diff options
Diffstat (limited to 'main')
6 files changed, 422 insertions, 3 deletions
diff --git a/main/mkinitfs/0001-Add-support-for-signed-modloop-images.patch b/main/mkinitfs/0001-Add-support-for-signed-modloop-images.patch new file mode 100644 index 0000000000..0e4dd9b08d --- /dev/null +++ b/main/mkinitfs/0001-Add-support-for-signed-modloop-images.patch @@ -0,0 +1,72 @@ +From 7f538f1e2f33dd44c66693442e7713ca16e26d8b Mon Sep 17 00:00:00 2001 +From: Carlo Landmeter <clandmeter@alpinelinux.org> +Date: Wed, 4 Jul 2018 12:29:28 +0000 +Subject: [PATCH 1/5] Add support for signed modloop images + +--- + initramfs-init.in | 7 +++++++ + mkinitfs.in | 9 ++++++++- + 2 files changed, 15 insertions(+), 1 deletion(-) + +diff --git a/initramfs-init.in b/initramfs-init.in +index 8233af4..fd78fcf 100755 +--- a/initramfs-init.in ++++ b/initramfs-init.in +@@ -656,6 +656,13 @@ else + rc_add swclock boot + fi + ++# enable support for modloop verification ++if [ -f /var/cache/misc/*modloop*.SIGN.RSA.*.pub ]; then ++ mkdir -p "$sysroot"/var/cache/misc ++ cp /var/cache/misc/*modloop*.SIGN.RSA.*.pub "$sysroot"/var/cache/misc ++ pkgs="$pkgs libressl" ++fi ++ + apkflags="--initramfs-diskless-boot --progress" + if [ -z "$ALPINE_REPO" ]; then + apkflags="$apkflags --no-network" +diff --git a/mkinitfs.in b/mkinitfs.in +index 9bffa01..8cd3de3 100755 +--- a/mkinitfs.in ++++ b/mkinitfs.in +@@ -54,6 +54,11 @@ initfs_base() { + # copy init + cd "$startdir" + install -m755 "$init" "$tmpdir"/init || return 1 ++ # copy modloop signature ++ if [ -n "$modloop_sig" ]; then ++ install -Dm644 "$modloop_sig" \ ++ "$tmpdir"/var/cache/misc/${modloop_sig##*/} ++ fi + for i in "$fstab" "$passwd" "$group"; do + install -Dm644 "$i" "$tmpdir"/etc/${i##*/} || return 1 + done +@@ -181,6 +186,7 @@ options: + -o set another outfile + -P prepend features.d search path + -q Quiet mode ++ -s Include modloop signature + -t use tempdir when creating initramfs image + + EOF +@@ -190,7 +196,7 @@ EOF + # main + features_dirs=${features_dir:-"${basedir%/:-}/${sysconfdir#/}/features.d"} + +-while getopts "b:c:C:f:F:hi:kKLlno:P:qt:" opt; do ++while getopts "b:c:C:f:F:hi:kKLlno:P:qs:t:" opt; do + case "$opt" in + b) basedir="$OPTARG";; + c) config="$OPTARG";; +@@ -207,6 +213,7 @@ while getopts "b:c:C:f:F:hi:kKLlno:P:qt:" opt; do + o) outfile="$OPTARG";; + P) features_dirs="$OPTARG $features_dirs";; + q) quiet=1;; ++ s) modloop_sig="$OPTARG";; + t) tmpdir="$OPTARG";; + *) usage;; + esac +-- +2.18.0 + diff --git a/main/mkinitfs/0002-Fix-network-setup-when-only-ip-is-explicitly-given.patch b/main/mkinitfs/0002-Fix-network-setup-when-only-ip-is-explicitly-given.patch new file mode 100644 index 0000000000..6601a56bbd --- /dev/null +++ b/main/mkinitfs/0002-Fix-network-setup-when-only-ip-is-explicitly-given.patch @@ -0,0 +1,144 @@ +From 83dd78258053cd102e8425beb159a2be7e6b912f Mon Sep 17 00:00:00 2001 +From: Ain <41307858+nero@users.noreply.github.com> +Date: Thu, 9 Aug 2018 20:57:28 +0200 +Subject: [PATCH 2/5] Fix network setup when only ip= is explicitly given + +Previously, configure_ip was only called from code paths of other +boot options that require network. + +This fixes the passing of -n to nlplug-findfs and --no-network to +the apk memory bootstrap. +--- + initramfs-init.in | 67 +++++++++++++++++++++++++++++------------------ + 1 file changed, 42 insertions(+), 25 deletions(-) + +diff --git a/initramfs-init.in b/initramfs-init.in +index fd78fcf..1d0f079 100755 +--- a/initramfs-init.in ++++ b/initramfs-init.in +@@ -277,6 +277,16 @@ rtc_exists() { + [ -e "$rtc" ] + } + ++# This is used to predict if network access will be necessary ++is_url() { ++ case "$1" in ++ http://*|https://*|ftp://*) ++ return 0;; ++ *) ++ return 1;; ++ esac ++} ++ + # read the kernel options. we need surve things like: + # acpi_osi="!Windows 2006" xen-pciback.hide=(01:00.0) + set -- $(cat /proc/cmdline) +@@ -360,6 +370,15 @@ mount -t devpts -o gid=5,mode=0620,noexec,nosuid devpts /dev/pts + [ -d /dev/shm ] || mkdir /dev/shm + mount -t tmpfs -o nodev,nosuid,noexec shm /dev/shm + ++# determine if we are going to need networking ++if [ -n "$KOPT_ip" ] || [ -n "$KOPT_nbd" ] || \ ++ is_url "$KOPT_apkovl" || is_url "$ALPINE_REPO"; then ++ ++ do_networking=true ++else ++ do_networking=false ++fi ++ + if [ -n "$KOPT_dasd" ]; then + for mod in dasd_mod dasd_eckd_mod dasd_fba_mod; do + modprobe $mod +@@ -413,6 +432,7 @@ if [ -n "$KOPT_cryptroot" ]; then + fi + + if [ -n "$KOPT_nbd" ]; then ++ # TODO: Might fail because nlplug-findfs hasn't plugged eth0 yet + configure_ip + setup_nbd || echo "Failed to setup nbd device." + fi +@@ -471,7 +491,7 @@ if [ -n "$KOPT_root" ]; then + exec /bin/busybox sh + fi + +-if [ -n "$ALPINE_REPO" ]; then ++if $do_networking; then + repoopts="-n" + else + repoopts="-b $repofile" +@@ -484,6 +504,11 @@ nlplug-findfs $cryptopts -p /sbin/mdev ${KOPT_debug_init:+-d} \ + $repoopts -a /tmp/apkovls + eend $? + ++# Setup network interfaces ++if $do_networking; then ++ configure_ip ++fi ++ + # early console? + if [ "$SINGLEMODE" = "yes" ]; then + echo "Entering single mode. Type 'exit' to continue booting." +@@ -502,26 +527,21 @@ fi + + mount -t tmpfs -o $rootflags tmpfs $sysroot + +-case "$KOPT_apkovl" in +- '') +- if [ -e /tmp/apkovls ]; then +- ovl=$(head -n 1 /tmp/apkovls) +- fi +- ;; +- http://*|https://*|ftp://*) +- configure_ip +- +- MACHINE_UUID=$(cat /sys/class/dmi/id/product_uuid) +- url="${KOPT_apkovl/{MAC\}/$MAC_ADDRESS}" +- url="${url/{UUID\}/$MACHINE_UUID}" +- ovl=/tmp/${url##*/} +- wget -O "$ovl" "$url" || ovl= +- ;; +- *) +- ovl="$KOPT_apkovl" +- ;; +-esac +- ++if [ -z "$KOPT_apkovl" ]; then ++ # Not manually set, use the apkovl found by nlplug ++ if [ -e /tmp/apkovls ]; then ++ ovl=$(head -n 1 /tmp/apkovls) ++ fi ++elif is_url "$KOPT_apkovl"; then ++ # Fetch apkovl via network ++ MACHINE_UUID=$(cat /sys/class/dmi/id/product_uuid) ++ url="${KOPT_apkovl/{MAC\}/$MAC_ADDRESS}" ++ url="${url/{UUID\}/$MACHINE_UUID}" ++ ovl=/tmp/${url##*/} ++ wget -O "$ovl" "$url" || ovl= ++else ++ ovl="$KOPT_apkovl" ++fi + + # parse pkgs=pkg1,pkg2 + if [ -n "$KOPT_pkgs" ]; then +@@ -620,9 +640,6 @@ cp -a /etc/apk/keys $sysroot/etc/apk + # generate apk repositories file. needs to be done after relocation + find_boot_repositories > $repofile + +-# set up network if needed +-[ "$ALPINE_REPO" ] && configure_ip +- + # silently fix apk arch in case the apkovl does not match + if [ -r "$sysroot"/etc/apk/arch ]; then + apk_arch="$(apk --print-arch)" +@@ -664,7 +681,7 @@ if [ -f /var/cache/misc/*modloop*.SIGN.RSA.*.pub ]; then + fi + + apkflags="--initramfs-diskless-boot --progress" +-if [ -z "$ALPINE_REPO" ]; then ++if [ -z "$MAC_ADDRESS" ]; then + apkflags="$apkflags --no-network" + else + apkflags="$apkflags --update-cache" +-- +2.18.0 + diff --git a/main/mkinitfs/0003-Add-README-to-help-with-manual-building.patch b/main/mkinitfs/0003-Add-README-to-help-with-manual-building.patch new file mode 100644 index 0000000000..15f19f1c31 --- /dev/null +++ b/main/mkinitfs/0003-Add-README-to-help-with-manual-building.patch @@ -0,0 +1,47 @@ +From 6849c5f44ed85e90478ef960bc337c7c06336046 Mon Sep 17 00:00:00 2001 +From: Ain <41307858+nero@users.noreply.github.com> +Date: Thu, 9 Aug 2018 21:32:26 +0200 +Subject: [PATCH 3/5] Add README to help with manual building + +--- + README.md | 28 ++++++++++++++++++++++++++++ + 1 file changed, 28 insertions(+) + create mode 100644 README.md + +diff --git a/README.md b/README.md +new file mode 100644 +index 0000000..9edca29 +--- /dev/null ++++ b/README.md +@@ -0,0 +1,28 @@ ++# mkinitfs ++ ++This is the initramfs generator for Alpine Linux, including support for apk and ++Alpine Diskless boot. ++ ++## Dependencies ++ ++To compile manually, you need to have the following build tools available: ++ ++- make ++- gcc with musl and kernel-headers ++ ++nlplug-findfs will link against the following libraries (runtime deps): ++ ++- libkmod ++- libblkid (from util-linux) ++- libcryptsetup ++ ++## Installation ++ ++Build mkinitfs via `make` and install it via `make install`. ++The installation honours the `DESTDIR` parameter to overwrite the sysroot path. ++ ++For testing, its not necessary to install `mkinitfs` into your root file system. ++ ++## Tweaking ++ ++The Makefile is kept slim and debuggable. +-- +2.18.0 + diff --git a/main/mkinitfs/0004-Fix-installation-path-customisation.patch b/main/mkinitfs/0004-Fix-installation-path-customisation.patch new file mode 100644 index 0000000000..1ef86c5f59 --- /dev/null +++ b/main/mkinitfs/0004-Fix-installation-path-customisation.patch @@ -0,0 +1,43 @@ +From 5dcea63213712c3ffdc56d4fc3d463955117b828 Mon Sep 17 00:00:00 2001 +From: Ain <41307858+nero@users.noreply.github.com> +Date: Thu, 9 Aug 2018 21:38:09 +0200 +Subject: [PATCH 4/5] Fix installation path customisation + +Previously, datadir was ignored when installing, using the hardcoded +default value. +--- + Makefile | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/Makefile b/Makefile +index 70a48a4..0fa7efd 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,6 +1,7 @@ + + VERSION := 3.3.0 + ++sbindir ?= /sbin + sysconfdir ?= /etc/mkinitfs + datarootdir ?= /usr/share + datadir ?= $(datarootdir)/mkinitfs +@@ -116,13 +117,13 @@ nlplug-findfs: nlplug-findfs.o + + install: $(SBIN_FILES) $(SHARE_FILES) $(CONF_FILES) + for i in $(SBIN_FILES); do \ +- $(INSTALL) -Dm755 $$i $(DESTDIR)/sbin/$$i;\ ++ $(INSTALL) -Dm755 $$i $(DESTDIR)/$(sbindir)/$$i;\ + done + for i in $(CONF_FILES); do \ +- $(INSTALL) -Dm644 $$i $(DESTDIR)/etc/mkinitfs/$$i;\ ++ $(INSTALL) -Dm644 $$i $(DESTDIR)/$(sysconfdir)/$$i;\ + done + for i in $(SHARE_FILES); do \ +- $(INSTALL) -D $$i $(DESTDIR)/usr/share/mkinitfs/$$i;\ ++ $(INSTALL) -D $$i $(DESTDIR)/$(datadir)/$$i;\ + done + for i in $(MAN_FILES); do \ + $(INSTALL) -D $$i $(DESTDIR)$(mandir)/man$${i##*.}/$$i;\ +-- +2.18.0 + diff --git a/main/mkinitfs/0005-Reuse-kernel-side-configuration-for-console-devices.patch b/main/mkinitfs/0005-Reuse-kernel-side-configuration-for-console-devices.patch new file mode 100644 index 0000000000..26b310e0bb --- /dev/null +++ b/main/mkinitfs/0005-Reuse-kernel-side-configuration-for-console-devices.patch @@ -0,0 +1,100 @@ +From 99716520d4cf093d42f5a93cac73964ceffc6b4e Mon Sep 17 00:00:00 2001 +From: Ain <41307858+nero@users.noreply.github.com> +Date: Mon, 13 Aug 2018 12:16:35 +0200 +Subject: [PATCH 5/5] Reuse kernel-side configuration for console= devices + +Instead of parsing the console= options in the initramfs, we ask the +kernel of its interpretation of the console= parameters. The kernel +does the console setup as part of its early startup, including the +configuration of the baud rate, control bits and flow control. + +The options and format of the console= parameter are documented here: +https://www.kernel.org/doc/html/v4.15/admin-guide/serial-console.html + +By keeping the settings from the kernel, we avoid baud rate switching +between printk and getty output on edge cases. + +This adds support for additional tty types, like hvc, while removing +string parsing code from the initramfs. +--- + initramfs-init.in | 44 +++++++++++++++++--------------------------- + 1 file changed, 17 insertions(+), 27 deletions(-) + +diff --git a/initramfs-init.in b/initramfs-init.in +index 1d0f079..020f13c 100755 +--- a/initramfs-init.in ++++ b/initramfs-init.in +@@ -105,34 +105,28 @@ rc_add() { + ln -sf /etc/init.d/$1 $sysroot/etc/runlevels/$2/$1 + } + +-setup_inittab_console(){ +- while [ $# -gt 0 ]; do +- local tty=${1%,*} +- local speed=${1#*,} +- local line= +- local term= +- case "$tty" in +- ttyS*|ttyMFD*|ttyUSB*|ttyAMA*) +- term=vt100 +- line=-L +- flow=${speed##*[^r]} +- speed=${speed%%[^0-9]*} +- speed=${speed:-115200} +- ;; +- *) +- [ "$speed" = "$1" ] && speed=38400 +- ;; +- esac +- shift ++# Recursively resolve tty aliases like console or tty0 ++list_console_devices() { ++ if ! [ -e /sys/class/tty/$1/active ]; then ++ echo $1 ++ return ++ fi + +- # skip "current console" from being added to inittab +- [ "$tty" = "tty0" ] && continue ++ for dev in $(cat /sys/class/tty/$1/active); do ++ list_console_devices $dev ++ done ++} + ++setup_inittab_console(){ ++ term=vt100 ++ # Inquire the kernel for list of console= devices ++ for tty in $(list_console_devices console); do + # do nothing if inittab already have the tty set up + if ! grep -q "^$tty:" $sysroot/etc/inittab; then + echo "# enable login on alternative console" \ + >> $sysroot/etc/inittab +- echo "$tty::respawn:/sbin/getty ${flow:+-h }$line $speed $tty $term" \ ++ # Baudrate of 0 keeps settings from kernel ++ echo "$tty::respawn:/sbin/getty -L 0 $tty $term" \ + >> $sysroot/etc/inittab + fi + if [ -e "$sysroot"/etc/securetty ] && ! grep -q -w "$tty" "$sysroot"/etc/securetty; then +@@ -302,10 +296,6 @@ for opt; do + SINGLEMODE=yes + continue + ;; +- console=*) +- CONSOLE="$CONSOLE ${opt#console=}" +- continue +- ;; + esac + + for i in $myopts; do +@@ -731,7 +721,7 @@ if [ -f "$sysroot"/etc/fstab ]; then + fi + + # fix inittab if alternative console +-setup_inittab_console $CONSOLE ++setup_inittab_console + + # copy alpine release info + #if ! [ -f "$sysroot"/etc/alpine-release ] && [ -f $ALPINE_MNT/.alpine-release ]; then +-- +2.18.0 + diff --git a/main/mkinitfs/APKBUILD b/main/mkinitfs/APKBUILD index 935187bb5a..408c016d5a 100644 --- a/main/mkinitfs/APKBUILD +++ b/main/mkinitfs/APKBUILD @@ -2,7 +2,7 @@ pkgname=mkinitfs pkgver=3.3.0 _ver=${pkgver%_git*} -pkgrel=2 +pkgrel=3 pkgdesc="Tool to generate initramfs images for Alpine" url="https://git.alpinelinux.org/cgit/mkinitfs" arch="all" @@ -17,7 +17,15 @@ install="$pkgname.pre-upgrade $pkgname.post-install $pkgname.post-upgrade" triggers="$pkgname.trigger=/usr/share/kernel/*" source="http://dev.alpinelinux.org/archive/$pkgname/$pkgname-$_ver.tar.xz 0001-features-add-vc4-to-kms-for-rpi.patch - 0001-init-use-swclock-when-no-rtc-is-found.patch" + 0001-init-use-swclock-when-no-rtc-is-found.patch + + 0001-Add-support-for-signed-modloop-images.patch + 0002-Fix-network-setup-when-only-ip-is-explicitly-given.patch + 0003-Add-README-to-help-with-manual-building.patch + 0004-Fix-installation-path-customisation.patch + 0005-Reuse-kernel-side-configuration-for-console-devices.patch + " + builddir="$srcdir/$pkgname-$_ver" build() { @@ -32,4 +40,9 @@ package() { sha512sums="dbbb97fda1c2febe5fc226072232ffeb69c03fb9173c0434d5cecc6e4fda2e62a1f725a3083d1bedc2397cbf3b95ce28628788d70b4440902ee3648db738c2c9 mkinitfs-3.3.0.tar.xz f1f5de4b5825ab221f7f929bf36e121217f34f36cfdec153ceb829f0fad6f63ea057239aa84690792f6d701d350d2dca375fcf91e05862394f8aaa0181a1ed58 0001-features-add-vc4-to-kms-for-rpi.patch -8b915a381f6cf6d8a751ed89b43004ce3e4861556c9753c7f05cb8fa561b744acd51cda0a7c6228cd916e350ee493cc2fa8818593faa2d0eb2d06f400c571154 0001-init-use-swclock-when-no-rtc-is-found.patch" +8b915a381f6cf6d8a751ed89b43004ce3e4861556c9753c7f05cb8fa561b744acd51cda0a7c6228cd916e350ee493cc2fa8818593faa2d0eb2d06f400c571154 0001-init-use-swclock-when-no-rtc-is-found.patch +cbe8cf7980ab25be8725b4c9791a7801367865e2b6d71eae428c276b329d5b2d166c2faaedd64bb835d4a69a71440928e087a772854a147893f393006a39b0dc 0001-Add-support-for-signed-modloop-images.patch +5873124ae009e51a7d197fe8c56d38f34bad188d97f3956c9ab6358ca3106dd0dc19c96d76d8fef2b5e4d1ae3d054b949451cd6893bb9e820631dd0f114ef4a9 0002-Fix-network-setup-when-only-ip-is-explicitly-given.patch +4fecf7eb9230702e06e9af77cedaf4ab3bd45dd5b2c298bb1d0df5f6901a3268841e0a2aac28cd5fb9841d98bc96d123f59ed67df9c5f6d30432da8a15851254 0003-Add-README-to-help-with-manual-building.patch +f24d047f179a5af4ffccc50dc672acade7eb1ad0f3262750682cfb0ef7efd2016256dbc49c4f8460ca3414ccc570746275f237e937805ad61fe4b2d4aa2b2aa7 0004-Fix-installation-path-customisation.patch +1955890d9c74ec2d8586928ec1f2d34e266a3eb9663034e0c60f07c52a8a29dae13bfed06dd16a083477ec3703997d52f7a6901c9b13b6b4d6126fb89198ac21 0005-Reuse-kernel-side-configuration-for-console-devices.patch" |