diff --git a/Makefile b/Makefile index 1e34b83..69957b8 100644 --- a/Makefile +++ b/Makefile @@ -1,9 +1,9 @@ .POSIX: -PREFIX = /usr -BINDIR = ${PREFIX}/bin -DATADIR = ${PREFIX}/share -MANDIR = ${PREFIX}/share/man +PREFIX = /usr +BINDIR = ${PREFIX}/bin +DATADIR = ${PREFIX}/share +MANDIR = ${PREFIX}/share/man install: mkdir -p ${DESTDIR}${DATADIR}/tinyramfs \ @@ -17,6 +17,7 @@ install: cp tinyramfs ${DESTDIR}${BINDIR}/tinyramfs cp docs/tinyramfs.8 ${DESTDIR}${MANDIR}/man8 cp docs/tinyramfs.hooks.7 ${DESTDIR}${MANDIR}/man7 + cp docs/tinyramfs.cmdline.7 ${DESTDIR}${MANDIR}/man7 cp docs/tinyramfs.config.5 ${DESTDIR}${MANDIR}/man5 uninstall: @@ -24,4 +25,5 @@ uninstall: rm -rf ${DESTDIR}${DATADIR}/tinyramfs rm -f ${DESTDIR}${MANDIR}/man8/tinyramfs.8 rm -f ${DESTDIR}${MANDIR}/man7/tinyramfs.hooks.7 + rm -f ${DESTDIR}${MANDIR}/man7/tinyramfs.cmdline.7 rm -f ${DESTDIR}${MANDIR}/man5/tinyramfs.config.5 diff --git a/docs/tinyramfs.cmdline.7 b/docs/tinyramfs.cmdline.7 new file mode 100644 index 0000000..f5294ba --- /dev/null +++ b/docs/tinyramfs.cmdline.7 @@ -0,0 +1,246 @@ +.\" Generated by scdoc 1.11.0 +.\" Complete documentation for this program is not available as a GNU info page +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.nh +.ad l +.\" Begin generated content: +.TH "tinyramfs.cmdline" "7" "2020-09-07" +.P +.SH NAME +.P +Tinyramfs - kernel command-line parameters +.P +.SH DESCRIPTION +.P +Tinyramfs provides a way to control configuration dynamically via +kernel parameters without needing to regenerate initramfs image.\& +.P +.SS MAN PAGE SYNTAX +.P +.nf +.RS 4 +| - OR +\&.\&.\&. - can be repeated +.fi +.RE +.P +.SH GENERAL PARAMETERS +.P +\fBdebug\fR=1 +.P +.RS 4 +Enable debug mode.\& +.P +.RE +\fBbreak\fR=breakpoint +.P +.RS 4 +Specify breakpoint where shell should be invoked.\& Useful for +debugging.\& List of supported breakpoints: +.P +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.IP \(bu 4 +.\} +keymap +.RE +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.IP \(bu 4 +.\} +devmgr +.RE +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.IP \(bu 4 +.\} +root +.RE +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.IP \(bu 4 +.\} +boot +.RE +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.IP \(bu 4 +.\} +luks +.RE +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.IP \(bu 4 +.\} +lvm + +.RE +.P +.RE +\fBroot\fR=UUID|LABEL|/dev/*|PARTUUID +.P +.RS 4 +Specify which way tinyramfs will use to look up root filesystem.\& +.P +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.IP \(bu 4 +.\} +UUID - lookup device by uuid +.RE +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.IP \(bu 4 +.\} +LABEL - lookup device by label +.RE +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.IP \(bu 4 +.\} +/dev/* - lookup device by full path +.RE +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.IP \(bu 4 +.\} +PARTUUID - lookup device by partition uuid + +.RE +.P +Initramfs must contain \fBblkid\fR(8) for ability to use UUID, LABEL, +PARTUUID.\& Note that PARTUUID only supported in util-linux \fBblkid\fR(8).\& +.P +.RE +\fBroot_type\fR|\fBrootfstype\fR=type +.P +.RS 4 +Explicitly set root filesystem type.\& Kernel must support specified type.\& +.P +.RE +\fBrootdelay\fR=delay +.P +.RS 4 +Specify maximum number of seconds to wait for root device.\& Default is 30.\& +.P +.RE +\fBroot_opts\fR|\fBrootflags\fR=opts +.RS 4 +.P +See \fBfstab\fR(5) fourth field.\& +.P +.RE +.SH HOOKS PARAMETERS +.P +Initramfs must contain appropriate hooks for ability to use below parameters.\& +.P +.SS LVM +.P +\fBlvm_tag\fR=tag +.P +.RS 4 +Specify LVM tag which will be used to trigger LVM.\& This option will be +ignored if \fBlvm_name\fR/\fBlvm_group\fR was specified.\& +.P +.RE +\fBlvm_name\fR=name +.P +.RS 4 +Specify LVM name which will be used to trigger LVM.\& \fBlvm_group\fR must be +specified.\& +.P +.RE +\fBlvm_group\fR=group +.P +.RS 4 +Specify LVM group which will be used to trigger LVM.\& +.P +.RE +\fBlvm_discard\fR=1 +.P +.RS 4 +Pass issue_discards to lvm.\& Leave empty to disable.\& Useful for SSD's.\& +.P +.RE +.SS LUKS +.P +\fBluks_name\fR=name +.P +.RS 4 +Specify which name will be registered to mapping table after cryptsetup +unlocks LUKS root.\& +.P +.RE +\fBluks_root\fR=UUID|LABEL|/dev/*|PARTUUID +.P +.RS 4 +See \fBroot\fR for details.\& +.P +.RE +\fBluks_discard\fR=1 +.P +.RS 4 +Pass --allow-discards to \fBcryptsetup\fR.\& Leave empty to disable.\& Useful for +SSD's, but you must know that security will be decreased.\& +.P +.RE +.SH EXAMPLES +.P +.SS ROOT +.P +.nf +.RS 4 +vmlinuz initrd=initramfs root=/dev/sda1 \&.\&.\&. +.fi +.RE +.P +.SS DISABLE DISCARD +.P +.nf +.RS 4 +vmlinuz initrd=\\initramfs luks_discard= lvm_discard= \&.\&.\&. +.fi +.RE +.P +.SS PASS ARGUMENTS TO REAL INIT +.P +.nf +.RS 4 +vmlinuz initrd=\\initramfs \&.\&.\&. -- args +.fi +.RE +.P +.SH SEE ALSO +.P +\fBtinyramfs\fR(8) \fBtinyramfs.\&config\fR(5) \fBtinyramfs.\&hooks\fR(7) diff --git a/docs/tinyramfs.cmdline.7.scd b/docs/tinyramfs.cmdline.7.scd new file mode 100644 index 0000000..a79d19f --- /dev/null +++ b/docs/tinyramfs.cmdline.7.scd @@ -0,0 +1,123 @@ +tinyramfs.cmdline(7) + +# NAME + +Tinyramfs - kernel command-line parameters + +# DESCRIPTION + +Tinyramfs provides a way to control configuration dynamically via +kernel parameters without needing to regenerate initramfs image. + +## MAN PAGE SYNTAX + +``` +| - OR +... - can be repeated +``` + +# GENERAL PARAMETERS + +*debug*=1 + + Enable debug mode. + +*break*=breakpoint + + Specify breakpoint where shell should be invoked. Useful for + debugging. List of supported breakpoints: + + - keymap + - devmgr + - root + - boot + - luks + - lvm + +*root*=UUID|LABEL|/dev/\*|PARTUUID + + Specify which way tinyramfs will use to look up root filesystem. + + - UUID - lookup device by uuid + - LABEL - lookup device by label + - /dev/\* - lookup device by full path + - PARTUUID - lookup device by partition uuid + + Initramfs must contain *blkid*(8) for ability to use UUID, LABEL, + PARTUUID. Note that PARTUUID only supported in util-linux *blkid*(8). + +*root_type*|*rootfstype*=type + + Explicitly set root filesystem type. Kernel must support specified type. + +*rootdelay*=delay + + Specify maximum number of seconds to wait for root device. Default is 30. + +*root_opts*|*rootflags*=opts + + See *fstab*(5) fourth field. + +# HOOKS PARAMETERS + +Initramfs must contain appropriate hooks for ability to use below parameters. + +## LVM + +*lvm_tag*=tag + + Specify LVM tag which will be used to trigger LVM. This option will be + ignored if *lvm_name*/*lvm_group* was specified. + +*lvm_name*=name + + Specify LVM name which will be used to trigger LVM. *lvm_group* must be + specified. + +*lvm_group*=group + + Specify LVM group which will be used to trigger LVM. + +*lvm_discard*=1 + + Pass issue_discards to lvm. Leave empty to disable. Useful for SSD's. + +## LUKS + +*luks_name*=name + + Specify which name will be registered to mapping table after cryptsetup + unlocks LUKS root. + +*luks_root*=UUID|LABEL|/dev/\*|PARTUUID + + See *root* for details. + +*luks_discard*=1 + + Pass --allow-discards to *cryptsetup*. Leave empty to disable. Useful for + SSD's, but you must know that security will be decreased. + +# EXAMPLES + +## ROOT + +``` +vmlinuz initrd=\initramfs root=/dev/sda1 ... +``` + +## DISABLE DISCARD + +``` +vmlinuz initrd=\\initramfs luks_discard= lvm_discard= ... +``` + +## PASS ARGUMENTS TO REAL INIT + +``` +vmlinuz initrd=\\initramfs ... -- args +``` + +# SEE ALSO + +*tinyramfs*(8) *tinyramfs.config*(5) *tinyramfs.hooks*(7) diff --git a/docs/tinyramfs.config.5 b/docs/tinyramfs.config.5 index 29b69c5..b1e14c7 100644 --- a/docs/tinyramfs.config.5 +++ b/docs/tinyramfs.config.5 @@ -5,7 +5,7 @@ .nh .ad l .\" Begin generated content: -.TH "tinyramfs.config" "5" "2020-09-05" +.TH "tinyramfs.config" "5" "2020-09-07" .P .SH NAME .P @@ -17,21 +17,6 @@ Tinyramfs - configuration file .P .SH DESCRIPTION .P -Let's reduce confusing situations and document everything !\& -.P -.SS MAN PAGE SYNTAX -.P -.nf -.RS 4 -* - any value -[a] - optional value -\&.\&.\&. - can be repeated -0|1 - choice between no and yes -.fi -.RE -.P -.SS CONFIG SYNTAX -.P Tinyramfs configuration file is a list of environment variables.\& Each variable must be written in POSIX way, bashism not allowed.\& .P @@ -80,9 +65,20 @@ you can simply prepend #.\& .fi .RE .P +.SS MAN PAGE SYNTAX +.P +.nf +.RS 4 +| - OR +* - any value +[a] - optional value +\&.\&.\&. - can be repeated +.fi +.RE +.P .SH GENERAL OPTIONS .P -\fBmonolith\fR=0|1 +\fBmonolith\fR=1 .P .RS 4 Monolithic kernel means kernel with builtin modules.\& @@ -93,12 +89,13 @@ version>/modules\fR exist.\& If this directory doesn't exist you probably have monolithic kernel which means you need to set \fBmonolith\fR to \fB1\fR.\& .P .RE -\fBhostonly\fR=0|1 +\fBhostonly\fR=1 .P .RS 4 Hostonly mode enumerates \fBsysfs\fR(5) and copies only neccessary modules instead of copying all modules.\& Which means that this mode can dramatically -reduce initramfs size.\& This option ignored if \fBmonolith\fR was set to \fB1\fR.\& +reduce initramfs size.\& This option will be ignored if \fBmonolith\fR was set +to \fB1\fR.\& .P .RE \fBcompress\fR=command [args .\&.\&.\&] @@ -310,146 +307,77 @@ More detailed information and how to write your own hooks described in .RE .SH HOOKS OPTIONS .P -\fBlvm_opts\fR=[tag, name, group, config, discard] +.SS LVM +.P +\fBlvm_tag\fR=tag .P .RS 4 -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.IP \(bu 4 -.\} -tag - trigger lvm by tag -.RE -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.IP \(bu 4 -.\} -name - trigger lvm by logical volume name.\& group must be specified -.RE -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.IP \(bu 4 -.\} -group - trigger lvm by volume group name -.RE -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.IP \(bu 4 -.\} -config - embed /etc/lvm.\&conf config -.RE -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.IP \(bu 4 -.\} -discard - enable issue_discards - -.RE +Specify LVM tag which will be used to trigger LVM.\& This option will be +ignored if \fBlvm_name\fR/\fBlvm_group\fR was specified.\& .P .RE -\fBluks_opts\fR=root=UUID|LABEL|/dev/*|PARTUUID, [key, name, header, discard] +\fBlvm_name\fR=name .P .RS 4 -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.IP \(bu 4 -.\} -key - embed key -.RE -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.IP \(bu 4 -.\} -name - device mapper name -.RE -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.IP \(bu 4 -.\} -root - encrypted root -.RS 4 -.RE -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.IP \(bu 4 -.\} -UUID - lookup device by uuid -.RE -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.IP \(bu 4 -.\} -LABEL - lookup device by label -.RE -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.IP \(bu 4 -.\} -/dev/* - lookup device by full path -.RE -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.IP \(bu 4 -.\} -PARTUUID - lookup device by partition uuid -.RE -.RE -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.IP \(bu 4 -.\} -header - embed header -.RE -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.IP \(bu 4 -.\} -discard - enable allow-discards - -.RE +Specify LVM name which will be used to trigger LVM.\& \fBlvm_group\fR must be +specified.\& .P .RE +\fBlvm_group\fR=group +.P +.RS 4 +Specify LVM group which will be used to trigger LVM.\& +.P +.RE +\fBlvm_config\fR=1 +.P +.RS 4 +Include \fB/etc/lvm/lvm.\&conf\fR in initramfs.\& +.P +.RE +\fBlvm_discard\fR=1 +.P +.RS 4 +Pass issue_discards to lvm.\& Useful for SSD's.\& +.P +.RE +.SS LUKS +.P +\fBluks_key\fR=/path/to/key +.RS 4 +.P +Specify location to key.\& +GPG-encrypted key currently not supported.\& +.P +.RE +\fBluks_name\fR=name +.P +.RS 4 +Specify which name will be registered to mapping table after cryptsetup +unlocks LUKS root.\& +.P +.RE +\fBluks_root\fR=UUID|LABEL|/dev/*|PARTUUID +.P +.RS 4 +See \fBroot\fR for details.\& +.P +.RE +\fBluks_header\fR=/path/to/header +.P +.RS 4 +Specify location to detached header.\& +.P +.RE +\fBluks_discard\fR=1 +.P +.RS 4 +Pass --allow-discards to \fBcryptsetup\fR.\& Useful for SSD's, but you must know +that security will be decreased.\& +.P +.RE +.SS KEYMAP +.P \fBkeymap_path\fR=/path/to/keymap .P .RS 4 @@ -460,7 +388,7 @@ kbd loadkeys not supported.\& .RE .SH EXAMPLES .P -Remember, it's just examples !\& Don't copy blindly !\& Your configuration may +Remember, these just examples !\& \fIDon't copy blindly\fR !\& Your configuration may (and should) differ.\& .P .SS ROOT @@ -510,8 +438,11 @@ keymap_path=/usr/share/bkeymaps/colemak/en-latin9\&.bmap .RS 4 hooks="mdev luks" root=LABEL=my_root -luks_opts=root=PARTUUID=35f923c5-083a-4950-a4da-e611d0778121 -luks_opts="${luks_opts},key=/root/key,header=/root/header,discard=1" + +luks_discard=1 +luks_key=/root/key +luks_header=/root/header +luks_root=PARTUUID=35f923c5-083a-4950-a4da-e611d0778121 .fi .RE .P @@ -521,9 +452,15 @@ luks_opts="${luks_opts},key=/root/key,header=/root/header,discard=1" .RS 4 compress="lz4 -9" hooks="eudev lvm luks" -luks_opts=root=/dev/sdb2,discard=1 -lvm_opts=name=lvm1,group=lvm_grp2,config=1,discard=1 root=/dev/disk/by-uuid/aa82d7bb-ab2b-4739-935f-fd8a5c9a6cb0 + +luks_discard=1 +luks_root=/dev/sdb2 + +lvm_config=1 +lvm_discard=1 +lvm_name=lvm1 +lvm_group=lvm_grp2 .fi .RE .P diff --git a/docs/tinyramfs.config.5.scd b/docs/tinyramfs.config.5.scd index 6f755f1..3691bfa 100644 --- a/docs/tinyramfs.config.5.scd +++ b/docs/tinyramfs.config.5.scd @@ -10,19 +10,6 @@ Tinyramfs - configuration file # DESCRIPTION -Let's reduce confusing situations and document everything ! - -## MAN PAGE SYNTAX - -``` -* - any value -[a] - optional value -... - can be repeated -0|1 - choice between no and yes -``` - -## CONFIG SYNTAX - Tinyramfs configuration file is a list of environment variables. Each variable must be written in POSIX way, bashism not allowed. @@ -61,9 +48,18 @@ you can simply prepend \#. #key=value ``` +## MAN PAGE SYNTAX + +``` +| - OR +* - any value +[a] - optional value +... - can be repeated +``` + # GENERAL OPTIONS -*monolith*=0|1 +*monolith*=1 Monolithic kernel means kernel with builtin modules. If you didn't build kernel yourself, then in most cases you have @@ -72,11 +68,12 @@ you can simply prepend \#. version>/modules* exist. If this directory doesn't exist you probably have monolithic kernel which means you need to set *monolith* to *1*. -*hostonly*=0|1 +*hostonly*=1 Hostonly mode enumerates *sysfs*(5) and copies only neccessary modules instead of copying all modules. Which means that this mode can dramatically - reduce initramfs size. This option ignored if *monolith* was set to *1*. + reduce initramfs size. This option will be ignored if *monolith* was set + to *1*. *compress*=command [args ...] @@ -138,25 +135,56 @@ you can simply prepend \#. # HOOKS OPTIONS -*lvm_opts*=[tag, name, group, config, discard] +## LVM - - tag - trigger lvm by tag - - name - trigger lvm by logical volume name. group must be specified - - group - trigger lvm by volume group name - - config - embed /etc/lvm.conf config - - discard - enable issue_discards +*lvm_tag*=tag -*luks_opts*=root=UUID|LABEL|/dev/\*|PARTUUID, [key, name, header, discard] + Specify LVM tag which will be used to trigger LVM. This option will be + ignored if *lvm_name*/*lvm_group* was specified. - - key - embed key - - name - device mapper name - - root - encrypted root - - UUID - lookup device by uuid - - LABEL - lookup device by label - - /dev/\* - lookup device by full path - - PARTUUID - lookup device by partition uuid - - header - embed header - - discard - enable allow-discards +*lvm_name*=name + + Specify LVM name which will be used to trigger LVM. *lvm_group* must be + specified. + +*lvm_group*=group + + Specify LVM group which will be used to trigger LVM. + +*lvm_config*=1 + + Include */etc/lvm/lvm.conf* in initramfs. + +*lvm_discard*=1 + + Pass issue_discards to lvm. Useful for SSD's. + +## LUKS + +*luks_key*=/path/to/key + + Specify location to key. + GPG-encrypted key currently not supported. + +*luks_name*=name + + Specify which name will be registered to mapping table after cryptsetup + unlocks LUKS root. + +*luks_root*=UUID|LABEL|/dev/\*|PARTUUID + + See *root* for details. + +*luks_header*=/path/to/header + + Specify location to detached header. + +*luks_discard*=1 + + Pass --allow-discards to *cryptsetup*. Useful for SSD's, but you must know + that security will be decreased. + +## KEYMAP *keymap_path*=/path/to/keymap @@ -166,7 +194,7 @@ you can simply prepend \#. # EXAMPLES -Remember, it's just examples ! Don't copy blindly ! Your configuration may +Remember, these just examples ! _Don't copy blindly_ ! Your configuration may (and should) differ. ## ROOT @@ -207,8 +235,11 @@ keymap_path=/usr/share/bkeymaps/colemak/en-latin9.bmap ``` hooks="mdev luks" root=LABEL=my_root -luks_opts=root=PARTUUID=35f923c5-083a-4950-a4da-e611d0778121 -luks_opts="${luks_opts},key=/root/key,header=/root/header,discard=1" + +luks_discard=1 +luks_key=/root/key +luks_header=/root/header +luks_root=PARTUUID=35f923c5-083a-4950-a4da-e611d0778121 ``` ## ROOT + LVM + LUKS @@ -216,9 +247,15 @@ luks_opts="${luks_opts},key=/root/key,header=/root/header,discard=1" ``` compress="lz4 -9" hooks="eudev lvm luks" -luks_opts=root=/dev/sdb2,discard=1 -lvm_opts=name=lvm1,group=lvm_grp2,config=1,discard=1 root=/dev/disk/by-uuid/aa82d7bb-ab2b-4739-935f-fd8a5c9a6cb0 + +luks_discard=1 +luks_root=/dev/sdb2 + +lvm_config=1 +lvm_discard=1 +lvm_name=lvm1 +lvm_group=lvm_grp2 ``` # SEE ALSO diff --git a/hooks/luks/luks b/hooks/luks/luks index 3512392..dba3394 100644 --- a/hooks/luks/luks +++ b/hooks/luks/luks @@ -3,9 +3,6 @@ # # false positive # shellcheck disable=2154 -# -# word splitting is safe by design -# shellcheck disable=2086 { [ "$hostonly" = 1 ] && for _module in \ @@ -21,16 +18,21 @@ # see https://bugs.archlinux.org/task/56771 [ -e /lib/libgcc_s.so.1 ] && copy_file /lib/libgcc_s.so.1 /lib 755 1 - IFS=,; set -- $luks_opts; unset IFS + [ "$luks_key" ] && { + copy_file "${luks_key#*=}" /root 400 0 - for opt; do case "${opt%%=*}" in - key | header) - copy_file "${opt#*=}" /root 400 0 + sed "s|${luks_key#*=}|/root/key|" \ + "${tmpdir}/etc/tinyramfs/config" > "${tmpdir}/_" - sed "s|${opt#*=}|/root/${opt%%=*}|" \ - "${tmpdir}/etc/tinyramfs/config" > "${tmpdir}/_" + mv "${tmpdir}/_" "${tmpdir}/etc/tinyramfs/config" + } - mv "${tmpdir}/_" "${tmpdir}/etc/tinyramfs/config" - chmod 600 "${tmpdir}/etc/tinyramfs/config" - esac || panic; done + [ "$luks_header" ] && { + copy_file "${luks_header#*=}" /root 400 0 + + sed "s|${luks_header#*=}|/root/header|" \ + "${tmpdir}/etc/tinyramfs/config" > "${tmpdir}/_" + + mv "${tmpdir}/_" "${tmpdir}/etc/tinyramfs/config" + } } diff --git a/hooks/luks/luks.init b/hooks/luks/luks.init index c839370..24ce6f4 100644 --- a/hooks/luks/luks.init +++ b/hooks/luks/luks.init @@ -5,32 +5,18 @@ # shellcheck disable=2154 # # word splitting is safe by design -# shellcheck disable=2086,2068 +# shellcheck disable=2068 { [ "$break" = luks ] && { print "break before unlock_luks()"; sh; } + export DM_DISABLE_UDEV=1 mkdir -p /run/cryptsetup - IFS=,; set -- $luks_opts; unset IFS - - for opt; do case "$opt" in - discard=1) luks_discard="--allow-discards" ;; - header=*) luks_header="--${opt}" ;; - name=*) luks_name="${opt#*=}" ;; - root=*) luks_root="${opt#*=}" ;; - key=*) luks_key="-d ${opt#*=}" ;; - esac; done - resolve_device "$luks_root" set -- \ - "$luks_key" "$luks_header" "$luks_discard" \ - "$device" "${luks_name:-crypt-${device##*/}}" - - # libdevice-mapper assumes that udev has dm rules - # which is not true because we use our device-helper for dm stuff - # this variable fixes possible(?) hang - export DM_DISABLE_UDEV=1 + "${luks_discard:+--allow-discards}" "${luks_header:+--header $luks_header}" \ + "${luks_key:+-d $luks_key}" "$device" "${luks_name:-crypt-${device##*/}}" cryptsetup open $@ || panic "failed to unlock LUKS" } diff --git a/hooks/lvm/lvm b/hooks/lvm/lvm index 93244f9..da0746b 100644 --- a/hooks/lvm/lvm +++ b/hooks/lvm/lvm @@ -3,9 +3,6 @@ # # false positive # shellcheck disable=2154 -# -# word splitting is safe by design -# shellcheck disable=2086 { [ "$hostonly" = 1 ] && for _module in \ @@ -29,17 +26,10 @@ use_lvmetad = 0 }" - IFS=,; set -- $lvm_opts; unset IFS - - for opt; do case "$opt" in - config=1) embed_lvm_config= - esac; done - mkdir -p "${tmpdir}/etc/lvm" lvm config \ --config "$lvm_config" \ - ${embed_lvm_config+--mergedconfig} \ + ${lvm_config:+--mergedconfig} \ > "${tmpdir}/etc/lvm/lvm.conf" } - diff --git a/hooks/lvm/lvm.init b/hooks/lvm/lvm.init index 65509f2..682e5bc 100644 --- a/hooks/lvm/lvm.init +++ b/hooks/lvm/lvm.init @@ -5,35 +5,22 @@ # shellcheck disable=2154 # # word splitting is safe by design -# shellcheck disable=2086,2068 +# shellcheck disable=2068 { [ "$break" = lvm ] && { print "break before trigger_lvm()"; sh; } + export DM_DISABLE_UDEV=1 mkdir -p /run/lvm /run/lock/lvm - IFS=,; set -- $lvm_opts; unset IFS - - for opt; do case "$opt" in - discard=1) lvm_discard="--config=devices{issue_discards=1}" ;; - config=0) : > /etc/lvm/lvm.conf ;; - group=*) lvm_group="${opt#*=}" ;; - name=*) lvm_name="/${opt#*=}" ;; - tag=*) lvm_tag="@${opt#*=}" ;; - esac; done - - set -- "--sysinit" "-qq" "-aay" "$lvm_discard" - - # libdevice-mapper assumes that udev have dm rules - # which is not true because we use our device-helper for dm stuff - # this variable fixes possible(?) hang - export DM_DISABLE_UDEV=1 + set -- \ + --sysinit -qq -aay "${lvm_discard:+--config=devices{issue_discards=1}}" if [ "$lvm_group" ] && [ "$lvm_name" ]; then - lvm lvchange $@ "${lvm_group}${lvm_name}" + lvm lvchange $@ "${lvm_group}/${lvm_name}" elif [ "$lvm_group" ]; then lvm vgchange $@ "$lvm_group" elif [ "$lvm_tag" ]; then - lvm lvchange $@ "$lvm_tag" + lvm lvchange $@ "@${lvm_tag}" else lvm vgchange $@ fi || panic "failed to trigger LVM" diff --git a/init b/init index 0540e05..bf34a48 100755 --- a/init +++ b/init @@ -30,7 +30,7 @@ resolve_device() # XXX what the hell happens here? # why this loop sometimes trigger panic if i remove '|| :' while [ ! -b "$device" ]; do sleep 1 - [ "$((count += 1))" = 30 ] && { + [ "$((count += 1))" = "${rootdelay:=30}" ] && { panic "failed to lookup partition" break }