init: clean up

Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
author: Lans Zhang <jia.zhang@windriver.com> 2017-07-04 17:22:12 +0800
committer: Lans Zhang <jia.zhang@windriver.com> 2017-07-04 17:22:12 +0800
commit: 6ace7c99baf1b8ab5eb12793331cb3f4ffe695cf (patch)
tree: ab45aa69710009a1b722d7a3cd6e6234d9cc5a95
parent: a9e266c4810d46b0f844b326c74541982fe921f1 (diff)
download: meta-secure-core-6ace7c99baf1b8ab5eb12793331cb3f4ffe695cf.tar.gz
1 files changed, 40 insertions, 80 deletions
diff --git a/meta/recipes-core/initrdscripts/files/init b/meta/recipes-core/initrdscripts/files/init
index ff7531f..4c5155a 100644
--- a/meta/recipes-core/initrdscripts/files/init
+++ b/meta/recipes-core/initrdscripts/files/init
@@ -1,89 +1,52 @@
 #!/bin/sh
 PATH="/sbin:/bin:/usr/sbin:/usr/bin"
+ROOTFS_MOUNT="/rootfs"
+INIT="/sbin/init"
+mkdir /proc /sys /run
+mount -t proc none /proc
+mount -t sysfs none /sys
+mount -t devtmpfs none /dev
+mount -t tmpfs none /run
+cmdline="`cat /proc/cmdline`"
+for arg in $cmdline; do
+    optarg=`expr "x$arg" : 'x[^=]*=\(.*\)'`
+    case "$arg" in
+    root=*)
+        ROOTFS_DEV="$optarg"
+        ;;
+    init=*)
+        INIT="$optarg"
+        ;;
+    esac
+done
-ROOT_MOUNT="/rootfs"
+[ -z "$ROOTFS_DEV" ] && {
-MOUNT="/bin/mount"
+    echo "exiting on missing the kernel parameter root= ..."
-UMOUNT="/bin/umount"
+    exit 1
-# Copied from initramfs-framework. The core of this script probably should be
-# turned into initramfs-framework modules to reduce duplication.
-udev_daemon() {
-    PROGS="/sbin/udev/udevd /sbin/udevd /lib/udev/udevd /lib/systemd/systemd-udevd"
-    for o in $PROGS; do
-        if [ -x "$o" ]; then
-            echo "$o"
-            return 0
-        fi
-    done
-    return 1
-}
-_UDEV_DAEMON="`udev_daemon`"
-early_setup() {
-    mount -t proc proc /proc
-    mount -t sysfs sysfs /sys
-    mount -t devtmpfs none /dev
-    mount -t tmpfs none /run
-    $_UDEV_DAEMON --daemon
-    udevadm trigger --action=add
-}
-read_args() {
-    [ -z "$CMDLINE" ] && CMDLINE="`cat /proc/cmdline`"
-    for arg in $CMDLINE; do
-        optarg=`expr "x$arg" : 'x[^=]*=\(.*\)'`
-        case "$arg" in
-            root=*)
-                ROOT_DEVICE="$optarg"
-                ;;
-            rootdelay=*)
-                ROOT_DELAY="$optarg"
-                ;;
-            init=*)
-                INIT="$optarg"
-                ;;
-        esac
-    done
-}
-fatal() {
-    echo $1 >$CONSOLE
-    echo >$CONSOLE
-    exec sh
 }
-early_setup
+mkdir -p "$ROOTFS_MOUNT"
-read_args
-[ -z "$CONSOLE" ] && CONSOLE="/dev/console"
-[ -z "$INIT" ] && INIT="/sbin/init"
-udevadm settle --timeout=3
-killall "${_UDEV_DAEMON##*/}" 2>/dev/null
-mkdir -p "$ROOT_MOUNT"
 try_to_mount_rootfs() {
    local mount_flags="rw,noatime,iversion"
-    mount -o "$mount_flags" "$ROOT_DEVICE" "$ROOT_MOUNT" \
+    mount -o "$mount_flags" "$ROOTFS_DEV" "$ROOTFS_MOUNT" \
        2>/dev/null && return 0
    [ -x /init.cryptfs ] &&
-        /init.cryptfs "$ROOT_MOUNT" "$ROOT_DEVICE" \
+        /init.cryptfs "$ROOTFS_MOUNT" "$ROOTFS_DEV" \
            "$mount_flags" OVERCROOTFS && return 0
    return 1
 }
-echo "Waiting for root device to be ready..."
+echo "Waiting for root device to be ready ..."
-while [ 1 ] ; do
+while [ 1 ]; do
    try_to_mount_rootfs && break
    sleep 0.1
 done
@@ -91,24 +54,18 @@ done
 # Move the mount points of some filesystems over to
 # the corresponding directories under the real root filesystem.
 for dir in `cat /proc/mounts | grep -v rootfs | awk '{ print $2 }'` ; do
-    mkdir -p  $ROOT_MOUNT/${dir##*/}
+    mkdir -p "$ROOTFS_MOUNT"/${dir##*/}
-    mount -nv --move "$dir" $ROOT_MOUNT/${dir##*/}
+    mount -nv --move "$dir" "$ROOTFS_MOUNT"/${dir##*/}
 done
-cd "$ROOT_MOUNT"
+cd "$ROOTFS_MOUNT"
-# If we pass args to bash, it will assume they are text files
-# to source and run.
-if [ "$INIT" == "/bin/bash" ] || [ "$INIT" == "/bin/sh" ]; then
-    CMDLINE=""
-fi
 # !!! The Big Fat Warnings !!!
 #
 # The IMA policy may enforce appraising the executable and verifying the
 # signature stored in xattr. However, ramfs doesn't support xattr, and all
 # other initializations must *NOT* be placed after IMA initialization!
-[ -x /init.ima ] && /init.ima "$ROOT_MOUNT" && {
+[ -x /init.ima ] && /init.ima "$ROOTFS_MOUNT" && {
    # switch_root is an exception. We call it in the real rootfs and it
    # should be already signed properly.
    switch_root="usr/sbin/switch_root.static"
@@ -116,5 +73,8 @@ fi
    switch_root="switch_root"
 }
-exec "$switch_root" "$ROOT_MOUNT" "$INIT" "$CMDLINE" ||
+exec "$switch_root" "$ROOTFS_MOUNT" "$INIT" || {
-    fatal "Couldn't switch_root, dropping to shell"
+    "$ROOTFS_MOUNT/bin/echo.coreutils" "Couldn't switch to the real rootfs"
+    # Cause kernel panic.
+    exit 2
+}
author	Lans Zhang <jia.zhang@windriver.com>	2017-07-04 17:22:12 +0800
committer	Lans Zhang <jia.zhang@windriver.com>	2017-07-04 17:22:12 +0800
commit	6ace7c99baf1b8ab5eb12793331cb3f4ffe695cf (patch)
tree	ab45aa69710009a1b722d7a3cd6e6234d9cc5a95
parent	a9e266c4810d46b0f844b326c74541982fe921f1 (diff)
download	meta-secure-core-6ace7c99baf1b8ab5eb12793331cb3f4ffe695cf.tar.gz

diff --git a/meta/recipes-core/initrdscripts/files/init b/meta/recipes-core/initrdscripts/files/init index ff7531f..4c5155a 100644 --- a/meta/recipes-core/initrdscripts/files/init +++ b/meta/recipes-core/initrdscripts/files/init
@@ -1,89 +1,52 @@
1	#!/bin/sh	1	#!/bin/sh
2		2
3	PATH="/sbin:/bin:/usr/sbin:/usr/bin"	3	PATH="/sbin:/bin:/usr/sbin:/usr/bin"
		4	ROOTFS_MOUNT="/rootfs"
		5	INIT="/sbin/init"
		6
		7	mkdir /proc /sys /run
		8	mount -t proc none /proc
		9	mount -t sysfs none /sys
		10	mount -t devtmpfs none /dev
		11	mount -t tmpfs none /run
		12
		13	cmdline="`cat /proc/cmdline`"
		14	for arg in $cmdline; do
		15	optarg=`expr "x$arg" : 'x[^=]=\(.\)'`
		16
		17	case "$arg" in
		18	root=*)
		19	ROOTFS_DEV="$optarg"
		20	;;
		21	init=*)
		22	INIT="$optarg"
		23	;;
		24	esac
		25	done
4		26
5	ROOT_MOUNT="/rootfs"	27	[ -z "$ROOTFS_DEV" ] && {
6	MOUNT="/bin/mount"	28	echo "exiting on missing the kernel parameter root= ..."
7	UMOUNT="/bin/umount"	29	exit 1
8
9	# Copied from initramfs-framework. The core of this script probably should be
10	# turned into initramfs-framework modules to reduce duplication.
11	udev_daemon() {
12	PROGS="/sbin/udev/udevd /sbin/udevd /lib/udev/udevd /lib/systemd/systemd-udevd"
13
14	for o in $PROGS; do
15	if [ -x "$o" ]; then
16	echo "$o"
17	return 0
18	fi
19	done
20
21	return 1
22	}
23
24	_UDEV_DAEMON="`udev_daemon`"
25
26	early_setup() {
27	mount -t proc proc /proc
28	mount -t sysfs sysfs /sys
29	mount -t devtmpfs none /dev
30	mount -t tmpfs none /run
31
32	$_UDEV_DAEMON --daemon
33	udevadm trigger --action=add
34	}
35
36	read_args() {
37	[ -z "$CMDLINE" ] && CMDLINE="`cat /proc/cmdline`"
38	for arg in $CMDLINE; do
39	optarg=`expr "x$arg" : 'x[^=]=\(.\)'`
40	case "$arg" in
41	root=*)
42	ROOT_DEVICE="$optarg"
43	;;
44	rootdelay=*)
45	ROOT_DELAY="$optarg"
46	;;
47	init=*)
48	INIT="$optarg"
49	;;
50	esac
51	done
52	}
53
54	fatal() {
55	echo $1 >$CONSOLE
56	echo >$CONSOLE
57	exec sh
58	}	30	}
59		31
60	early_setup	32	mkdir -p "$ROOTFS_MOUNT"
61
62	read_args
63
64	[ -z "$CONSOLE" ] && CONSOLE="/dev/console"
65	[ -z "$INIT" ] && INIT="/sbin/init"
66
67	udevadm settle --timeout=3
68	killall "${_UDEV_DAEMON##*/}" 2>/dev/null
69
70	mkdir -p "$ROOT_MOUNT"
71		33
72	try_to_mount_rootfs() {	34	try_to_mount_rootfs() {
73	local mount_flags="rw,noatime,iversion"	35	local mount_flags="rw,noatime,iversion"
74		36
75	mount -o "$mount_flags" "$ROOT_DEVICE" "$ROOT_MOUNT" \	37	mount -o "$mount_flags" "$ROOTFS_DEV" "$ROOTFS_MOUNT" \
76	2>/dev/null && return 0	38	2>/dev/null && return 0
77		39
78	[ -x /init.cryptfs ] &&	40	[ -x /init.cryptfs ] &&
79	/init.cryptfs "$ROOT_MOUNT" "$ROOT_DEVICE" \	41	/init.cryptfs "$ROOTFS_MOUNT" "$ROOTFS_DEV" \
80	"$mount_flags" OVERCROOTFS && return 0	42	"$mount_flags" OVERCROOTFS && return 0
81		43
82	return 1	44	return 1
83	}	45	}
84		46
85	echo "Waiting for root device to be ready..."	47	echo "Waiting for root device to be ready ..."
86	while [ 1 ] ; do	48
		49	while [ 1 ]; do
87	try_to_mount_rootfs && break	50	try_to_mount_rootfs && break
88	sleep 0.1	51	sleep 0.1
89	done	52	done
@@ -91,24 +54,18 @@ done
91	# Move the mount points of some filesystems over to	54	# Move the mount points of some filesystems over to
92	# the corresponding directories under the real root filesystem.	55	# the corresponding directories under the real root filesystem.
93	for dir in `cat /proc/mounts \| grep -v rootfs \| awk '{ print $2 }'` ; do	56	for dir in `cat /proc/mounts \| grep -v rootfs \| awk '{ print $2 }'` ; do
94	mkdir -p $ROOT_MOUNT/${dir##*/}	57	mkdir -p "$ROOTFS_MOUNT"/${dir##*/}
95	mount -nv --move "$dir" $ROOT_MOUNT/${dir##*/}	58	mount -nv --move "$dir" "$ROOTFS_MOUNT"/${dir##*/}
96	done	59	done
97		60
98	cd "$ROOT_MOUNT"	61	cd "$ROOTFS_MOUNT"
99
100	# If we pass args to bash, it will assume they are text files
101	# to source and run.
102	if [ "$INIT" == "/bin/bash" ] \|\| [ "$INIT" == "/bin/sh" ]; then
103	CMDLINE=""
104	fi
105		62
106	# !!! The Big Fat Warnings !!!	63	# !!! The Big Fat Warnings !!!
107	#	64	#
108	# The IMA policy may enforce appraising the executable and verifying the	65	# The IMA policy may enforce appraising the executable and verifying the
109	# signature stored in xattr. However, ramfs doesn't support xattr, and all	66	# signature stored in xattr. However, ramfs doesn't support xattr, and all
110	# other initializations must NOT be placed after IMA initialization!	67	# other initializations must NOT be placed after IMA initialization!
111	[ -x /init.ima ] && /init.ima "$ROOT_MOUNT" && {	68	[ -x /init.ima ] && /init.ima "$ROOTFS_MOUNT" && {
112	# switch_root is an exception. We call it in the real rootfs and it	69	# switch_root is an exception. We call it in the real rootfs and it
113	# should be already signed properly.	70	# should be already signed properly.
114	switch_root="usr/sbin/switch_root.static"	71	switch_root="usr/sbin/switch_root.static"
@@ -116,5 +73,8 @@ fi
116	switch_root="switch_root"	73	switch_root="switch_root"
117	}	74	}
118		75
119	exec "$switch_root" "$ROOT_MOUNT" "$INIT" "$CMDLINE" \|\|	76	exec "$switch_root" "$ROOTFS_MOUNT" "$INIT" \|\| {
120	fatal "Couldn't switch_root, dropping to shell"	77	"$ROOTFS_MOUNT/bin/echo.coreutils" "Couldn't switch to the real rootfs"
		78	# Cause kernel panic.
		79	exit 2
		80	}