View previous topic :: View next topic |
Author |
Message |
ShadowHawk92 n00b
Joined: 04 Mar 2013 Posts: 14 Location: Texas, USA
|
Posted: Wed Mar 06, 2013 7:22 pm Post subject: [Solved]Initramfs /bin/sh: cryptsetup: Not Found |
|
|
Hey,
I installed Gentoo on my desktop computer with DM-Crypt LUKS and LVM following the wiki. I modified the init script to use
Code: | ls /
ls /bin/gpg
ls /sbin/cryptsetup
read -p "Press [Enter] to continue..."
gpg -qd /path/to/keyfile | cryptsetup luksOpen /path/to/drive root || die
vgscan
lvchange -a y vg0
etc... |
I emerged cryptsetup statically, and gpg (not statically) so the mkinitramfs.bash script could pull in cryptsetup. The I copied /usr/bin/gpg into the generated folder (initramfs-<kernel-version>) myself because I didn't know what else to do.
Then I re-ran the mkinitramfs.bash to add gpg.
On boot, the ls's show the files being there, but I get:
Code: | bin/sh: gpg: Not Found
bin/sh: cryptsetup: Not Found |
and I get dropped into rescue shell. I can see the files here, but trying to run the same gpg command I get the same error message.
I did not emerge busybox, I am using the one that came with the stage3 tarball.
I can still boot the computer from the livecd, decrypt the harddrive and chroot into it to modify things.
How can I get the init script to work properly?
The mkinitramfs.bash script from the wiki:
Code: |
#!/bin/bash
kv=${1:-$(uname -r)}
[[ -n "$(uname -m | grep 64)" ]] && arc=64 || arc=32
pushd
mkdir -p initramfs-$kv && pushd initramfs-$kv
mkdir -p {,s}bin lib$arc dev proc sys newroot mnt
[[ "$arc" = "64" ]] && mkdir lib32
ln -s lib$arc lib
mknod -m 600 dev/console c 5 1
mknod -m 666 dev/urandom c 1 9
mknod -m 666 dev/random c 1 8
mknod -m 640 dev/mem c 1 1
mknod -m 666 dev/null c 1 3
mknod -m 666 dev/tty c 5 0
mknod -m 666 dev/zero c 1 5
mknod -m 640 dev/tty1 c 4 1
[[ $(echo "$kv" | cut -d'.' -f1 ) -eq 3 ]] &&
[[ $(echo "$kv" | cut -d'.' -f2) -ge 1 ]] &&
mknod -m 600 dev/loop-control c 10 237
cp $(which bb) bin/busybox || exit 1
cp ../init . && chmod 755 init || exit 1
for app in $(bin/busybox --list-full); do
ln -sf /bin/busybox $app
done
# this is handy for password
keymap="${2:-$(grep -E '^keymap' /etc/conf.d/keymaps|cut -d'"' -f2)}"
loadkeys -b -u $keymap > usr/share/keymaps/${keymap}-$(uname -m).bin
cp $(which cryptsetup) sbin/
cp $(which lvm.static) sbin/lvm
mount /boot &>/dev/null
find . -print0 | cpio --null -ov --format=newc | xz -9 --check=crc32 > /boot/initramfs-$kv.cpio.xz
popd
unset -v arc kv keymap
|
The original init script from the wiki:
Code: |
#!/bin/sh
init=/sbin/init # real init to execute after switching to real root
rmap=root # root mapping for dmcrypt
sh=/bin/sh
rescueshell() {
export PS1='rsh:$(tty | cut -c6-):$PWD # '
if which setsid &>/dev/null; then setsid $sh -i 0<$console 1>$console 2>&1
else $sh -i 0<$console 1>$console 2>&1; fi
}
die() {
echo -ne "Dropping into a rescueshell..."
echo -ne "$@"
rescueshell || exec $sh -i
}
kmap() {
local _font=$(echo "$kmap" | cut -d':' -f2)
local _kmap=$(echo "$kmap" | cut -d':' -f1)
if [ -n "$_kmap" ]; then
for _dir in /usr/share/keymaps /etc /; do
if [ -f "$_dir/$_kmap" ]; then
loadkmap < "$_dir/$_kmap" && break
fi
done
fi
if [ -n "$_font" ]; then
for _dir in /usr/share/consolefonts /etc /; do
if [ -f "$_dir/$_font" ]; then
loadfont < "$_dir/$_font" && break
fi
done
fi
}
export PATH=/bin:/sbin
umask 0077
mount -t proc proc /proc
mount -t sysfs sysfs /sys
if grep devtmpfs /proc/filesystems &>/dev/null; then
mount -t devtmpfs devtmpfs /dev
else mount -t tmpfs tmpfs /dev; fi
mdev -s
echo /sbin/mdev > /proc/sys/kernel/hotplug
[ -h /dev/fd ] || ln -fs /proc/self/fd /dev/fd
[ -n /dev/stderr ] || ln -fs /proc/self/fd/2 /dev/stderr
[ -n /dev/stdin ] || ln -fs /proc/self/fd/0 /dev/stdin
[ -n /dev/stdout ] || ln -fs /proc/self/fd/1 /dev/stdout
: ${console:=/dev/tty1}
exec 0<$console 1>$console 2>&1
for arg in $(cat /proc/cmdline); do
case $arg in
rescue*) rescue=1;;
single) level=2;;
*init=*) export init=${arg#*=};;
*root*|kmap*) export $arg;;
esac
done
[ -n "$kmap" ] && kmap
# do your stuff here e.g. opening LUKS device, scanning for LVM etc. (this section
# needs to be tweaked to match your setup (LUKS devices, LVM volume groups etc.)
#
# cryptsetup luksOpen /dev/sda vault
# lvm vgscan
# lvm vgchange -ay vg
# mount /dev/mapper/vg-root /newroot
#
# You should also take care of /dev, /proc and /sys filesystems - mount them into
# the new root (/newroot).
#
# mount -t devtmpfs none /newroot/dev
# mount -t proc none /newroot/proc
# mount -t sysfs none /newroot/sys
exec switch_root /newroot ${init:-/sbin/init} $level
|
Last edited by ShadowHawk92 on Wed Mar 06, 2013 11:02 pm; edited 1 time in total |
|
Back to top |
|
|
NeddySeagoon Administrator
Joined: 05 Jul 2003 Posts: 54234 Location: 56N 3W
|
Posted: Wed Mar 06, 2013 7:48 pm Post subject: |
|
|
ShadowHawk92,
gnupg says Code: | app-crypt/gnupg-2.0.19-r1 USE="bzip2 nls readline usb -adns -doc -ldap -mta (-selinux) -smartcard -static" 0 kB |
If you do not build it with USE=static, ldd says it needs the following libraries.
Code: | ~ $ ldd /usr/bin/gpg
linux-vdso.so.1 (0x00007fff0edff000)
libz.so.1 => /lib64/libz.so.1 (0x00007f9447628000)
libbz2.so.1 => /lib64/libbz2.so.1 (0x00007f9447418000)
libresolv.so.2 => /lib64/libresolv.so.2 (0x00007f9447201000)
libreadline.so.6 => /lib64/libreadline.so.6 (0x00007f9446fbb000)
libgcrypt.so.11 => /usr/lib64/libgcrypt.so.11 (0x00007f9446d3a000)
libgpg-error.so.0 => /usr/lib64/libgpg-error.so.0 (0x00007f9446b36000)
libassuan.so.0 => /usr/lib64/libassuan.so.0 (0x00007f9446925000)
libc.so.6 => /lib64/libc.so.6 (0x00007f944657c000)
libncurses.so.5 => /lib64/libncurses.so.5 (0x00007f9446329000)
/lib64/ld-linux-x86-64.so.2 (0x00007f944783e000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007f9446125000) |
You need to provide those libraries in your initrd and the means to load them and any further libraries they in turn need too.
Far easier to build gnupg with the static USE flag. _________________ Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
Back to top |
|
|
ShadowHawk92 n00b
Joined: 04 Mar 2013 Posts: 14 Location: Texas, USA
|
Posted: Wed Mar 06, 2013 8:02 pm Post subject: |
|
|
I'm emerging gnupg with USE="static" now.
Upon further inspection, I emerged lvm statically, not cryptsetup (oops), so I'm going to re-emerge both of them with USE="static".
I'll post results when it's finished. |
|
Back to top |
|
|
NeddySeagoon Administrator
Joined: 05 Jul 2003 Posts: 54234 Location: 56N 3W
|
Posted: Wed Mar 06, 2013 9:05 pm Post subject: |
|
|
ShadowHawk92,
You should put the static USE in your /etc/portage/package.use
a) so you don't forget about it
b) because you don't want USE=static in make.conf _________________ Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
Back to top |
|
|
ShadowHawk92 n00b
Joined: 04 Mar 2013 Posts: 14 Location: Texas, USA
|
Posted: Wed Mar 06, 2013 11:02 pm Post subject: |
|
|
To be honest I haven't really messed with package.use yet. Actually, I ran the command:
Code: | USE="static" emerge -av gnupg cryptsetup |
I've spent the last little while configuring the initramfs. I keep running into problems with things I've forgotten/didn't know to do.
The error it just threw me is that it needs pinentry. I assume this means I need to statically emerge pinentry and add it, which is what I'm doing now. (If not stop me quick!)
I'll go ahead and mark the thread solved since both gpg and cryptsetup seem to be working now.
Thanks. |
|
Back to top |
|
|
NeddySeagoon Administrator
Joined: 05 Jul 2003 Posts: 54234 Location: 56N 3W
|
Posted: Thu Mar 07, 2013 10:07 pm Post subject: |
|
|
ShadowHawk92,
Does pinentry take the USE=static flag? _________________ Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
Back to top |
|
|
ShadowHawk92 n00b
Joined: 04 Mar 2013 Posts: 14 Location: Texas, USA
|
Posted: Thu Mar 07, 2013 11:54 pm Post subject: |
|
|
Yes, it does. It compiled fine too.
However now when the computer boots pinentry segfaults, and I don't know why.
I may look into seeing if I can get genkernel to build me a working initramfs if I can't figure out this segfault problem. Admittedly I haven't touched that computer since yesterday though, probably look at it tomorrow. |
|
Back to top |
|
|
cach0rr0 Bodhisattva
Joined: 13 Nov 2008 Posts: 4123 Location: Houston, Republic of Texas
|
Posted: Fri Mar 08, 2013 7:49 pm Post subject: |
|
|
make sure the 'ncurses' USE flag is set for pinentry
and i may actually forcibly '-gtk' to make it ncurses only
it could be that pinentry is trying to spawn a gtk popup, and failing miserably- this is why methinks, force ncurses only
as a general rule, if it's going in the initramfs, it should be static. There are exceptions to this, you probably are not one of them
if it's helpful, I made this package.use specifically for things that need to be built statically
Code: |
vunnable ~ # cat /etc/portage/package.use/staticstuff
sys-apps/busybox static mdev
sys-fs/cryptsetup static static-libs
dev-libs/libgcrypt static-libs
sys-apps/util-linux static-libs static
sys-libs/e2fsprogs-libs static-libs static
dev-libs/popt static-libs
dev-libs/libgpg-error static-libs
sys-fs/lvm2 static-libs
|
before you go the nuclear route of going with genkernel or dracut, have a peek here _________________ Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash |
|
Back to top |
|
|
ShadowHawk92 n00b
Joined: 04 Mar 2013 Posts: 14 Location: Texas, USA
|
Posted: Mon Mar 11, 2013 4:58 pm Post subject: |
|
|
Thanks for all the help. I ended up having to go emerge gnupg 1.4 statically. Also before running the gpg command I had to run:
Code: | cp -a /dev/console /dev/tty |
It's working now though, thanks! |
|
Back to top |
|
|
|