Mail archive
alpine-devel

Re: [alpine-devel] [PATCH] Main/linux-grsec - small patch for LUKS initramfs (revised)

From: Timo Teras <timo.teras_at_iki.fi>
Date: Tue, 11 Feb 2014 10:08:12 +0200

On Tue, 11 Feb 2014 02:54:32 +0000
IT Offshore <developer_at_it-offshore.co.uk> wrote:

> ** revised patch putting the update message inside the if statement
> -----------------------------------------------------------------------
> Installing a new kernel does not trigger the regeneration of
> initramfs & vmlinuz with cryptsetup included leading to an unbootable
> system.
>
> If /etc/crypttab contains "luks" initramfs is regenerated. If
> people with LVM partitions also have this problem - the if condition
> could be changed to check for /dev/mapper in /etc/fstab
>
> Maybe update the wiki for a LUKS installation with my notes at:
>
> http://bugs.alpinelinux.org/issues/2684
>
> This is the only issue I've had running LVM on top of LUKS.
> ---
> main/linux-grsec/linux-grsec.post-install | 17 +++++++++++++++++
> 1 file changed, 17 insertions(+)
> create mode 100644 main/linux-grsec/linux-grsec.post-install
>
> diff --git a/main/linux-grsec/linux-grsec.post-install
> b/main/linux-grsec/linux-grsec.post-install new file mode 100644
> index 0000000..98bb01e
> --- /dev/null
> +++ b/main/linux-grsec/linux-grsec.post-install
> _at_@ -0,0 +1,17 @@
> +#!/bin/sh
> +
> +NORMAL="\033[1;0m"
> +STRONG="\033[1;1m"
> +GREEN="\033[1;32m"
> +
> +print_green() {
> + local prompt="${GREEN}${STRONG}$1 ${NORMAL}"
> + printf "${prompt} %s\n"
> +}
> +
> +if grep luks /etc/crypttab 1>/dev/null; then
> + print_green "Rebuilding Initramfs for LUKS / Cryptsetup"
> + apk fix linux-grsec
> +fi
> +
> +exit 0

NACK.

This is the wrong place and wrong way to do it. Calling apk from apk
hook can dead-lock.

Additionally, this means you'd need to add it to _all_ kernel images,
which is not good.

You should instead modify mkinitfs trigger to monitor /boot and make it
regenerate things if /boot is changed and luks is found in crypttab.

- Timo


---
Unsubscribe:  alpine-devel+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-devel+help_at_lists.alpinelinux.org
---
Received on Tue Feb 11 2014 - 10:08:12 UTC