gryf/mkinitramfs
1
0
Fork 0
mirror of https://github.com/gryf/mkinitramfs.git synced 2025-12-19 12:28:14 +01:00
Code Issues Projects Releases Wiki Activity

Make config as a separate attribute for initramfs objects

Browse Source
This commit is contained in:
gryf
2025-06-27 12:13:57 +02:00
parent 7ecdc90baf
commit e1aef8338b
1 changed files with 42 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

94
mkinitramfs.py
View File

@@ -79,9 +79,6 @@ $CLEAR
export PATH=/bin export PATH=/bin
umask 0077 umask 0077
[ ! -d /proc ] && mkdir /proc
[ ! -d /tmp ] && mkdir /tmp
[ ! -d /mnt ] && mkdir /mnt
[ ! -d /new-root ] && mkdir /new-root [ ! -d /new-root ] && mkdir /new-root
mount -t devtmpfs -o nosuid,relatime,size=10240k,mode=755 devtmpfs /dev mount -t devtmpfs -o nosuid,relatime,size=10240k,mode=755 devtmpfs /dev
@@ -323,14 +320,14 @@ class Config:
key = os.path.join(KEYS_PATH, key) key = os.path.join(KEYS_PATH, key)
if not os.path.exists(key): if not os.path.exists(key):
sys.stderr.write(f'Cannot find key file for ' sys.stderr.write(f'Cannot find key file for '
'{toml_.get("key")}.\n') f'{toml_.get("key")}.\n')
sys.exit(2) sys.exit(5)
self.key_path = key self.key_path = key
if not (self.key_path or self.no_key): if not (self.key_path or self.no_key):
sys.stderr.write(f'key file for {self.drive} is not provided, ' sys.stderr.write(f'key file for {self.drive} is not provided, '
'while no-key option is not set.\n') f'while no-key option is not set.\n')
sys.exit(2) sys.exit(6)
# UUID is only available via config file # UUID is only available via config file
self.uuid = toml_.get('uuid') self.uuid = toml_.get('uuid')
@@ -344,28 +341,11 @@ class Config:
class Initramfs(object): class Initramfs(object):
def __init__(self, conf): def __init__(self, conf):
self.modules = conf.copy_modules self.conf = conf
self.disk_label = conf.disk_label
self.dropbear = conf.dropbear
self.install = conf.install
self.key_path = conf.key_path
self.key = None self.key = None
self.lvm = conf.lvm
self.no_key = conf.no_key
self.sdcard = conf.sdcard
self.yk = conf.yubikey
self.uuid = conf.uuid
self.ip = conf.ip
self.gateway = conf.gateway
self.netmask = conf.netmask
self.authorized_keys = conf.authorized_keys
self.dirname = None self.dirname = None
self.kernel_ver = os.readlink('/usr/src/linux').replace('linux-', '') self.kernel_ver = os.readlink('/usr/src/linux').replace('linux-', '')
self._make_tmp() self._make_tmp()
self._drive = conf.drive
def _make_tmp(self): def _make_tmp(self):
self.dirname = tempfile.mkdtemp(prefix='init_') self.dirname = tempfile.mkdtemp(prefix='init_')
@@ -388,13 +368,13 @@ class Initramfs(object):
_fd, fname = tempfile.mkstemp(dir=self.dirname, suffix='.sh') _fd, fname = tempfile.mkstemp(dir=self.dirname, suffix='.sh')
os.close(_fd) os.close(_fd)
with open(fname, 'w') as fobj: with open(fname, 'w') as fobj:
lvm = '/sbin/lvscan\n/sbin/vgchange' if self.lvm else '' lvm = '/sbin/lvscan\n/sbin/vgchange' if self.conf.lvm else ''
yubikey = '/usr/bin/ykchalresp' if self.yk else '' yubikey = '/usr/bin/ykchalresp' if self.conf.yubikey else ''
dropbear = '/usr/sbin/dropbear' if self.dropbear else '' dropbear = '/usr/sbin/dropbear' if self.conf.dropbear else ''
fobj.write(SHEBANG) fobj.write(SHEBANG)
fobj.write(DEPS % {'lvm': lvm, 'yubikey': yubikey, fobj.write(DEPS % {'lvm': lvm, 'yubikey': yubikey,
'dropbear': dropbear}) 'dropbear': dropbear})
fobj.write(COPY_DEPS % 'true' if self.dropbear else 'false') fobj.write(COPY_DEPS % 'true' if self.conf.dropbear else 'false')
# extra crap, which seems to be needed, but is not direct dependency # extra crap, which seems to be needed, but is not direct dependency
for root, _, fnames in os.walk('/usr/lib'): for root, _, fnames in os.walk('/usr/lib'):
@@ -413,7 +393,7 @@ class Initramfs(object):
os.chdir(self.curdir) os.chdir(self.curdir)
def _copy_dropbear_deps(self): def _copy_dropbear_deps(self):
if not self.dropbear: if not self.conf.dropbear:
return return
for dir_ in ('root/.ssh', 'etc/dropbear'): for dir_ in ('root/.ssh', 'etc/dropbear'):
@@ -429,8 +409,9 @@ class Initramfs(object):
shutil.copy('/etc/localtime', 'etc') shutil.copy('/etc/localtime', 'etc')
# Copy the authorized keys for your regular user you administrate with # Copy the authorized keys for your regular user you administrate with
if self.authorized_keys and os.path.exists(self.authorized_keys): if (self.conf.authorized_keys and
shutil.copy(self.authorized_keys, 'root/.ssh') os.path.exists(self.conf.authorized_keys)):
shutil.copy(self.conf.authorized_keys, 'root/.ssh')
# Copy OpenSSH's host keys to keep both initramfs' and regular ssh # Copy OpenSSH's host keys to keep both initramfs' and regular ssh
# signed the same otherwise openssh clients will see different host # signed the same otherwise openssh clients will see different host
@@ -457,7 +438,7 @@ class Initramfs(object):
"group: files\n") "group: files\n")
def _copy_modules(self): def _copy_modules(self):
if not self.modules: if not self.conf.copy_modules:
return return
os.chdir(self.dirname) os.chdir(self.dirname)
os.mkdir(os.path.join('lib', 'modules')) os.mkdir(os.path.join('lib', 'modules'))
@@ -488,53 +469,60 @@ class Initramfs(object):
os.symlink('busybox', command) os.symlink('busybox', command)
def _copy_key(self, suffix=''): def _copy_key(self, suffix=''):
key_path = self.key_path key_path = self.conf.key_path
if not os.path.exists(key_path): if not os.path.exists(key_path):
key_path = os.path.join(self.key_path + suffix) key_path = os.path.join(self.conf.key_path + suffix)
if not os.path.exists(key_path): if not os.path.exists(key_path):
self._cleanup() self._cleanup()
sys.stderr.write(f'Cannot find key(s) file for {self._drive}.\n') sys.stderr.write(f'Cannot find key(s) file for '
f'{self.conf.drive}.\n')
sys.exit(2) sys.exit(2)
key_path = os.path.abspath(key_path) key_path = os.path.abspath(key_path)
self.key = os.path.basename(key_path)
os.chdir(self.dirname) os.chdir(self.dirname)
shutil.copy2(key_path, 'keys') shutil.copy2(key_path, 'keys')
os.chdir(self.curdir) os.chdir(self.curdir)
if not (suffix or self.key):
# set self.key only when:
# - there is no key set to self
# - suffix is empty
# so that we could get the key name calculated for the yk
self.key = os.path.basename(key_path)
def _generate_init(self): def _generate_init(self):
os.chdir(self.dirname) os.chdir(self.dirname)
with open('init', 'w') as fobj: with open('init', 'w') as fobj:
fobj.write(SHEBANG_ASH) fobj.write(SHEBANG_ASH)
fobj.write(f"UUID='{self.uuid}'\n") fobj.write(f"UUID='{self.conf.uuid}'\n")
if self.key: if self.key:
fobj.write(f"KEY='/keys/{self.key}'\n") fobj.write(f"KEY='/keys/{self.key}'\n")
fobj.write(INIT) fobj.write(INIT)
fobj.write(INIT_CMD) fobj.write(INIT_CMD)
if self.disk_label: if self.conf.disk_label:
fobj.write(INIT_LABELED % {'label': self.disk_label}) fobj.write(INIT_LABELED % {'label': self.conf.disk_label})
if self.sdcard: if self.conf.sdcard:
fobj.write(INIT_SD) fobj.write(INIT_SD)
fobj.write(INIT_OPEN) fobj.write(INIT_OPEN)
if self.disk_label or self.sdcard: if self.conf.disk_label or self.conf.sdcard:
fobj.write(DECRYPT_KEYDEV) fobj.write(DECRYPT_KEYDEV)
if self.yk: if self.conf.yubikey:
fobj.write(DECRYPT_YUBICP % {'disk': self._drive}) fobj.write(DECRYPT_YUBICP % {'disk': self.conf.drive})
if self.dropbear: if self.conf.dropbear:
fobj.write(DROPBEAR % {'ip': self.ip, 'gateway': self.gateway, fobj.write(DROPBEAR % {'ip': self.conf.ip,
'netmask': self.netmask}) 'gateway': self.conf.gateway,
'netmask': self.conf.netmask})
fobj.write(DECRYPT_PASSWORD) fobj.write(DECRYPT_PASSWORD)
if self.dropbear: if self.conf.dropbear:
fobj.write("killall dropbear\n") fobj.write("killall dropbear\n")
fobj.write(SWROOT) fobj.write(SWROOT)
os.chmod('init', 0b111101101) os.chmod('init', 0b111101101)
if self.dropbear: if self.conf.dropbear:
with open('root/decrypt.sh', 'w') as fobj: with open('root/decrypt.sh', 'w') as fobj:
fobj.write(SHEBANG_ASH) fobj.write(SHEBANG_ASH)
fobj.write(f"UUID='{self.uuid}'\n") fobj.write(f"UUID='{self.conf.uuid}'\n")
if self.key: if self.key:
fobj.write(f"KEY='/keys/{self.key}'\n") fobj.write(f"KEY='/keys/{self.key}'\n")
fobj.write(DROPBEAR_SCRIPT) fobj.write(DROPBEAR_SCRIPT)
@@ -558,7 +546,7 @@ class Initramfs(object):
os.chmod(self.cpio_arch, 0b110100100) os.chmod(self.cpio_arch, 0b110100100)
if self.install: if self.conf.install:
self._make_boot_links() self._make_boot_links()
else: else:
shutil.move(self.cpio_arch, 'initramfs.cpio') shutil.move(self.cpio_arch, 'initramfs.cpio')
@@ -598,9 +586,9 @@ class Initramfs(object):
self._copy_modules() self._copy_modules()
# self._copy_wlan_modules() # self._copy_wlan_modules()
self._populate_busybox() self._populate_busybox()
if not self.no_key: if not self.conf.no_key:
self._copy_key() self._copy_key()
if self.yk: if self.conf.yubikey:
self._copy_key('.yk') self._copy_key('.yk')
self._generate_init() self._generate_init()
self._mkcpio_arch() self._mkcpio_arch()