github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-06-23 14:08:31 +00:00
Code Issues Projects Releases Wiki Activity
topic/initrd-debug-console
kata-containers/tools/packaging/static-build/initramfs/init.sh
Wainer dos Santos Moschetta ba4f806c30 initramfs: re-wrote devices checking on init.sh 
Re-wrote the logic of init.sh to follow the rules:

 * the root device MUST exist always because it will be either mounted
   or verified (then mounted)
 * if rootfs verifier is enabled then the hash device MUST exist. Avoid
   the case where dm-verity is set but the hash device does not exist and
   so the verification is silently skipped

Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
2023-11-28 11:21:53 -03:00

61 lines
1.3 KiB
Bash
Executable File
Raw Permalink Blame History

#!/bin/sh
#
# Copyright (c) 2022 Intel
#
# SPDX-License-Identifier: Apache-2.0
[ -d /dev ] || mkdir -m 0755 /dev
[ -d /root ] || mkdir -m 0700 /root
[ -d /sys ] || mkdir /sys
[ -d /proc ] || mkdir /proc
[ -d /mnt ] || mkdir /mnt
[ -d /tmp ] || mkdir /tmp
mount -t sysfs -o nodev,noexec,nosuid sysfs /sys
mount -t proc -o nodev,noexec,nosuid proc /proc
echo "/sbin/mdev" > /proc/sys/kernel/hotplug
mdev -s
get_option() {
local value
value=" $(cat /proc/cmdline) "
value="${value##* ${1}=}"
value="${value%% *}"
[ "${value}" != "" ] && echo "${value}"
}
rootfs_verifier=$(get_option rootfs_verity.scheme)
rootfs_hash=$(get_option rootfs_verity.hash)
root_device=$(get_option root)
hash_device=${root_device%?}2
# The root device should exist to be either verified then mounted or
# just mounted when verification is disabled.
if [ ! -e "${root_device}" ]
then
echo "No root device ${root_device} found"
exit 1
fi
if [ "${rootfs_verifier}" = "dm-verity" ]
then
echo "Verify the root device with ${rootfs_verifier}"
if [ ! -e "${hash_device}" ]
then
echo "No hash device ${hash_device} found. Cannot verify the root device"
exit 1
fi
veritysetup open "${root_device}" root "${hash_device}" "${rootfs_hash}"
mount /dev/mapper/root /mnt
else
echo "No LUKS device found"
mount "${root_device}" /mnt
fi
umount /proc
umount /sys
exec switch_root /mnt /sbin/init
Reference in New Issue View Git Blame Copy Permalink