summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--Makefile25
-rw-r--r--cpio_list.txt44
-rw-r--r--init57
-rwxr-xr-xmake98
-rw-r--r--passwd2
-rw-r--r--unlock4
6 files changed, 127 insertions, 103 deletions
diff --git a/Makefile b/Makefile
index 22883a1..6832bbd 100644
--- a/Makefile
+++ b/Makefile
@@ -1,21 +1,24 @@
+CC = gcc
+CFLAGS ?= -O2 -pipe
+MAKEFLAGS += -L -R -r
+
all: initramfs.img
-initramfs.img:
+initramfs.img: gen_init_cpio
./make
-include initramfs.d
-install: install-initramfs.img
+gen_init_cpio: gen_init_cpio.c
+ $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $^ $(LDLIBS) -o $@
-install-initramfs.img: initramfs.img
- rm -f $@.old $@.new
- cp $< $@.new
- if [ -e $@ ]; then mv $@ $@.old; fi
- mv $@.new $@
+install: initramfs.img
+ rm -f /boot/$<.old /boot/$<.new
+ cp $< /boot/$<.new || rm -f /boot/$<.new
+ if [ -e /boot/$< ]; then mv /boot/$< /boot/$<.old; fi
+ mv /boot/$<.new /boot/$<
clean:
- $(RM) -r initramfs.img initramfs.d kernel
-
-.PHONY: all install install-initramfs.img clean
+ rm -f -r initramfs.img initramfs.d gen_init_cpio
-MAKEFLAGS = -L -R -r
+.PHONY: all install clean
diff --git a/cpio_list.txt b/cpio_list.txt
new file mode 100644
index 0000000..79b38f0
--- /dev/null
+++ b/cpio_list.txt
@@ -0,0 +1,44 @@
+# basic directories. note that parent directories for files will be
+# auto-generated by make script, and everything will be sorted afterwards
+dir /dev 0755 0 0
+dir /mnt 0755 0 0
+dir /proc 0755 0 0
+dir /run 0755 0 0
+dir /run/cryptsetup 0755 0 0
+dir /sys 0755 0 0
+
+# kernel needs this to be available before /init
+nod /dev/console 0600 0 0 c 5 1
+
+# symlinks
+slink /bin/sh busybox 0755 0 0
+slink /etc/mtab /proc/self/mounts 0755 0 0
+
+# executables
+file /bin/busybox /bin/busybox 0755 0 0
+file /init ./init 0755 0 0
+
+# firmware
+file /lib/firmware/amdgpu/polaris10_ce_2.bin /lib/firmware/amdgpu/polaris10_ce_2.bin 0644 0 0
+file /lib/firmware/amdgpu/polaris10_k_smc.bin /lib/firmware/amdgpu/polaris10_k_smc.bin 0644 0 0
+file /lib/firmware/amdgpu/polaris10_mc.bin /lib/firmware/amdgpu/polaris10_mc.bin 0644 0 0
+file /lib/firmware/amdgpu/polaris10_me_2.bin /lib/firmware/amdgpu/polaris10_me_2.bin 0644 0 0
+file /lib/firmware/amdgpu/polaris10_mec2_2.bin /lib/firmware/amdgpu/polaris10_mec2_2.bin 0644 0 0
+file /lib/firmware/amdgpu/polaris10_mec_2.bin /lib/firmware/amdgpu/polaris10_mec_2.bin 0644 0 0
+file /lib/firmware/amdgpu/polaris10_pfp_2.bin /lib/firmware/amdgpu/polaris10_pfp_2.bin 0644 0 0
+file /lib/firmware/amdgpu/polaris10_rlc.bin /lib/firmware/amdgpu/polaris10_rlc.bin 0644 0 0
+file /lib/firmware/amdgpu/polaris10_sdma.bin /lib/firmware/amdgpu/polaris10_sdma.bin 0644 0 0
+file /lib/firmware/amdgpu/polaris10_sdma1.bin /lib/firmware/amdgpu/polaris10_sdma1.bin 0644 0 0
+file /lib/firmware/amdgpu/polaris10_smc_sk.bin /lib/firmware/amdgpu/polaris10_smc_sk.bin 0644 0 0
+file /lib/firmware/amdgpu/polaris10_uvd.bin /lib/firmware/amdgpu/polaris10_uvd.bin 0644 0 0
+file /lib/firmware/amdgpu/polaris10_vce.bin /lib/firmware/amdgpu/polaris10_vce.bin 0644 0 0
+file /lib/firmware/rtl_nic/rtl8168h-2.fw /lib/firmware/rtl_nic/rtl8168h-2.fw 0644 0 0
+
+# dropbear support
+file /etc/dropbear/dropbear_ecdsa_host_key ./dropbear_ecdsa_host_key 0600 0 0
+file /etc/dropbear/dropbear_rsa_host_key ./dropbear_rsa_host_key 0600 0 0
+file /etc/passwd ./passwd 0644 0 0
+file /lib64/libnss_files.so.2 /lib64/libnss_files.so.2 0755 0 0
+file /root/.ssh/authorized_keys ./authorized_keys 0600 0 0
+file /sbin/unlock ./unlock 0755 0 0
+file /usr/share/udhcpc/default.script /usr/share/udhcpc/default.script 0755 0 0
diff --git a/init b/init
index e8041ef..8df2dda 100644
--- a/init
+++ b/init
@@ -1,46 +1,33 @@
#!/bin/sh
-trap 'kill $dropbear_pid; exec sh' EXIT
+trap 'exec sh' EXIT
-case "$PATH" in
- */*) ;;
- *) export PATH="/usr/sbin:/usr/bin:/sbin:/bin" ;;
-esac
+export PATH="/usr/sbin:/usr/bin:/sbin:/bin"
mount -t proc proc /proc
mount -t devtmpfs devtmpfs /dev
+# use -p to avoid "directory exists" error
mkdir -p /dev/pts
+# /dev/pts for dropbear
mount -t devpts devpts /dev/pts
-mount -t sysfs sysfs /sys
(
ip link set eth0 up
-ip addr add 192.168.0.7/24 dev eth0
-exec dropbear -F -s -p 2222 -K 30
-) &
-dropbear_pid=$!
-
-enc_root=$(findfs UUID=26748575-d7a7-418b-8f68-21be7c937500) || exit
-cryptsetup open --tries 65535 --allow-discards "$enc_root" root || [ -e /dev/mapper/root ] || exit
-
-kill $dropbear_pid
-dropbear_pid=
-
-e2fsck -C 0 -E inode_count_fullmap -p /dev/mapper/root
-e2fsck_r=$?
-if [ $(( e2fsck_r & 2 )) = 2 ]; then
- reboot -f
-fi
-case "$e2fsck_r" in
- 0|1) ;;
- *) exit
-esac
-
-mount -o nodev,commit=30 /dev/mapper/root /mnt || exit
-cd /mnt
-umount /dev/pts
-mount --move /dev dev
-mount --move /proc proc
-mount --move /sys sys
-
-exec switch_root /mnt /usr/lib/systemd/systemd
+udhcpc -i eth0
+# -p 2222 to avoid host key clash
+dropbear -p 2222
+) >/dev/null 2>&1 &
+
+root=$(findfs UUID=26748575-d7a7-418b-8f68-21be7c937500) || exit
+cryptsetup open --tries 65535 --allow-discards "$root" root
+# in case of /sbin/unlock
+[ -e /dev/mapper/root ] || exit
+e2fsck -C 0 -E inode_count_fullmap -p /dev/mapper/root || exit
+mount -o nodev /dev/mapper/root /mnt || exit
+
+kill -9 -1
+ip link set eth0 down
+
+cd /mnt || exit
+umount -n /dev/pts /dev /proc
+exec switch_root . /usr/lib/systemd/systemd
diff --git a/make b/make
index 70c19f4..9f35483 100755
--- a/make
+++ b/make
@@ -2,65 +2,41 @@
set -e
-scriptloc=${BASH_SOURCE:-$0}
-scriptdir=${scriptloc%/*}
+compressor="lz4 --best --favor-decSpeed -l"
-gen_cpio_list() {
- cat << EOF
-dir /dev 0755 0 0
-dir /mnt 0755 0 0
-dir /proc 0755 0 0
-dir /run 0755 0 0
-dir /run/cryptsetup 0755 0 0
-dir /sys 0755 0 0
-
-nod /dev/console 0600 0 0 c 5 1
-
-slink /bin/sh busybox 0755 0 0
-slink /etc/mtab /proc/self/mounts 0755 0 0
-
-slink /usr/lib64/libgcc_s.so libgcc_s.so.1 0755 0 0
-file /usr/lib64/libgcc_s.so.1 /usr/lib/gcc/x86_64-pc-linux-gnu/9.1.0/libgcc_s.so.1 0755 0 0
-
-file /bin/busybox /bin/busybox 0755 0 0
-file /etc/passwd $scriptdir/passwd 0644 0 0
-file /etc/dropbear/dropbear_rsa_host_key $scriptdir/dropbear_rsa_host_key 0600 0 0
-file /etc/dropbear/dropbear_ecdsa_host_key $scriptdir/dropbear_ecdsa_host_key 0600 0 0
-file /init $scriptdir/init 0755 0 0
-file /lib/firmware/radeon/CAYMAN_mc.bin /lib/firmware/radeon/CAYMAN_mc.bin 0644 0 0
-file /lib/firmware/radeon/CAYMAN_me.bin /lib/firmware/radeon/CAYMAN_me.bin 0644 0 0
-file /lib/firmware/radeon/CAYMAN_pfp.bin /lib/firmware/radeon/CAYMAN_pfp.bin 0644 0 0
-file /lib/firmware/radeon/CAYMAN_rlc.bin /lib/firmware/radeon/CAYMAN_rlc.bin 0644 0 0
-file /lib/firmware/radeon/CAYMAN_smc.bin /lib/firmware/radeon/CAYMAN_smc.bin 0644 0 0
-file /lib/firmware/radeon/SUMO_uvd.bin /lib/firmware/radeon/SUMO_uvd.bin 0644 0 0
-file /lib/firmware/rtl_nic/rtl8168h-2.fw /lib/firmware/rtl_nic/rtl8168h-2.fw 0644 0 0
-file /lib64/libnss_files.so.2 /lib64/libnss_files.so.2 0755 0 0
-file /root/.ssh/authorized_keys $scriptdir/authorized_keys 0600 0 0
-file /unlock $scriptdir/unlock 0755 0 0
-EOF
- for cmd in cryptsetup e2fsck dropbear; do
- cmdp="$(command -v "$cmd")"
- # builtin
- if [ "$cmd" = "$cmdp" ]; then
- continue
- fi
- ldd "$cmdp" | while read a b c d; do
- if [ "$b" = '=>' ]; then
- printf 'file /lib64/%s %s 0755 0 0\n' "${c##*/}" "$c"
- else
- # interpreter
- case "$a" in
- /*) printf 'file %s %s 0755 0 0\n' "$a" "$a" ;;
- esac
- fi
- done
- printf 'file %s %s 0755 0 0\n' "$cmdp" "$cmdp"
+# generate a cpio entry for a command
+gen_cmd() {
+ cmd=$1
+ cmdp="$(command -v "$cmd")"
+ # builtin
+ if [ "$cmd" = "$cmdp" ]; then
+ return
+ fi
+ printf 'file %s %s 0755 0 0\n' "$cmdp" "$cmdp"
+ ldd "$cmdp" | grep / | while read line; do
+ tmp=${line% *}
+ lib=/${tmp#*/}
+ # don't bother with ld.so.conf
+ printf 'file /lib64/%s %s 0755 0 0\n' "${lib##*/}" "$lib"
done
}
+# generate the main file list
+gen_cpio_list() {
+ sed -e '/^#/d' cpio_list.txt
+ gen_cmd e2fsck
+ gen_cmd dropbear
+ export LD_PRELOAD=libgcc_s.so.1
+ gen_cmd cryptsetup
+}
+
+# filter the list and insert parent directory entries
gen_dir_ents() {
while read type target args; do
+ # re-print the original entry
printf '%s %s %s\n' "$type" "$target" "$args"
+ # print the necessary directory entries. duplicates will be
+ # filtered by sort -u later
while [ "${target%/*}" != '' ]; do
target=${target%/*}
printf 'dir %s 0755 0 0\n' "$target"
@@ -68,18 +44,30 @@ gen_dir_ents() {
done
}
+# filter the list and generate the make dependency file
gen_depfile() {
- deps='make'
+ deps='cpio_list.txt make'
while read type target source args; do
+ # re-print the original entry
printf '%s %s %s %s\n' "$type" "$target" "$source" "$args"
+ # accumulate the dependencies in a list to avoid make bugs.
+ # there will be no duplicates since the list was previously sorted
if [ "$type" = file ]; then
deps="$deps $source"
+ # avoid "No rule to make target" when deps disappear
echo "$source:" >&3
fi
done
echo "initramfs.img: $deps" >&3
}
-gen_cpio_list | gen_dir_ents | sort -u | gen_depfile 3>initramfs.d | "${scriptdir}"/gen_init_cpio -t 0 - | xz --x86 --lzma2=preset=9e --check=crc32 -c > initramfs.img
+if ! [ -e cpio_list.txt ] || ! [ -e gen_init_cpio ]; then
+ cd "${0%/*}"
+fi
-# vim:ft=sh:
+gen_cpio_list | \
+gen_dir_ents | \
+sort -u | \
+gen_depfile 3>initramfs.d | \
+./gen_init_cpio -t 0 - | \
+$compressor > initramfs.img
diff --git a/passwd b/passwd
index eb85a55..fd6236d 100644
--- a/passwd
+++ b/passwd
@@ -1 +1 @@
-root:x:0:0:root:/root:/bin/sh
+root:x:0:0::/root:/bin/sh
diff --git a/unlock b/unlock
index d034674..50d282b 100644
--- a/unlock
+++ b/unlock
@@ -1,3 +1,5 @@
#!/bin/sh
-cryptsetup open /dev/nvme0n1p2 root && pkill cryptsetup
+root=$(findfs UUID=26748575-d7a7-418b-8f68-21be7c937500) || exit
+cryptsetup open --allow-discards "$root" root || exit
+pkill cryptsetup