Re: LVM2 logical volumes on Loop-AES

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Ian wrote:
> returns error "/lib/rm: cannot remove '/dev/loop5': Read-only file
> system".  So, initrd is mounted ro, and should be rw?  Sorry,
> suggestion?

That was a quick hack that didn't work.

> I would like root to, in turn, be mounted on /dev/loop5.  What, I
> 1       setup /dev/loop5 on the /dev/loop5 that is already in
> initrd (major=7 and minor=5).
> 2       rm /dev/loop5
> 3       mknod /dev/loop5 with fake major and minor, like 4 and 4
> respectively?
> Don't understand this bit.  Sorry, you've lost me.

It was an attempt to "redirect" mount system call that initrd code was about
do next. Didn't work.

> On one test, with lvm uncommented, the script
> returned an ugly "Set environment variable LVM_SYSTEM_DIR to
> alternative location or empty string".  I'll get to this later.

Maybe that lvm binary expects /sys and /proc filesystems to be mounted, and
failed because they were not.

> I have ROOTTYPE=ext3 in my build-initrd.sh config.  I presume this is
> ignored because I am using rootsetup?

That is not ignored.

What the initrd code attempts to do, in short:

1) mount some device as /lib, using configured file system type
2) if configured, run loadkeys from /lib to re-map keyboard
3) if configured, load loop kernel module from /lib/modules-SOMETHING/
4) run losetup from /lib, using many config parameters
5) mount the loop device at /new-root, using configured file system type
6) unmount /lib
7) call pivot_root system call to switch /new-root -> / and initrd minix
   root file system -> /initrd
8) run /sbin/init from encrypted root

Step 4 is possible to divert to rootsetup program/script that does some
unspecified magic to derive the passphrase from someplace and feed it to
losetup in non-interactive manner.

In your case the rootsetup method is insufficient. Time for plan B.

Below is experimental patch for build-initrd.sh that adds these between
steps 4 and 5:

4a) mount /proc
4b) mount /sys
4c) run /lib/losetup -a
4d) unmount /sys
4e) unmount /proc

And also, the device that gets mounted at step 5 can be configured to be
something other than a loop device. This patch is experimental because I
didn't make it handle any error cases or attempt to make this new behavior
configurable.

That "mknod dev/root b 7 5" (line 765) at the end of the patch decides what
device gets mounted at step 5. You need to change that. Also, step 4c (at
line 564) needs to be changed to run "/lib/lvm vgscan". /lib/rootsetup
script and /lib/sh and other programs (/lib/lvm excluded) that you copied to
your boot partition can be removed. Set USEROOTSETUP=0 in build-initrd.sh
config, this plan B does not need that.

This time I tested this patch. I don't have lvm on my test box, so I used
"/lib/losetup -a" as the program to run between loop setup (at step 4) and
mount (at step 5).

-- 
Jari Ruusu  1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9  DB 1D EB E3 24 0E A9 DD


--- ../loop-AES-v3.2a/build-initrd.sh	2007-05-14 15:18:12.000000000 +0300
+++ ./build-initrd.sh	2007-08-17 19:58:10.000000000 +0300
@@ -2,7 +2,7 @@
 #
 #  build-initrd.sh
 #
-#  Written by Jari Ruusu, May 14 2007
+#  Written by Jari Ruusu, August 14 2007
 #
 #  Copyright 2001-2007 by Jari Ruusu.
 #  Redistribution of this file is permitted under the GNU Public License.
@@ -192,6 +192,11 @@
 # The dietlibc can be found at http://www.fefe.de/dietlibc/
 USEDIETLIBC=1
 
+# C compiler used to compile /linuxrc program.
+# 32bit x86 ubuntu-7.04 gcc-4.1.2 is known to miscompile /linuxrc. Affected
+# users should install gcc-3.3 package, and change this to GCC=gcc-3.3
+GCC=gcc
+
 # 1 = load extra module, 0 = don't load
 # If this is enabled, module must be manually copied to
 # /boot/modules-KERNELRELEASE/ directory under name like foomatic.o
@@ -553,9 +558,17 @@
     wrStr("\n");
 #endif
 
+    mount("none", "/proc", "proc", MS_MGC_VAL, 0);
+    mount("none", "/sys", "sysfs", MS_MGC_VAL, 0);
+    buf[0] = 0;
+    strCat(buf, "/lib/losetup -a");
+    exeWait(buf);
+    umount("/sysfs");
+    umount("/proc");
+
 #if ${USEPIVOT}
-    if(mount("/dev/loop${DEVFSSLASH1}${ROOTLOOPINDEX}", "/new-root", "${ROOTTYPE}", MS_MGC_VAL | MS_RDONLY, 0)) {
-        wrStr("Looks like you didn't say the magic word. Mounting /dev/loop${DEVFSSLASH1}${ROOTLOOPINDEX} failed\n");
+    if(mount("/dev/root", "/new-root", "${ROOTTYPE}", MS_MGC_VAL | MS_RDONLY, 0)) {
+        wrStr("Looks like you didn't say the magic word. Mounting /dev/root failed\n");
         buf[0] = 0;
         strCat(buf, "/lib/${LOSETUPPROG} -d /dev/loop${DEVFSSLASH1}${ROOTLOOPINDEX}");
         if(exeWait(buf)) goto fail3;
@@ -632,9 +645,9 @@
 EOF
 
 if [ ${USEDIETLIBC} == 1 ] ; then
-    diet gcc -Wall -O2 -s -static -pipe tmp-c-$$.c -o tmp-c-$$
+    diet ${GCC} -Wall -O2 -s -static -pipe tmp-c-$$.c -o tmp-c-$$
 else
-    gcc -Wall -O2 -s -static -nostartfiles -pipe tmp-c-$$.c -o tmp-c-$$
+    ${GCC} -Wall -O2 -s -static -nostartfiles -pipe tmp-c-$$.c -o tmp-c-$$
 fi
 rm -f tmp-c-$$.[co]
 
@@ -655,6 +668,8 @@
     y=`expr ${y} + 1`
 fi
 
+y=`expr ${y} + 2`
+
 dd if=/dev/zero of=tmp-i-$$ bs=1024 count=${y}
 /sbin/mkfs -t minix -i 32 tmp-i-$$
 mkdir tmp-d-$$
@@ -675,6 +690,7 @@
 
 if [ ${USEPIVOT} == 1 ] ; then
     mkdir new-root
+    mkdir proc sys
 else
     mkdir proc
 fi
@@ -744,6 +760,9 @@
     mknod dev/ram0 b 1 0
     mknod dev/ram1 b 1 1
     mknod dev/loop${ROOTLOOPINDEX} b 7 ${ROOTLOOPINDEX}
+
+    # root device node, this device is what gets mounted as root
+    mknod dev/root b 7 5
 fi
 
 cd ..

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/


[Index of Archives]     [Kernel]     [Linux Crypto]     [Gnu Crypto]     [Gnu Classpath]     [Netfilter]     [Bugtraq]
  Powered by Linux