to build that list is in the "config" file. If you have any questions let me know. -- Joost
init
Description: application/shellscript
# vim: set ft=initramfs :
# init script
file /init /usr/src/initramfs/init 0755 0 0
# encryption key
file /key.iso /usr/src/initramfs/key.iso 0755 0 0
# basic device nodes
dir /dev 0755 0 0
nod /dev/console 0600 0 0 c 5 1
# mount point for our real root
dir /root 0700 0 0
dir /lib 0755 0 0
dir /etc 755 0 0
# utilities needed to do anything useful
dir /bin 0755 0 0
dir /sbin 0755 0 0
dir /usr 755 0 0
dir /usr/lib 755 0 0
dir /usr/sbin 755 0 0
dir /usr/bin 755 0 0
dir /lib64 755 0 0
dir /usr/lib64 755 0 0
file /bin/busybox /bin/busybox 0755 0 0
# some busybox symlinks
slink /bin/dd busybox 777 0 0
slink /bin/cp busybox 777 0 0
slink /bin/df busybox 777 0 0
slink /bin/ln busybox 777 0 0
slink /bin/ls busybox 777 0 0
slink /bin/mv busybox 777 0 0
slink /bin/ps busybox 777 0 0
slink /bin/rm busybox 777 0 0
slink /bin/sh busybox 777 0 0
slink /bin/vi busybox 777 0 0
slink /bin/ash busybox 777 0 0
slink /bin/cat busybox 777 0 0
slink /bin/pwd busybox 777 0 0
slink /bin/sed busybox 777 0 0
slink /bin/tar busybox 777 0 0
slink /bin/date busybox 777 0 0
slink /bin/echo busybox 777 0 0
slink /bin/grep busybox 777 0 0
slink /bin/gzip busybox 777 0 0
slink /bin/kill busybox 777 0 0
slink /bin/more busybox 777 0 0
slink /bin/ping busybox 777 0 0
slink /bin/sync busybox 777 0 0
slink /bin/true busybox 777 0 0
slink /bin/zcat busybox 777 0 0
slink /bin/chgrp busybox 777 0 0
slink /bin/chmod busybox 777 0 0
slink /bin/chown busybox 777 0 0
slink /bin/dmesg busybox 777 0 0
slink /bin/egrep busybox 777 0 0
slink /bin/false busybox 777 0 0
slink /bin/fgrep busybox 777 0 0
slink /bin/mkdir busybox 777 0 0
slink /bin/mknod busybox 777 0 0
slink /bin/mount busybox 777 0 0
slink /bin/pidof busybox 777 0 0
slink /bin/rmdir busybox 777 0 0
slink /bin/sleep busybox 777 0 0
slink /bin/touch busybox 777 0 0
slink /bin/uname busybox 777 0 0
slink /bin/gunzip busybox 777 0 0
slink /bin/hostname busybox 777 0 0
slink /bin/mktemp busybox 777 0 0
slink /bin/umount busybox 777 0 0
slink /bin/usleep busybox 777 0 0
slink /usr/bin/[ ../../bin/busybox 777 0 0
slink /usr/bin/du ../../bin/busybox 777 0 0
slink /usr/bin/id ../../bin/busybox 777 0 0
slink /usr/bin/tr ../../bin/busybox 777 0 0
slink /usr/bin/wc ../../bin/busybox 777 0 0
slink /usr/bin/cmp ../../bin/busybox 777 0 0
slink /usr/bin/cut ../../bin/busybox 777 0 0
slink /usr/bin/env ../../bin/busybox 777 0 0
slink /usr/bin/tee ../../bin/busybox 777 0 0
slink /usr/bin/tty ../../bin/busybox 777 0 0
slink /usr/bin/yes ../../bin/busybox 777 0 0
slink /usr/bin/chvt ../../bin/busybox 777 0 0
slink /usr/bin/find ../../bin/busybox 777 0 0
slink /usr/bin/expr ../../bin/busybox 777 0 0
slink /usr/bin/free ../../bin/busybox 777 0 0
slink /usr/bin/head ../../bin/busybox 777 0 0
slink /usr/bin/deallocvt ../../bin/busybox 777 0 0
slink /usr/bin/tail ../../bin/busybox 777 0 0
slink /usr/bin/sort ../../bin/busybox 777 0 0
slink /usr/bin/test ../../bin/busybox 777 0 0
slink /usr/bin/time ../../bin/busybox 777 0 0
slink /usr/bin/uniq ../../bin/busybox 777 0 0
slink /usr/bin/wget ../../bin/busybox 777 0 0
slink /usr/bin/dirname ../../bin/busybox 777 0 0
slink /usr/bin/killall ../../bin/busybox 777 0 0
slink /usr/bin/clear ../../bin/busybox 777 0 0
slink /usr/bin/bzcat ../../bin/busybox 777 0 0
slink /usr/bin/reset ../../bin/busybox 777 0 0
slink /usr/bin/unzip ../../bin/busybox 777 0 0
slink /usr/bin/which ../../bin/busybox 777 0 0
slink /usr/bin/xargs ../../bin/busybox 777 0 0
slink /usr/bin/strings ../../bin/busybox 777 0 0
slink /usr/bin/logger ../../bin/busybox 777 0 0
slink /usr/bin/openvt ../../bin/busybox 777 0 0
slink /usr/bin/hexdump ../../bin/busybox 777 0 0
slink /usr/bin/uptime ../../bin/busybox 777 0 0
slink /usr/bin/whoami ../../bin/busybox 777 0 0
slink /usr/bin/readlink ../../bin/busybox 777 0 0
slink /usr/bin/install ../../bin/busybox 777 0 0
slink /usr/bin/basename ../../bin/busybox 777 0 0
slink /usr/bin/bunzip2 ../../bin/busybox 777 0 0
slink /sbin/halt ../bin/busybox 777 0 0
slink /sbin/init ../bin/busybox 777 0 0
slink /sbin/klogd ../bin/busybox 777 0 0
slink /sbin/route ../bin/busybox 777 0 0
slink /sbin/poweroff ../bin/busybox 777 0 0
slink /sbin/swapoff ../bin/busybox 777 0 0
slink /sbin/switch_root ../bin/busybox 777 0 0
slink /sbin/syslogd ../bin/busybox 777 0 0
slink /sbin/ifconfig ../bin/busybox 777 0 0
slink /sbin/reboot ../bin/busybox 777 0 0
slink /sbin/pivot_root ../bin/busybox 777 0 0
slink /sbin/swapon ../bin/busybox 777 0 0
slink /sbin/mdev ../bin/busybox 777 0 0
slink /usr/sbin/chroot ../../bin/busybox 777 0 0
# end of busybox symlinks
# cryptsetup, for opening our encrypted swap
file /sbin/cryptsetup /sbin/cryptsetup 0755 0 0
# losetup
file /sbin/losetup /sbin/losetup 0755 0 0
# lvm configuration
dir /etc/lvm 755 0 0
file /etc/lvm/lvm.conf /usr/src/initramfs/lvm.conf 644 0 0
file /sbin/lvm /sbin/lvm 555 0 0
slink /sbin/vgchange lvm 777 0 0
slink /sbin/vgscan lvm 777 0 0
dir /var 755 0 0
dir /var/log 755 0 0
dir /var/lock 755 0 0
# proc and sysfs mountpoints
dir /proc 755 0 0
dir /sys 755 0 0
dir /newroot 755 0 0
# Auto-add dependencies
# for i in lvm gpg gpg-agent busybox losetup cryptsetup ; do ldd `which ${i}` |
cut -d'>' -f2 | awk '{print $1}' ; done | sort -u | grep -v linux-vdso.so.1 |
grep -v not | sed 's/\(.*\)/file \1 \1 0755 0 0/'
file /lib64/ld-linux-x86-64.so.2 /lib64/ld-linux-x86-64.so.2 0755 0 0
file /lib64/libblkid.so.1 /lib64/libblkid.so.1 0755 0 0
file /lib64/libbz2.so.1 /lib64/libbz2.so.1 0755 0 0
file /lib64/libc.so.6 /lib64/libc.so.6 0755 0 0
file /lib64/libdevmapper-event.so.1.02 /lib64/libdevmapper-event.so.1.02 0755 0 0
file /lib64/libdevmapper.so.1.02 /lib64/libdevmapper.so.1.02 0755 0 0
file /lib64/libdl.so.2 /lib64/libdl.so.2 0755 0 0
file /lib64/libncurses.so.5 /lib64/libncurses.so.5 0755 0 0
file /lib64/libpthread.so.0 /lib64/libpthread.so.0 0755 0 0
file /lib64/libreadline.so.6 /lib64/libreadline.so.6 0755 0 0
file /lib64/libresolv.so.2 /lib64/libresolv.so.2 0755 0 0
file /lib64/librt.so.1 /lib64/librt.so.1 0755 0 0
file /lib64/libsmartcols.so.1 /lib64/libsmartcols.so.1 0755 0 0
file /lib64/libudev.so.1 /lib64/libudev.so.1 0755 0 0
file /lib64/libuuid.so.1 /lib64/libuuid.so.1 0755 0 0
file /lib64/libz.so.1 /lib64/libz.so.1 0755 0 0
file /usr/lib64/libassuan.so.0 /usr/lib64/libassuan.so.0 0755 0 0
file /usr/lib64/libcryptsetup.so.4 /usr/lib64/libcryptsetup.so.4 0755 0 0
file /usr/lib64/libgcrypt.so.11 /usr/lib64/libgcrypt.so.11 0755 0 0
file /usr/lib64/libgpg-error.so.0 /usr/lib64/libgpg-error.so.0 0755 0 0
file /usr/lib64/libpopt.so.0 /usr/lib64/libpopt.so.0 0755 0 0
file /usr/lib64/libpth.so.20 /usr/lib64/libpth.so.20 0755 0 0
losetup /dev/loop0 key.iso cryptsetup luksOpen /dev/loop0 key cryptsetup --key-file /dev/mapper/key luksFormat /dev/XXX cryptsetup --key-file /dev/mapper/key luksOpen /dev/XXX YYY cryptsetup luksClose key losetup -d /dev/loop0 mkfs.... /dev/mapper/YYY
dd if=/dev/null of=key.iso bs=512 seek=2057 losetup /dev/loop0 key.iso cryptsetup --align-payload=1 luksFormat /dev/loop0 cryptsetup luksOpen /dev/loop0 key dd if=/dev/random of=/dev/mapper/key
