For discussion of Alpine Linux development and developer support

1

[alpine-devel] [PATCH] Main/linux-grsec - small patch for LUKS initramfs (revised)

IT Offshore
Details
Message ID
<1392087272-21022-1-git-send-email-developer@it-offshore.co.uk>
Sender timestamp
1392087272
DKIM signature
missing
Download raw message
Patch: +17 -0
** revised patch putting the update message inside the if statement
-----------------------------------------------------------------------
Installing a new kernel does not trigger the regeneration of initramfs &
vmlinuz with cryptsetup included leading to an unbootable system.

If /etc/crypttab contains "luks" initramfs is regenerated. If
people with LVM partitions also have this problem - the if condition
could be changed to check for /dev/mapper in /etc/fstab

Maybe update the wiki for a LUKS installation with my notes at:

http://bugs.alpinelinux.org/issues/2684

This is the only issue I've had running LVM on top of LUKS.
---
 main/linux-grsec/linux-grsec.post-install | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 main/linux-grsec/linux-grsec.post-install

diff --git a/main/linux-grsec/linux-grsec.post-install b/main/linux-grsec/linux-grsec.post-install
new file mode 100644
index 0000000..98bb01e
--- /dev/null
+++ b/main/linux-grsec/linux-grsec.post-install
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+NORMAL="\033[1;0m"
+STRONG="\033[1;1m"
+GREEN="\033[1;32m"
+
+print_green() {
+        local prompt="${GREEN}${STRONG}$1 ${NORMAL}"
+        printf "${prompt} %s\n"
+}
+
+if grep luks /etc/crypttab 1>/dev/null; then
+	print_green "Rebuilding Initramfs for LUKS / Cryptsetup"
+	apk fix linux-grsec
+fi
+
+exit 0
-- 
1.8.5.4



---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---
Timo Teras
Details
Message ID
<20140211100812.02dcc2ac@vostro>
In-Reply-To
<1392087272-21022-1-git-send-email-developer@it-offshore.co.uk> (view parent)
Sender timestamp
1392106092
DKIM signature
missing
Download raw message
On Tue, 11 Feb 2014 02:54:32 +0000
IT Offshore <developer@it-offshore.co.uk> wrote:

> ** revised patch putting the update message inside the if statement
> -----------------------------------------------------------------------
> Installing a new kernel does not trigger the regeneration of
> initramfs & vmlinuz with cryptsetup included leading to an unbootable
> system.
> 
> If /etc/crypttab contains "luks" initramfs is regenerated. If
> people with LVM partitions also have this problem - the if condition
> could be changed to check for /dev/mapper in /etc/fstab
> 
> Maybe update the wiki for a LUKS installation with my notes at:
> 
> http://bugs.alpinelinux.org/issues/2684
> 
> This is the only issue I've had running LVM on top of LUKS.
> ---
>  main/linux-grsec/linux-grsec.post-install | 17 +++++++++++++++++
>  1 file changed, 17 insertions(+)
>  create mode 100644 main/linux-grsec/linux-grsec.post-install
> 
> diff --git a/main/linux-grsec/linux-grsec.post-install
> b/main/linux-grsec/linux-grsec.post-install new file mode 100644
> index 0000000..98bb01e
> --- /dev/null
> +++ b/main/linux-grsec/linux-grsec.post-install
> @@ -0,0 +1,17 @@
> +#!/bin/sh
> +
> +NORMAL="\033[1;0m"
> +STRONG="\033[1;1m"
> +GREEN="\033[1;32m"
> +
> +print_green() {
> +        local prompt="${GREEN}${STRONG}$1 ${NORMAL}"
> +        printf "${prompt} %s\n"
> +}
> +
> +if grep luks /etc/crypttab 1>/dev/null; then
> +	print_green "Rebuilding Initramfs for LUKS / Cryptsetup"
> +	apk fix linux-grsec
> +fi
> +
> +exit 0

NACK.

This is the wrong place and wrong way to do it. Calling apk from apk
hook can dead-lock.

Additionally, this means you'd need to add it to _all_ kernel images,
which is not good.

You should instead modify mkinitfs trigger to monitor /boot and make it
regenerate things if /boot is changed and luks is found in crypttab.

- Timo


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---