Topics

[dunfell 15/32] dm-verity-image-initramfs: Use initramfs-framework


akuster
 

From: "niko.mauno@..." <niko.mauno@...>

Switch from this layer's initramfs-dm-verity recipe to poky-provided
initramfs-framework suite to manage veritysetup et al.

This commit also removes initramfs-dm-verity recipe which is not
referred from elsewhere in this meta layer.

Also update the install path of dm-verity.env from /usr/share to
/usr/share/misc in order to better comply with FHS3.0, see
https://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch04s11.html#usrsharemiscMiscellaneousArchitecture

Signed-off-by: Niko Mauno <niko.mauno@...>
Signed-off-by: Armin Kuster <@armpit>
(cherry picked from commit 45e8b20cd022eb7b20d72c23db9fcc6824f08c7a)
---
.../images/dm-verity-image-initramfs.bb | 5 +-
.../initrdscripts/initramfs-dm-verity.bb | 13 ------
.../initramfs-dm-verity/init-dm-verity.sh | 46 -------------------
3 files changed, 3 insertions(+), 61 deletions(-)
delete mode 100644 recipes-core/initrdscripts/initramfs-dm-verity.bb
delete mode 100644 recipes-core/initrdscripts/initramfs-dm-verity/init-dm-verity.sh

diff --git a/recipes-core/images/dm-verity-image-initramfs.bb b/recipes-core/images/dm-verity-image-initramfs.bb
index e791c19..6a1058d 100644
--- a/recipes-core/images/dm-verity-image-initramfs.bb
+++ b/recipes-core/images/dm-verity-image-initramfs.bb
@@ -4,7 +4,8 @@ DESCRIPTION = "Simple initramfs image for mounting the rootfs over the verity de
IMAGE_FEATURES = ""

PACKAGE_INSTALL = " \
- initramfs-dm-verity \
+ initramfs-module-dmverity \
+ initramfs-module-udev \
base-files \
busybox \
util-linux-mount \
@@ -24,6 +25,6 @@ IMAGE_FSTYPES = "${INITRAMFS_FSTYPES}"
inherit core-image

deploy_verity_hash() {
- install -D -m 0644 ${STAGING_VERITY_DIR}/${DM_VERITY_IMAGE}.${DM_VERITY_IMAGE_TYPE}.verity.env ${IMAGE_ROOTFS}${datadir}/dm-verity.env
+ install -D -m 0644 ${STAGING_VERITY_DIR}/${DM_VERITY_IMAGE}.${DM_VERITY_IMAGE_TYPE}.verity.env ${IMAGE_ROOTFS}${datadir}/misc/dm-verity.env
}
IMAGE_PREPROCESS_COMMAND += "deploy_verity_hash;"
diff --git a/recipes-core/initrdscripts/initramfs-dm-verity.bb b/recipes-core/initrdscripts/initramfs-dm-verity.bb
deleted file mode 100644
index b614956..0000000
--- a/recipes-core/initrdscripts/initramfs-dm-verity.bb
+++ /dev/null
@@ -1,13 +0,0 @@
-SUMMARY = "Simple init script that uses devmapper to mount the rootfs in read-only mode protected by dm-verity"
-LICENSE = "MIT"
-LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
-
-SRC_URI = "file://init-dm-verity.sh"
-
-do_install() {
- install -m 0755 ${WORKDIR}/init-dm-verity.sh ${D}/init
- install -d ${D}/dev
- mknod -m 622 ${D}/dev/console c 5 1
-}
-
-FILES_${PN} = "/init /dev/console"
diff --git a/recipes-core/initrdscripts/initramfs-dm-verity/init-dm-verity.sh b/recipes-core/initrdscripts/initramfs-dm-verity/init-dm-verity.sh
deleted file mode 100644
index 307d2c7..0000000
--- a/recipes-core/initrdscripts/initramfs-dm-verity/init-dm-verity.sh
+++ /dev/null
@@ -1,46 +0,0 @@
-#!/bin/sh
-
-PATH=/sbin:/bin:/usr/sbin:/usr/bin
-RDEV=""
-ROOT_DIR="/new_root"
-
-mkdir -p /proc
-mkdir -p /sys
-mkdir -p /run
-mkdir -p /tmp
-mount -t proc proc /proc
-mount -t sysfs sysfs /sys
-mount -t devtmpfs none /dev
-
-udevd --daemon
-udevadm trigger --type=subsystems --action=add
-udevadm trigger --type=devices --action=add
-udevadm settle --timeout=10
-
-for PARAM in $(cat /proc/cmdline); do
- case $PARAM in
- root=*)
- RDEV=${PARAM#root=}
- ;;
- esac
-done
-
-if ! [ -b $RDEV ]; then
- echo "Missing root command line argument!"
- exit 1
-fi
-
-case $RDEV in
- UUID=*)
- RDEV=$(realpath /dev/disk/by-uuid/${RDEV#UUID=})
- ;;
-esac
-
-. /usr/share/dm-verity.env
-
-echo "Mounting $RDEV over dm-verity as the root filesystem"
-
-veritysetup --data-block-size=1024 --hash-offset=$DATA_SIZE create rootfs $RDEV $RDEV $ROOT_HASH
-mkdir -p $ROOT_DIR
-mount -o ro /dev/mapper/rootfs $ROOT_DIR
-exec switch_root $ROOT_DIR /sbin/init
--
2.17.1