mkinitfs merge requestshttps://gitlab.alpinelinux.org/alpine/mkinitfs/-/merge_requests2024-03-16T13:22:35Zhttps://gitlab.alpinelinux.org/alpine/mkinitfs/-/merge_requests/154features/wireguard: add bootparams docs2024-03-16T13:22:35ZAlex Denesfeatures/wireguard: add bootparams docsAs requested in https://gitlab.alpinelinux.org/alpine/mkinitfs/-/merge_requests/110#note_370269As requested in https://gitlab.alpinelinux.org/alpine/mkinitfs/-/merge_requests/110#note_370269https://gitlab.alpinelinux.org/alpine/mkinitfs/-/merge_requests/153features/lvm: add missing dm targets2024-03-21T08:48:56ZAlex Denesfeatures/lvm: add missing dm targets- dm-writecache is officially supported target by lvm and may be used
- dm-mirror is used in conversion between linear and raid1 with a log- dm-writecache is officially supported target by lvm and may be used
- dm-mirror is used in conversion between linear and raid1 with a loghttps://gitlab.alpinelinux.org/alpine/mkinitfs/-/merge_requests/152doc: fix typos2024-03-14T12:16:57ZSamanta Navarrodoc: fix typos* mkinitfs-bootparam.7: use "a" instead of "an" where appropiate* mkinitfs-bootparam.7: use "a" instead of "an" where appropiatehttps://gitlab.alpinelinux.org/alpine/mkinitfs/-/merge_requests/151nlplugin-findfs: fix format string bug2024-03-14T12:16:06ZSamanta Navarronlplugin-findfs: fix format string bug* use %s format string in err call
Proof of Concept:
`nlplugin-findfs -p '%s'`* use %s format string in err call
Proof of Concept:
`nlplugin-findfs -p '%s'`https://gitlab.alpinelinux.org/alpine/mkinitfs/-/merge_requests/149Added GPU support for LUKS prompts on ARM machines2024-02-20T07:53:18ZDavy LandmanAdded GPU support for LUKS prompts on ARM machinesOn linux arm/vps machines virtio also needs to include GPU in case of LUKS/dmcrypt screen.
I hope this is the best way to contribute this back.On linux arm/vps machines virtio also needs to include GPU in case of LUKS/dmcrypt screen.
I hope this is the best way to contribute this back.https://gitlab.alpinelinux.org/alpine/mkinitfs/-/merge_requests/148initramfs-init: Support specifying nbd export name2024-01-28T11:34:36ZKevin Murphyinitramfs-init: Support specifying nbd export namehttps://gitlab.alpinelinux.org/alpine/mkinitfs/-/merge_requests/147Improved the handling of alpine_repo variable:2024-01-26T23:24:14ZAlejandro LiuImproved the handling of alpine_repo variable:- Supports multiple repositories separated by commas
- If path is relative it will resolved by searching for it
in the mounted file systems.
This allows to control which repository will be used if there
are multiple Alpine images i...- Supports multiple repositories separated by commas
- If path is relative it will resolved by searching for it
in the mounted file systems.
This allows to control which repository will be used if there
are multiple Alpine images in the boot media which in turn
makes it possible to upgrade and _downgrade_ diskless Alpine
systems to different release versions.https://gitlab.alpinelinux.org/alpine/mkinitfs/-/merge_requests/142add support for hibernation to swap file2024-03-22T17:45:14ZBéla Anton Paulusadd support for hibernation to swap fileAdds support for hibernating to/resuming from a swap file on alpine linux. In order to resume from a swap file, the kernel has to know the offset of the file from the beginning of the partition. This offset should be specified as a param...Adds support for hibernating to/resuming from a swap file on alpine linux. In order to resume from a swap file, the kernel has to know the offset of the file from the beginning of the partition. This offset should be specified as a parameter on the kernel command line: resume_offset=\<offset\>. See [kernel documentation](https://www.kernel.org/doc/html/latest/power/swsusp-and-swap-files.html).
I changed the initramfs-init script to parse the resume_offset parameter and pass the offset to the kernel.https://gitlab.alpinelinux.org/alpine/mkinitfs/-/merge_requests/134Unlock encrypted root partition via smart card2023-11-28T15:52:28ZLucid OneUnlock encrypted root partition via smart cardSupport for using OpenPGP Card based smart cards, such as YubiKey and Nitrokey to unlock an encrypted root partition.
Devices such as the Nitrokey Storage 2 can store cryptographic key material in read-only memory, given a `LABEL=PASSKEY...Support for using OpenPGP Card based smart cards, such as YubiKey and Nitrokey to unlock an encrypted root partition.
Devices such as the Nitrokey Storage 2 can store cryptographic key material in read-only memory, given a `LABEL=PASSKEY`.
```
/media/passkey/.config/cryptsetup/keyring.gpg
/media/passkey/.config/cryptsetup/${KOPT_cryptdm}_cryptkey.gpg
```
Requires adding `gpgsc` to `features="..."` in `mkinitfs.conf`
and adding `cryptsc`, and optionally `passkeystore` to the kernel command line.https://gitlab.alpinelinux.org/alpine/mkinitfs/-/merge_requests/115Support for memdisk (syslinux)2023-08-23T05:43:02ZNinos EgoSupport for memdisk (syslinux)https://wiki.syslinux.org/wiki/index.php?title=MEMDISK
After adding `memdisk.modules` & `memdisk.files` to my custom `/etc/mkinitfs/features.d/` folder, mkinitfs adds kernel modules to initramfs, but not `/usr/bin/memdiskfind` file, may...https://wiki.syslinux.org/wiki/index.php?title=MEMDISK
After adding `memdisk.modules` & `memdisk.files` to my custom `/etc/mkinitfs/features.d/` folder, mkinitfs adds kernel modules to initramfs, but not `/usr/bin/memdiskfind` file, may it's just a local bug and will work in "upstream" (I don't think files need 777 permission here? Normally build user already has permissions for accessing memdiskfind... Otherwise this could be the bug, then I'll create a patch for syslinux). Other stuff is working fine on my local env :-)
PS: I'll also create a MR for aports to support memdisk-profile on-the-fly, so others don't need to waste their time searching for correct options :Dhttps://gitlab.alpinelinux.org/alpine/mkinitfs/-/merge_requests/108Add support for crypto keys from external devices2024-03-03T14:53:50ZMiguel AngelAdd support for crypto keys from external devicesI was experimenting with unlocking my laptop with a small SD card. This just extends the `cryptkey` syntax, it is very simplistic and could be improved, but I wanted some feedback before first (maybe it is bad idea or other tools solve t...I was experimenting with unlocking my laptop with a small SD card. This just extends the `cryptkey` syntax, it is very simplistic and could be improved, but I wanted some feedback before first (maybe it is bad idea or other tools solve this problem already).
* `cryptkey=UUID=4da61b20-0b3a-5abz-8107-7egdfd047d57`: looks for `/crypto_keyfile.bin` inside `UUID=4da61b20-0b3a-5abz-8107-7egdfd047d57`.
* `cryptkey=UUID=4da61b20-0b3a-5abz-8107-7egdfd047d57/keys/laptop_cryptokey.bin`: looks for `/keys/laptop_cryptokey.bin` inside `UUID=4da61b20-0b3a-5abz-8107-7egdfd047d57`.
If the given device is encrypted, it will prompt for a passphrase.https://gitlab.alpinelinux.org/alpine/mkinitfs/-/merge_requests/105use a workaround /etc/ssl1.1 for 3.152022-04-27T06:55:20Zsbrudenelluse a workaround /etc/ssl1.1 for 3.15Fixes #24.
We create `/etc/ssl1.1` with symlinks to `/etc/ssl`, as would be found in a default installation of 3.15.
This is a different approach from my proposal of setting `SSL_CERT_FILE`/`SSL_CERT_DIR`. It's easier to convince mysel...Fixes #24.
We create `/etc/ssl1.1` with symlinks to `/etc/ssl`, as would be found in a default installation of 3.15.
This is a different approach from my proposal of setting `SSL_CERT_FILE`/`SSL_CERT_DIR`. It's easier to convince myself that modifying the tmpfs will be appropriately scoped to the problem, and not pollute anything I didn't think about, rather than modifying environment variables.
I tested this by:
* built `mkinitfs-*.apk` from a modified `APKBUILD` to point to my repo
* installed the `*.apk` to an `alpine:3.15` docker container
* ran `mkinitfs -s /path/to/modloop-virt.SIGN.RSA.alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub -k -F "base squashfs network usb virtio" -o "/tmp/initramfs-virt" "5.15.32-0-virt"`, which is as close as I could find to the command used to generate `initramfs-virt` for release
* booted with the following ipxe config, booting from the test artifact hosted on backblaze b2:
```
#!ipxe
ifconf
kernel https://dl-cdn.alpinelinux.org/alpine/v3.15/releases/x86_64/netboot/vmlinuz-virt modules=loop,squashfs nomodeset apkovl=https://f004.backblazeb2.com/file/sbrudenell-netboot/test.apkovl.tar.gz alpine_repo=https://dl-cdn.alpinelinux.org/alpine/v3.15/main modloop=https://dl-cdn.alpinelinux.org/alpine/v3.15/releases/x86_64/netboot/modloop-virt console=tty0 console=ttyS0,115200n8 earlyprintk=serial,ttyS0,115200n8
initrd https://f004.backblazeb2.com/file/sbrudenell-netboot/initramfs-virt
boot
```
It worked as expected. It loaded my `apkovl` from https, and installed packages from the https repo.https://gitlab.alpinelinux.org/alpine/mkinitfs/-/merge_requests/96added support for nfs2021-11-11T22:46:49ZAmanuense-del-diavoloadded support for nfsto use NFS as a remote root append to the kernel root="server_ip":"remote_share"
rootfstype=nfs rootflags="root_mounting_flags_as_needed"
via this method is possible to add support to other protocols like gluster or
ceph just by adding...to use NFS as a remote root append to the kernel root="server_ip":"remote_share"
rootfstype=nfs rootflags="root_mounting_flags_as_needed"
via this method is possible to add support to other protocols like gluster or
ceph just by adding the required modules and files via feature.d, the
compilation of the new initramfs and specifying the correct rootfstypehttps://gitlab.alpinelinux.org/alpine/mkinitfs/-/merge_requests/94removed old ifconfig code and replaced with ip from iputils2021-11-11T22:53:09ZAmanuense-del-diavoloremoved old ifconfig code and replaced with ip from iputilsremoved old ifconfig code and replaced with ip from iputils
since ifconfig is a deprecated utility and is replaced by iputils, by switching to iputils it brings more consistency to the code (part of it was already using it) and it will ...removed old ifconfig code and replaced with ip from iputils
since ifconfig is a deprecated utility and is replaced by iputils, by switching to iputils it brings more consistency to the code (part of it was already using it) and it will ease maintenance due to the fact that ifconfig will become more and more unknown
removed unused local variable "i" in the "unpack_apkvol" functionhttps://gitlab.alpinelinux.org/alpine/mkinitfs/-/merge_requests/93initramfs-init: adding support for multiple repos when using alpine_repo=2021-11-09T15:38:15ZDavid Syzdekinitramfs-init: adding support for multiple repos when using alpine_repo=Adding support for comma separated list of URL and directories in the
alpine_repo= cmdline option. Adding this support allows packages to be
installed from multiple repositories on boot such as main, community, and
vendor specific reposi...Adding support for comma separated list of URL and directories in the
alpine_repo= cmdline option. Adding this support allows packages to be
installed from multiple repositories on boot such as main, community, and
vendor specific repositories. In addition to directories and URL, this patch
allows auto detected repositories to be combined with manually specified
repositories.
Example usage is:
alpine_repo=auto,http://foo.org/alpine/edge/main,http://foo.org/alpine/edge/communityhttps://gitlab.alpinelinux.org/alpine/mkinitfs/-/merge_requests/86Add remote encryption unlock functionality2022-12-23T10:13:37ZDermot BradleyAdd remote encryption unlock functionalityOnce this functionality is in place it will be followed by an aports MR
for the dropbear package to create a new dropbear-unlockdisk subpackage
that will work in conjunction with this functionality.
These changes are designed to close a...Once this functionality is in place it will be followed by an aports MR
for the dropbear package to create a new dropbear-unlockdisk subpackage
that will work in conjunction with this functionality.
These changes are designed to close aports issues
https://gitlab.alpinelinux.org/alpine/aports/-/issues/12147 and
https://gitlab.alpinelinux.org/alpine/aports/-/issues/12676https://gitlab.alpinelinux.org/alpine/mkinitfs/-/merge_requests/79Multiple fixes for ZFS support2021-01-18T22:01:03ZDave AlvarezMultiple fixes for ZFS support- Import pools from `/etc/zfs/zpool.cache` if exist
- Replace `eval` with `while` to support retrying password, previously one failed attempt will drop into emergency shell
- Fix: Enclose `zpool list` command output in double quotes
- Fi...- Import pools from `/etc/zfs/zpool.cache` if exist
- Replace `eval` with `while` to support retrying password, previously one failed attempt will drop into emergency shell
- Fix: Enclose `zpool list` command output in double quotes
- Fix: `_root_pool` has empty value. See #14.
Without the quote, `[]` treats the output as an expression, not as a string, thus breaks the test against string `active`.
@ncopahttps://gitlab.alpinelinux.org/alpine/mkinitfs/-/merge_requests/57Add support for unlocking multi-device root2021-09-17T11:43:29ZGray WolfAdd support for unlocking multi-device rootAdd cryptroo[0-9]= family of options to allow unlocking multi-device
root filesystems, which is needed for btrfs raid1.Add cryptroo[0-9]= family of options to allow unlocking multi-device
root filesystems, which is needed for btrfs raid1.https://gitlab.alpinelinux.org/alpine/mkinitfs/-/merge_requests/54Support multiple cryptroot= devices.2022-02-03T23:48:31ZCarlo LandmeterSupport multiple cryptroot= devices.*Created by: sbrudenell*
I use btrfs on multiple LUKS-encrypted disks. In order to support single password entry, I have a keyfile that is a LUKS-encrypted image that, once decrypted, also decrypts the other volumes.
I made some chan...*Created by: sbrudenell*
I use btrfs on multiple LUKS-encrypted disks. In order to support single password entry, I have a keyfile that is a LUKS-encrypted image that, once decrypted, also decrypts the other volumes.
I made some changes to init to support this. I feel they're in line with the current design and don't interfere with other use cases. Let me know if I should make any changes to support this goal.
1. `cryptkey=...` has special behavior if the key matches `*.img`: We'll treat it as a LUKS-encrypted file (with embedded header), and try to unlock it. We use the unlocked key as a later `cryptkey` argument. **Note**: I couldn't figure out a way to get `nlplug-findfs` to do this with a single invocation, so I invoke cryptsetup directly, so it needs to be included as a feature. However I still need to invoke `nlplug-findfs` to do hotplugging, for e.g. USB keyboards to enter the passphrase, so I do a "no-op" `nlplug-findfs`.
2. `cryptroot=...` supports multiple arguments. If multiple arguments are detected, we unlock each explicitly with `nlplug-findfs`.
3. We now support multiple entries of a single argument, e.g. `cryptroot=UUID=a cryptroot=UUID=b`. This will accumulate the arguments joined by whitespace, such that `KOPT_cryptroot="UUID=a UUID=b"`. This matches the way one passes multiple arg entries to the kernel, so hopefully it makes sense to users.
**Note**: I made change 3 really because the apparent intended use was broken for me. Code comments imply that I should be able to pass `cryptroot="UUID=a UUID=b"`. I did this in my grub.cfg and verified it in the command list at boot time, but once booted, `/proc/cmdline` looked like `... "cryptroot=UUID=a UUID=b" ...`, and init did not parse this as intended. I'm not sure if this is a known bug. I'm using grub-efi-2.02-r14 and linux-vanilla-4.19.41-r0.