dm-verity-image-initramfs: Use initramfs-framework

Switch from this layer's initramfs-dm-verity recipe to poky-provided initramfs-framework suite to manage veritysetup et al. This commit also removes initramfs-dm-verity recipe which is not referred from elsewhere in this meta layer. Also update the install path of dm-verity.env from /usr/share to /usr/share/misc in order to better comply with FHS3.0, see https://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch04s11.html#usrsharemiscMiscellaneousArchitecture Signed-off-by: Niko Mauno <niko.mauno@vaisala.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: niko.mauno@vaisala.com <niko.mauno@vaisala.com> 2020-09-10 16:17:55 +0000
committer: Armin Kuster <akuster808@gmail.com> 2020-09-12 08:55:28 -0700
commit: 45e8b20cd022eb7b20d72c23db9fcc6824f08c7a (patch)
tree: d0584f071751145a6f6be87be7617cc2d7b08a7a
parent: 489f7c900c365e4b3198cff2f2fd7c38623b77e8 (diff)
download: meta-security-45e8b20cd022eb7b20d72c23db9fcc6824f08c7a.tar.gz
3 files changed, 3 insertions, 61 deletions
diff --git a/recipes-core/images/dm-verity-image-initramfs.bb b/recipes-core/images/dm-verity-image-initramfs.bb
index e791c19..6a1058d 100644
--- a/recipes-core/images/dm-verity-image-initramfs.bb
+++ b/recipes-core/images/dm-verity-image-initramfs.bb
@@ -4,7 +4,8 @@ DESCRIPTION = "Simple initramfs image for mounting the rootfs over the verity de
 IMAGE_FEATURES = ""
 PACKAGE_INSTALL = " \
-    initramfs-dm-verity \
+    initramfs-module-dmverity \
+    initramfs-module-udev \
    base-files \
    busybox \
    util-linux-mount \
@@ -24,6 +25,6 @@ IMAGE_FSTYPES = "${INITRAMFS_FSTYPES}"
 inherit core-image
 deploy_verity_hash() {
-    install -D -m 0644 ${STAGING_VERITY_DIR}/${DM_VERITY_IMAGE}.${DM_VERITY_IMAGE_TYPE}.verity.env ${IMAGE_ROOTFS}${datadir}/dm-verity.env
+    install -D -m 0644 ${STAGING_VERITY_DIR}/${DM_VERITY_IMAGE}.${DM_VERITY_IMAGE_TYPE}.verity.env ${IMAGE_ROOTFS}${datadir}/misc/dm-verity.env
 }
 IMAGE_PREPROCESS_COMMAND += "deploy_verity_hash;"
diff --git a/recipes-core/initrdscripts/initramfs-dm-verity.bb b/recipes-core/initrdscripts/initramfs-dm-verity.bb
deleted file mode 100644
index b614956..0000000
--- a/recipes-core/initrdscripts/initramfs-dm-verity.bb
+++ /dev/null
@@ -1,13 +0,0 @@
-SUMMARY = "Simple init script that uses devmapper to mount the rootfs in read-only mode protected by dm-verity"
-LICENSE = "MIT"
-LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
-SRC_URI = "file://init-dm-verity.sh"
-do_install() {
-    install -m 0755 ${WORKDIR}/init-dm-verity.sh ${D}/init
-    install -d ${D}/dev
-    mknod -m 622 ${D}/dev/console c 5 1
-}
-FILES_${PN} = "/init /dev/console"
diff --git a/recipes-core/initrdscripts/initramfs-dm-verity/init-dm-verity.sh b/recipes-core/initrdscripts/initramfs-dm-verity/init-dm-verity.sh
deleted file mode 100644
index 307d2c7..0000000
--- a/recipes-core/initrdscripts/initramfs-dm-verity/init-dm-verity.sh
+++ /dev/null
@@ -1,46 +0,0 @@
-#!/bin/sh
-PATH=/sbin:/bin:/usr/sbin:/usr/bin
-RDEV=""
-ROOT_DIR="/new_root"
-mkdir -p /proc
-mkdir -p /sys
-mkdir -p /run
-mkdir -p /tmp
-mount -t proc proc /proc
-mount -t sysfs sysfs /sys
-mount -t devtmpfs none /dev
-udevd --daemon
-udevadm trigger --type=subsystems --action=add
-udevadm trigger --type=devices --action=add
-udevadm settle --timeout=10
-for PARAM in $(cat /proc/cmdline); do
-        case $PARAM in
-                root=*)
-                        RDEV=${PARAM#root=}
-                        ;;
-        esac
-done
-if ! [ -b $RDEV ]; then
-        echo "Missing root command line argument!"
-        exit 1
-fi
-case $RDEV in
-        UUID=*)
-                RDEV=$(realpath /dev/disk/by-uuid/${RDEV#UUID=})
-                ;;
-esac
-. /usr/share/dm-verity.env
-echo "Mounting $RDEV over dm-verity as the root filesystem"
-veritysetup --data-block-size=1024 --hash-offset=$DATA_SIZE create rootfs $RDEV $RDEV $ROOT_HASH
-mkdir -p $ROOT_DIR
-mount -o ro /dev/mapper/rootfs $ROOT_DIR
-exec switch_root $ROOT_DIR /sbin/init
author	niko.mauno@vaisala.com <niko.mauno@vaisala.com>	2020-09-10 16:17:55 +0000
committer	Armin Kuster <akuster808@gmail.com>	2020-09-12 08:55:28 -0700
commit	45e8b20cd022eb7b20d72c23db9fcc6824f08c7a (patch)
tree	d0584f071751145a6f6be87be7617cc2d7b08a7a
parent	489f7c900c365e4b3198cff2f2fd7c38623b77e8 (diff)
download	meta-security-45e8b20cd022eb7b20d72c23db9fcc6824f08c7a.tar.gz

diff --git a/recipes-core/images/dm-verity-image-initramfs.bb b/recipes-core/images/dm-verity-image-initramfs.bb index e791c19..6a1058d 100644 --- a/recipes-core/images/dm-verity-image-initramfs.bb +++ b/recipes-core/images/dm-verity-image-initramfs.bb
@@ -4,7 +4,8 @@ DESCRIPTION = "Simple initramfs image for mounting the rootfs over the verity de
4	IMAGE_FEATURES = ""	4	IMAGE_FEATURES = ""
5		5
6	PACKAGE_INSTALL = " \	6	PACKAGE_INSTALL = " \
7	initramfs-dm-verity \	7	initramfs-module-dmverity \
		8	initramfs-module-udev \
8	base-files \	9	base-files \
9	busybox \	10	busybox \
10	util-linux-mount \	11	util-linux-mount \
@@ -24,6 +25,6 @@ IMAGE_FSTYPES = "${INITRAMFS_FSTYPES}"
24	inherit core-image	25	inherit core-image
25		26
26	deploy_verity_hash() {	27	deploy_verity_hash() {
27	install -D -m 0644 ${STAGING_VERITY_DIR}/${DM_VERITY_IMAGE}.${DM_VERITY_IMAGE_TYPE}.verity.env ${IMAGE_ROOTFS}${datadir}/dm-verity.env	28	install -D -m 0644 ${STAGING_VERITY_DIR}/${DM_VERITY_IMAGE}.${DM_VERITY_IMAGE_TYPE}.verity.env ${IMAGE_ROOTFS}${datadir}/misc/dm-verity.env
28	}	29	}
29	IMAGE_PREPROCESS_COMMAND += "deploy_verity_hash;"	30	IMAGE_PREPROCESS_COMMAND += "deploy_verity_hash;"


diff --git a/recipes-core/initrdscripts/initramfs-dm-verity.bb b/recipes-core/initrdscripts/initramfs-dm-verity.bb deleted file mode 100644 index b614956..0000000 --- a/recipes-core/initrdscripts/initramfs-dm-verity.bb +++ /dev/null
@@ -1,13 +0,0 @@
1	SUMMARY = "Simple init script that uses devmapper to mount the rootfs in read-only mode protected by dm-verity"
2	LICENSE = "MIT"
3	LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
4
5	SRC_URI = "file://init-dm-verity.sh"
6
7	do_install() {
8	install -m 0755 ${WORKDIR}/init-dm-verity.sh ${D}/init
9	install -d ${D}/dev
10	mknod -m 622 ${D}/dev/console c 5 1
11	}
12
13	FILES_${PN} = "/init /dev/console"


diff --git a/recipes-core/initrdscripts/initramfs-dm-verity/init-dm-verity.sh b/recipes-core/initrdscripts/initramfs-dm-verity/init-dm-verity.sh deleted file mode 100644 index 307d2c7..0000000 --- a/recipes-core/initrdscripts/initramfs-dm-verity/init-dm-verity.sh +++ /dev/null
@@ -1,46 +0,0 @@
1	#!/bin/sh
2
3	PATH=/sbin:/bin:/usr/sbin:/usr/bin
4	RDEV=""
5	ROOT_DIR="/new_root"
6
7	mkdir -p /proc
8	mkdir -p /sys
9	mkdir -p /run
10	mkdir -p /tmp
11	mount -t proc proc /proc
12	mount -t sysfs sysfs /sys
13	mount -t devtmpfs none /dev
14
15	udevd --daemon
16	udevadm trigger --type=subsystems --action=add
17	udevadm trigger --type=devices --action=add
18	udevadm settle --timeout=10
19
20	for PARAM in $(cat /proc/cmdline); do
21	case $PARAM in
22	root=*)
23	RDEV=${PARAM#root=}
24	;;
25	esac
26	done
27
28	if ! [ -b $RDEV ]; then
29	echo "Missing root command line argument!"
30	exit 1
31	fi
32
33	case $RDEV in
34	UUID=*)
35	RDEV=$(realpath /dev/disk/by-uuid/${RDEV#UUID=})
36	;;
37	esac
38
39	. /usr/share/dm-verity.env
40
41	echo "Mounting $RDEV over dm-verity as the root filesystem"
42
43	veritysetup --data-block-size=1024 --hash-offset=$DATA_SIZE create rootfs $RDEV $RDEV $ROOT_HASH
44	mkdir -p $ROOT_DIR
45	mount -o ro /dev/mapper/rootfs $ROOT_DIR
46	exec switch_root $ROOT_DIR /sbin/init