From 45e8b20cd022eb7b20d72c23db9fcc6824f08c7a Mon Sep 17 00:00:00 2001 From: "niko.mauno@vaisala.com" Date: Thu, 10 Sep 2020 16:17:55 +0000 Subject: dm-verity-image-initramfs: Use initramfs-framework Switch from this layer's initramfs-dm-verity recipe to poky-provided initramfs-framework suite to manage veritysetup et al. This commit also removes initramfs-dm-verity recipe which is not referred from elsewhere in this meta layer. Also update the install path of dm-verity.env from /usr/share to /usr/share/misc in order to better comply with FHS3.0, see https://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch04s11.html#usrsharemiscMiscellaneousArchitecture Signed-off-by: Niko Mauno Signed-off-by: Armin Kuster --- recipes-core/images/dm-verity-image-initramfs.bb | 5 ++- recipes-core/initrdscripts/initramfs-dm-verity.bb | 13 ------ .../initramfs-dm-verity/init-dm-verity.sh | 46 ---------------------- 3 files changed, 3 insertions(+), 61 deletions(-) delete mode 100644 recipes-core/initrdscripts/initramfs-dm-verity.bb delete mode 100644 recipes-core/initrdscripts/initramfs-dm-verity/init-dm-verity.sh diff --git a/recipes-core/images/dm-verity-image-initramfs.bb b/recipes-core/images/dm-verity-image-initramfs.bb index e791c19..6a1058d 100644 --- a/recipes-core/images/dm-verity-image-initramfs.bb +++ b/recipes-core/images/dm-verity-image-initramfs.bb @@ -4,7 +4,8 @@ DESCRIPTION = "Simple initramfs image for mounting the rootfs over the verity de IMAGE_FEATURES = "" PACKAGE_INSTALL = " \ - initramfs-dm-verity \ + initramfs-module-dmverity \ + initramfs-module-udev \ base-files \ busybox \ util-linux-mount \ @@ -24,6 +25,6 @@ IMAGE_FSTYPES = "${INITRAMFS_FSTYPES}" inherit core-image deploy_verity_hash() { - install -D -m 0644 ${STAGING_VERITY_DIR}/${DM_VERITY_IMAGE}.${DM_VERITY_IMAGE_TYPE}.verity.env ${IMAGE_ROOTFS}${datadir}/dm-verity.env + install -D -m 0644 ${STAGING_VERITY_DIR}/${DM_VERITY_IMAGE}.${DM_VERITY_IMAGE_TYPE}.verity.env ${IMAGE_ROOTFS}${datadir}/misc/dm-verity.env } IMAGE_PREPROCESS_COMMAND += "deploy_verity_hash;" diff --git a/recipes-core/initrdscripts/initramfs-dm-verity.bb b/recipes-core/initrdscripts/initramfs-dm-verity.bb deleted file mode 100644 index b614956..0000000 --- a/recipes-core/initrdscripts/initramfs-dm-verity.bb +++ /dev/null @@ -1,13 +0,0 @@ -SUMMARY = "Simple init script that uses devmapper to mount the rootfs in read-only mode protected by dm-verity" -LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" - -SRC_URI = "file://init-dm-verity.sh" - -do_install() { - install -m 0755 ${WORKDIR}/init-dm-verity.sh ${D}/init - install -d ${D}/dev - mknod -m 622 ${D}/dev/console c 5 1 -} - -FILES_${PN} = "/init /dev/console" diff --git a/recipes-core/initrdscripts/initramfs-dm-verity/init-dm-verity.sh b/recipes-core/initrdscripts/initramfs-dm-verity/init-dm-verity.sh deleted file mode 100644 index 307d2c7..0000000 --- a/recipes-core/initrdscripts/initramfs-dm-verity/init-dm-verity.sh +++ /dev/null @@ -1,46 +0,0 @@ -#!/bin/sh - -PATH=/sbin:/bin:/usr/sbin:/usr/bin -RDEV="" -ROOT_DIR="/new_root" - -mkdir -p /proc -mkdir -p /sys -mkdir -p /run -mkdir -p /tmp -mount -t proc proc /proc -mount -t sysfs sysfs /sys -mount -t devtmpfs none /dev - -udevd --daemon -udevadm trigger --type=subsystems --action=add -udevadm trigger --type=devices --action=add -udevadm settle --timeout=10 - -for PARAM in $(cat /proc/cmdline); do - case $PARAM in - root=*) - RDEV=${PARAM#root=} - ;; - esac -done - -if ! [ -b $RDEV ]; then - echo "Missing root command line argument!" - exit 1 -fi - -case $RDEV in - UUID=*) - RDEV=$(realpath /dev/disk/by-uuid/${RDEV#UUID=}) - ;; -esac - -. /usr/share/dm-verity.env - -echo "Mounting $RDEV over dm-verity as the root filesystem" - -veritysetup --data-block-size=1024 --hash-offset=$DATA_SIZE create rootfs $RDEV $RDEV $ROOT_HASH -mkdir -p $ROOT_DIR -mount -o ro /dev/mapper/rootfs $ROOT_DIR -exec switch_root $ROOT_DIR /sbin/init -- cgit v1.2.3-54-g00ecf