test: initrd in /usr

Signed-off-by: Kai Lueke <[email protected]>

Author: pothos

dracut/03flatcar-network/parse-ip-for-networkd.service

@@ -2,7 +2,7 @@
 Description=Write systemd-networkd units from cmdline
 DefaultDependencies=false
 
-After=afterburn-network-kargs.service
+After=afterburn-network-kargs.service dracut-cmdline.service
 PartOf=systemd-networkd.service
 Before=systemd-networkd.service initrd-switch-root.target
 # Switching the root filesystem terminates all running services with binaries from the initramfs, we need to finish before that happens

dracut/10diskless-generator/diskless-generator

@@ -2,6 +2,9 @@
 # -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
 # ex: ts=8 sw=4 sts=4 et filetype=sh
 
+# NOTE: The /usr.squashfs mounting for /sysusr is done in /minimal-init
+# but the /sysroot mounting is still done here as well as the rootfs RAM setup
+
 set -e
 
 UNIT_DIR="${1:-/tmp}"

dracut/10usr-generator/usr-generator

@@ -10,6 +10,8 @@
 # by systemd-fstab-generator. This module is only needed for old
 # bootloaders that pass usr=.
 
+# NOTE: Now done in /minimal-init but since the "mount.usr" generator also runs,
+# it seems ok to also keep the "usr" generator
 set -e
 
 UNIT_DIR="${1:-/tmp}"

dracut/10verity-generator/verity-generator

@@ -4,6 +4,8 @@
 
 # This script generates a service that manages a dm-verity device for the chosen USR partition
 
+# NOTE: The verity setup is now done in /minimal-init and this logic should be inactive
+
 set -e
 
 UNIT_DIR="${1:-/tmp}"

minimal-init

@@ -0,0 +1,164 @@
+#!/bin/sh
+set -eu
+busybox mount -n -t proc proc /proc
+busybox mount -n -t devtmpfs devtmpfs /dev
+busybox mount -n -t sysfs sysfs /sys
+busybox --install -s
+if [ ! -x "/dev/pts" ]; then mkdir /dev/pts; fi
+if [ ! -x "/dev/shm" ]; then mkdir /dev/shm; fi
+busybox mount -n -t devpts devpts /dev/pts -o gid=5,mode=620,ptmxmode=000
+
+cmdline_arg() {
+  local name="$1"
+  local value="${2-}"
+  for arg in $(cat /proc/cmdline); do
+    if [[ "${arg%%=*}" == "${name}" ]]; then
+      value="${arg#*=}"
+    fi
+  done
+  echo "${value}"
+}
+
+# Custom debug breakpoint
+if [ "$(cmdline_arg rd.earlyshell)" != "" ]; then
+  busybox sh
+fi
+if [ "$(cmdline_arg rd.earlytrace)" != "" ]; then
+  set -x
+fi
+
+mdev -d
+mdev -s
+# Coldplugging but with using /sbin/modprobe (which is kmod) instead of busybox's modprobe
+# because busybox doesn't properly support the globs in modules.alias
+find /sys/ -name modalias -print0 | xargs -0 sort -u | tr '\n' '\0' | xargs -0 /sbin/modprobe -abq || true
+# Required to access disks, but not autoloaded:
+modprobe sd_mod
+
+if [ "$(cmdline_arg rd.earlyshell)" != "" ]; then
+  busybox sh
+fi
+
+find_usr() {
+  local UEVENTLINE="$1"
+  local DRIVE=
+  local WAITINGMSG=
+  while [ "${DRIVE}" = "" ]; do
+    DRIVE="$({ grep -s -l -m 1 -r "${UEVENTLINE}" /sys/class/block/*/uevent || true; } | cut -d / -f 5)"
+    if [ "${DRIVE}" = "" ] && [ "${WAITINGMSG}" = "" ]; then
+      echo "Waiting for drive..." >&2
+      WAITINGMSG=1
+    fi
+  done
+  DRIVE="/dev/${DRIVE}"
+  echo "${DRIVE}"
+}
+
+# Ported code from the generators
+verityusr=$(cmdline_arg verity.usr)
+usrhash=$(cmdline_arg verity.usrhash)
+
+case "${verityusr}" in
+    LABEL=*)
+        verityusr="LABEL=$(echo "$verityusr" | sed 's,/,\\x2f,g')"
+        verityusr=$(find_usr "${verityusr}")
+        ;;
+    UUID=*)
+        verityusr="${verityusr#UUID=}"
+        verityusr="UUID=$(echo "$verityusr" | tr "[:upper:]" "[:lower:]")"
+        verityusr=$(find_usr "${verityusr}")
+        ;;
+    PARTUUID=*)
+        verityusr="${verityusr#PARTUUID=}"
+        verityusr="PARTUUID=$(echo "$verityusr" | tr "[:upper:]" "[:lower:]")"
+        verityusr=$(find_usr "${verityusr}")
+        ;;
+    PARTLABEL=*)
+        verityusr=$(find_usr "${verityusr}")
+        ;;
+esac
+
+# Only proceed if the source is a path and we have sufficient parameters.
+if echo "${verityusr}" | grep -q "^/" && [ "${usrhash}" != "" ]; then
+  # Hardcoded expected value from the image GPT layout
+  veritysetup --panic-on-corruption --hash-offset=1065345024 open "${verityusr}" usr "${verityusr}" "${usrhash}"
+  # If there's a hash mismatch during table initialization,
+  # veritysetup reports it on stderr but still exits 0.
+  # Manually check the target status and fail if invalid.
+  status=$(dmsetup status usr | cut -d " " -f 4)
+  if [ "${status}" != V ]; then
+    echo "Verity setup failed" >&2
+    exit 1
+  fi
+fi
+
+usr=$(cmdline_arg mount.usr $(cmdline_arg usr))
+usrfstype=$(cmdline_arg mount.usrfstype $(cmdline_arg usrfstype auto))
+usrflags=$(cmdline_arg mount.usrflags $(cmdline_arg usrflags ro))
+
+case "${usr}" in
+    LABEL=*)
+        usr="LABEL=$(echo "$usr" | sed 's,/,\\x2f,g')"
+        usr=$(find_usr "${usr}")
+        ;;
+    UUID=*)
+        usr="${usr#UUID=}"
+        usr="UUID=$(echo "$usr" | tr "[:upper:]" "[:lower:]")"
+        usr=$(find_usr "${usr}")
+        ;;
+    PARTUUID=*)
+        usr="${usr#PARTUUID=}"
+        usr="PARTUUID=$(echo "$usr" | tr "[:upper:]" "[:lower:]")"
+        usr=$(find_usr "${usr}")
+        ;;
+    PARTLABEL=*)
+        usr=$(find_usr "${usr}")
+        ;;
+esac
+
+if [ "${usr}" = "" ] && [ -f /usr.squashfs ]; then
+  usr=/usr.squashfs
+  usrfstype=squashfs
+elif [ "${usrfstype}" = btrfs ] || [ "${usrfstype}" = auto ]; then
+  if [ "$(echo ",${usrflags}," | grep -v -F ',ro,')" != "" ]; then
+    true # Don't set "norecovery" when mounting rw
+  else
+    usrflags="${usrflags},rescue=nologreplay"
+  fi
+fi
+# Only proceed if the source is a path.
+if echo "${usr}" | grep -v -q "^/"; then
+  echo "No mountable /usr partition given (usr='${usr}')" >&2
+  exit 1
+fi
+
+echo "Mounting /usr from ${usr}"
+mount -t "${usrfstype}" -o "${usrflags}" "${usr}" /sysusr/usr
+
+# Busybox doesn't load this for us
+modprobe loop
+losetup -r -f /sysusr/usr/lib/flatcar/bootengine.img
+mkdir /underlay /work
+mount -t tmpfs tmpfs /work
+mkdir /work/realinit /work/work
+mount -t squashfs /dev/loop0 /underlay
+mount -t overlay -o rw,lowerdir=/underlay,upperdir=/work/realinit,workdir=/work/work overlay /realinit
+mkdir -p /realinit/sysusr/usr
+mount -o move /sysusr/usr /realinit/sysusr/usr
+if [ "${usr}" = /usr.squashfs ]; then
+  mkdir -p /oem
+  mkdir -p /realinit/oem
+  mount -o bind /oem /realinit/oem
+  touch /realinit/usr.squashfs
+  mount -o bind /usr.squashfs /realinit/usr.squashfs
+fi
+if [ "$(cmdline_arg rd.earlyshell)" != "" ]; then
+  busybox sh
+fi
+killall mdev || true
+umount /proc
+umount /sys
+umount /dev/pts
+# Lazy unmount because /dev/console is held by the current process
+umount -l /dev
+exec switch_root /realinit /init