For discussion of Alpine Linux development and developer support

1

[alpine-devel] [PATCH] Main/mkinitfs - small Patch for LUKS / Cryptsetup

IT Offshore
Details
Message ID
<1392158622-21396-1-git-send-email-developer@it-offshore.co.uk>
Sender timestamp
1392158622
DKIM signature
missing
Download raw message
Patch: +15 -0
small patch to run "apk fix linux-grsec" if /etc/crypttab contains "luks"

This will prevent unbootable encrypted systems after kernel upgrades.
---
 main/mkinitfs/mkinitfs.trigger | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/main/mkinitfs/mkinitfs.trigger b/main/mkinitfs/mkinitfs.trigger
index cedf363..644c534 100644
--- a/main/mkinitfs/mkinitfs.trigger
+++ b/main/mkinitfs/mkinitfs.trigger
@@ -1,5 +1,14 @@
 #!/bin/sh
 
+NORMAL="\033[1;0m"
+STRONG="\033[1;1m"
+GREEN="\033[1;32m"
+
+print_green() {
+        local prompt="${GREEN}${STRONG}$1 ${NORMAL}"
+        printf "${prompt} %s\n"
+}
+
 for i in "$@"; do
 	# get last element in path
 	flavor=${i##*/}
@@ -29,5 +38,11 @@ for i in /boot/initramfs-[0-9]*; do
 	fi
 done
 
+# rebuild initramfs for Cryptsetup / LUKS
+if grep luks /etc/crypttab 1>/dev/null; then
+	print_green "Rebuilding Initramfs for LVM / Cryptsetup"
+	apk fix linux-grsec
+fi
+
 sync
 exit 0
-- 
1.8.5.4



---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---
Timo Teras
Details
Message ID
<20140212081021.24b9d693@vostro>
In-Reply-To
<1392158622-21396-1-git-send-email-developer@it-offshore.co.uk> (view parent)
Sender timestamp
1392185421
DKIM signature
missing
Download raw message
On Tue, 11 Feb 2014 22:43:42 +0000
IT Offshore <developer@it-offshore.co.uk> wrote:

> small patch to run "apk fix linux-grsec" if /etc/crypttab contains
> "luks"
> 
> This will prevent unbootable encrypted systems after kernel upgrades.
> ---
>  main/mkinitfs/mkinitfs.trigger | 15 +++++++++++++++
>  1 file changed, 15 insertions(+)
> 
> diff --git a/main/mkinitfs/mkinitfs.trigger
> b/main/mkinitfs/mkinitfs.trigger index cedf363..644c534 100644
> --- a/main/mkinitfs/mkinitfs.trigger
> +++ b/main/mkinitfs/mkinitfs.trigger
> @@ -1,5 +1,14 @@
>  #!/bin/sh
>  
> +NORMAL="\033[1;0m"
> +STRONG="\033[1;1m"
> +GREEN="\033[1;32m"
> +
> +print_green() {
> +        local prompt="${GREEN}${STRONG}$1 ${NORMAL}"
> +        printf "${prompt} %s\n"
> +}
> +
>  for i in "$@"; do
>  	# get last element in path
>  	flavor=${i##*/}
> @@ -29,5 +38,11 @@ for i in /boot/initramfs-[0-9]*; do
>  	fi
>  done
>  
> +# rebuild initramfs for Cryptsetup / LUKS
> +if grep luks /etc/crypttab 1>/dev/null; then
> +	print_green "Rebuilding Initramfs for LVM / Cryptsetup"
> +	apk fix linux-grsec
> +fi

You should still not call 'apk' from apk script.

Could you explain what is the exact situation when mkinitfs.trigger
does not regen the initramfs, but it should. You should add that to the
monitoring list of the trigger script in APKBUILD, and make the
detection for that in the trigger script's first "for" loop where it
regens the initramfs images.


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---