From 7f538f1e2f33dd44c66693442e7713ca16e26d8b Mon Sep 17 00:00:00 2001 From: Carlo Landmeter Date: Wed, 4 Jul 2018 12:29:28 +0000 Subject: [PATCH 1/5] Add support for signed modloop images --- initramfs-init.in | 7 +++++++ mkinitfs.in | 9 ++++++++- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/initramfs-init.in b/initramfs-init.in index 8233af4..fd78fcf 100755 --- a/initramfs-init.in +++ b/initramfs-init.in @@ -656,6 +656,13 @@ else rc_add swclock boot fi +# enable support for modloop verification +if [ -f /var/cache/misc/*modloop*.SIGN.RSA.*.pub ]; then + mkdir -p "$sysroot"/var/cache/misc + cp /var/cache/misc/*modloop*.SIGN.RSA.*.pub "$sysroot"/var/cache/misc + pkgs="$pkgs libressl" +fi + apkflags="--initramfs-diskless-boot --progress" if [ -z "$ALPINE_REPO" ]; then apkflags="$apkflags --no-network" diff --git a/mkinitfs.in b/mkinitfs.in index 9bffa01..8cd3de3 100755 --- a/mkinitfs.in +++ b/mkinitfs.in @@ -54,6 +54,11 @@ initfs_base() { # copy init cd "$startdir" install -m755 "$init" "$tmpdir"/init || return 1 + # copy modloop signature + if [ -n "$modloop_sig" ]; then + install -Dm644 "$modloop_sig" \ + "$tmpdir"/var/cache/misc/${modloop_sig##*/} + fi for i in "$fstab" "$passwd" "$group"; do install -Dm644 "$i" "$tmpdir"/etc/${i##*/} || return 1 done @@ -181,6 +186,7 @@ options: -o set another outfile -P prepend features.d search path -q Quiet mode + -s Include modloop signature -t use tempdir when creating initramfs image EOF @@ -190,7 +196,7 @@ EOF # main features_dirs=${features_dir:-"${basedir%/:-}/${sysconfdir#/}/features.d"} -while getopts "b:c:C:f:F:hi:kKLlno:P:qt:" opt; do +while getopts "b:c:C:f:F:hi:kKLlno:P:qs:t:" opt; do case "$opt" in b) basedir="$OPTARG";; c) config="$OPTARG";; @@ -207,6 +213,7 @@ while getopts "b:c:C:f:F:hi:kKLlno:P:qt:" opt; do o) outfile="$OPTARG";; P) features_dirs="$OPTARG $features_dirs";; q) quiet=1;; + s) modloop_sig="$OPTARG";; t) tmpdir="$OPTARG";; *) usage;; esac -- 2.18.0