Ian wrote: > returns error "/lib/rm: cannot remove '/dev/loop5': Read-only file > system". So, initrd is mounted ro, and should be rw? Sorry, > suggestion? That was a quick hack that didn't work. > I would like root to, in turn, be mounted on /dev/loop5. What, I > 1 setup /dev/loop5 on the /dev/loop5 that is already in > initrd (major=7 and minor=5). > 2 rm /dev/loop5 > 3 mknod /dev/loop5 with fake major and minor, like 4 and 4 > respectively? > Don't understand this bit. Sorry, you've lost me. It was an attempt to "redirect" mount system call that initrd code was about do next. Didn't work. > On one test, with lvm uncommented, the script > returned an ugly "Set environment variable LVM_SYSTEM_DIR to > alternative location or empty string". I'll get to this later. Maybe that lvm binary expects /sys and /proc filesystems to be mounted, and failed because they were not. > I have ROOTTYPE=ext3 in my build-initrd.sh config. I presume this is > ignored because I am using rootsetup? That is not ignored. What the initrd code attempts to do, in short: 1) mount some device as /lib, using configured file system type 2) if configured, run loadkeys from /lib to re-map keyboard 3) if configured, load loop kernel module from /lib/modules-SOMETHING/ 4) run losetup from /lib, using many config parameters 5) mount the loop device at /new-root, using configured file system type 6) unmount /lib 7) call pivot_root system call to switch /new-root -> / and initrd minix root file system -> /initrd 8) run /sbin/init from encrypted root Step 4 is possible to divert to rootsetup program/script that does some unspecified magic to derive the passphrase from someplace and feed it to losetup in non-interactive manner. In your case the rootsetup method is insufficient. Time for plan B. Below is experimental patch for build-initrd.sh that adds these between steps 4 and 5: 4a) mount /proc 4b) mount /sys 4c) run /lib/losetup -a 4d) unmount /sys 4e) unmount /proc And also, the device that gets mounted at step 5 can be configured to be something other than a loop device. This patch is experimental because I didn't make it handle any error cases or attempt to make this new behavior configurable. That "mknod dev/root b 7 5" (line 765) at the end of the patch decides what device gets mounted at step 5. You need to change that. Also, step 4c (at line 564) needs to be changed to run "/lib/lvm vgscan". /lib/rootsetup script and /lib/sh and other programs (/lib/lvm excluded) that you copied to your boot partition can be removed. Set USEROOTSETUP=0 in build-initrd.sh config, this plan B does not need that. This time I tested this patch. I don't have lvm on my test box, so I used "/lib/losetup -a" as the program to run between loop setup (at step 4) and mount (at step 5). -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD --- ../loop-AES-v3.2a/build-initrd.sh 2007-05-14 15:18:12.000000000 +0300 +++ ./build-initrd.sh 2007-08-17 19:58:10.000000000 +0300 @@ -2,7 +2,7 @@ # # build-initrd.sh # -# Written by Jari Ruusu, May 14 2007 +# Written by Jari Ruusu, August 14 2007 # # Copyright 2001-2007 by Jari Ruusu. # Redistribution of this file is permitted under the GNU Public License. @@ -192,6 +192,11 @@ # The dietlibc can be found at http://www.fefe.de/dietlibc/ USEDIETLIBC=1 +# C compiler used to compile /linuxrc program. +# 32bit x86 ubuntu-7.04 gcc-4.1.2 is known to miscompile /linuxrc. Affected +# users should install gcc-3.3 package, and change this to GCC=gcc-3.3 +GCC=gcc + # 1 = load extra module, 0 = don't load # If this is enabled, module must be manually copied to # /boot/modules-KERNELRELEASE/ directory under name like foomatic.o @@ -553,9 +558,17 @@ wrStr("\n"); #endif + mount("none", "/proc", "proc", MS_MGC_VAL, 0); + mount("none", "/sys", "sysfs", MS_MGC_VAL, 0); + buf[0] = 0; + strCat(buf, "/lib/losetup -a"); + exeWait(buf); + umount("/sysfs"); + umount("/proc"); + #if ${USEPIVOT} - if(mount("/dev/loop${DEVFSSLASH1}${ROOTLOOPINDEX}", "/new-root", "${ROOTTYPE}", MS_MGC_VAL | MS_RDONLY, 0)) { - wrStr("Looks like you didn't say the magic word. Mounting /dev/loop${DEVFSSLASH1}${ROOTLOOPINDEX} failed\n"); + if(mount("/dev/root", "/new-root", "${ROOTTYPE}", MS_MGC_VAL | MS_RDONLY, 0)) { + wrStr("Looks like you didn't say the magic word. Mounting /dev/root failed\n"); buf[0] = 0; strCat(buf, "/lib/${LOSETUPPROG} -d /dev/loop${DEVFSSLASH1}${ROOTLOOPINDEX}"); if(exeWait(buf)) goto fail3; @@ -632,9 +645,9 @@ EOF if [ ${USEDIETLIBC} == 1 ] ; then - diet gcc -Wall -O2 -s -static -pipe tmp-c-$$.c -o tmp-c-$$ + diet ${GCC} -Wall -O2 -s -static -pipe tmp-c-$$.c -o tmp-c-$$ else - gcc -Wall -O2 -s -static -nostartfiles -pipe tmp-c-$$.c -o tmp-c-$$ + ${GCC} -Wall -O2 -s -static -nostartfiles -pipe tmp-c-$$.c -o tmp-c-$$ fi rm -f tmp-c-$$.[co] @@ -655,6 +668,8 @@ y=`expr ${y} + 1` fi +y=`expr ${y} + 2` + dd if=/dev/zero of=tmp-i-$$ bs=1024 count=${y} /sbin/mkfs -t minix -i 32 tmp-i-$$ mkdir tmp-d-$$ @@ -675,6 +690,7 @@ if [ ${USEPIVOT} == 1 ] ; then mkdir new-root + mkdir proc sys else mkdir proc fi @@ -744,6 +760,9 @@ mknod dev/ram0 b 1 0 mknod dev/ram1 b 1 1 mknod dev/loop${ROOTLOOPINDEX} b 7 ${ROOTLOOPINDEX} + + # root device node, this device is what gets mounted as root + mknod dev/root b 7 5 fi cd .. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
