| View previous topic :: View next topic |
| Author |
Message |
Duncan Mac Leod
Guru
Joined: 02 May 2004
Posts: 312
Location: Germany
|
 Posted: Mon Jan 01, 2024 3:41 pm Post subject: |
 |
|
| NeddySeagoon wrote: | | To be blunt and brutal, genkernel is unmaintained because no developers care enough about it to spend their free time on it. |
I am using genkernel since I started using Gentoo. Is Gentoo really so short in dev-resources that such a package is unmaintained? |
|
| Back to top |
|
 |
Hu
Moderator
Joined: 06 Mar 2007
Posts: 21635
|
| Posted: Mon Jan 01, 2024 3:54 pm Post subject: |
|
|
As stated up thread, developers volunteer their time where they please. It doesn't matter how many developers Gentoo has if none of them want to work on genkernel. We already have comments from two developers (Sam in the bug, and Ionen in thread here) that I interpret as being that they have the access and the expertise to work on it, but they dislike working on it enough that they refuse to volunteer their time to do so. The lack of a fix for the issue suggests to me that yes, Gentoo has no developers who (1) have the commit rights to work on this, (2) have the expertise to trust themselves to work on it, and (3) have the inclination to volunteer their time to work on it. Also based on comments in the bug, at least Sam and Robbat are aware of the state of genkernel and are trying to get someone to step up to deal with it. From this, we might infer that Robbat also does not satisfy all of 1, 2, and 3 above, and therefore has chosen to try to find a maintainer for it rather than volunteer to be that maintainer. However, without any visible comments from Robbat here or in the bug, that is only speculation, and could be wrong.
Fortunately, this thread has discussed alternatives for people who can no longer use genkernel. |
|
| Back to top |
|
|
mark4
n00b
Joined: 26 Feb 2011
Posts: 46
|
| Posted: Mon Jan 01, 2024 6:15 pm Post subject: |
|
|
when I build my kernel with genkernel I use the following command
genkernel all --menuconfig --no-module-rebuild --luks --lvm --microcode-initramfs --microcode=intel
my GRUB_CMDLINE_LINUX is...
GRUB_CMDLINE_LINUX="dolvm crypt_root=UUID=xxxxxxx root=/dev/mapper/YYYYY root_trim=yes"
I have never had a problem building a kernel by hand, i always do --menuconfig on builds of kernels but I have NO IDEA how to make the initramfs that supports crypto luks and i will never disable that on any of my machines.
I have read the grub wiki, i have read the dracut wiki, i see nothing in there that helps me. what exactly is the procedure to build a kernel that will boot on an encrypted / partition using dracut to create the initramfs? |
|
| Back to top |
|
|
freke
l33t
Joined: 23 Jan 2003
Posts: 977
Location: Somewhere in Denmark
|
| Posted: Mon Jan 01, 2024 6:43 pm Post subject: |
|
|
| logrusx wrote: | | freke wrote: |
I decided to try to switch to sys-kernel/gentoo-kernel using my own .config with USE=savedconfig - but doesn't work because I have modules disabled in my config... |
I guess you can still invoke dracut manually after manual kernel compilation. I also guess, since you have modules disabled, you only need microcode in your initramfs, which I think dracut can handle.
Best Regards,
Georgi |
| pietinger wrote: | If someone already has a monolithic kernel, the microcode should not be a problem, because it can also be integrated into the kernel (simply include it in CONFIG_EXTRA_FIRMWARE=).
The only reason to use an initramfs then is: if you need to boot from an encrypted root partition or if you are using a RAID.
My recommendation would be: If you have already configured the kernel so well yourself, do the initramfs yourself too.
Yes, it's not that easy at first - but once you have your own initramfs, you can use it again and again.
@sunox went this way here: https://forums.gentoo.org/viewtopic-t-1166522-highlight-.html |
I'm not using initramfs - nor microcode in kernel for that matter, these are 4 VMs - I'd just rather use sys-kernel/gentoo-kernel to manage the kernel, instead of an extra script I need to run to manage my kernel  |
|
| Back to top |
|
|
Hu
Moderator
Joined: 06 Mar 2007
Posts: 21635
|
| Posted: Mon Jan 01, 2024 6:51 pm Post subject: |
|
|
| mark4 wrote: | | I have NO IDEA how to make the initramfs that supports crypto luks and i will never disable that on any of my machines. |
I do not see where anyone asked you to disable that. | mark4 wrote: | | I have read the grub wiki, i have read the dracut wiki, i see nothing in there that helps me. what exactly is the procedure to build a kernel that will boot on an encrypted / partition using dracut to create the initramfs? |
I have never used Dracut, but an Internet search for dracut luks root returns as its first hit https://wiki.gentoo.org/wiki/Dracut. I see in that page a section titled LVM on LUKS. Is that not what you wanted? |
|
| Back to top |
|
|
sunox
Tux's lil' helper
Joined: 26 Jan 2022
Posts: 136
|
| Posted: Mon Jan 01, 2024 6:51 pm Post subject: |
|
|
Slightly off-topic, but I have the exact same requirements for initramfs as you and just went through the process of writing my own, and thought I would share so you can see what is involved. The whole process ended up being a lot easier than I would have assumed writing your own initramfs would be, however there is a bit of trial and error involved and it helps if you find this stuff 'fun' and/or interesting. Before starting this I tried dracut once, got a kernel panic and decided I would rather spend my efforts learning the ground-up approach.
This is the init script I use to unlock my luks-encrypted root partition. There is very little to it.
| Code: |
#!/bin/busybox sh
# mount here
mount -t proc none /proc
mount -t sysfs none /sys
mount -t devtmpfs none /dev
rescue_shell() {
busybox --install -s
exec /bin/sh
}
# Password
cryptsetup luksOpen --allow-discards /dev/nvme0n1p5 root || {
echo "Failed to open the encrypted device"
rescue_shell
}
# activate LVM stuff
lvm vgchange -ay -v || rescue_shell
lvm vgscan --mknodes -v || rescue_shell
# mount root
mount -o ro /dev/mapper/gentoo-root /mnt || {
echo "Root mount failed"
rescue_shell
}
# unmount here
umount /proc
umount /sys
umount /dev
#switch root
echo "Switching to the root filesystem"
exec switch_root /mnt /sbin/init || rescue_shell
|
Note that "--allow-discards" enables trim on the luks-encrypted device, which is another feature you seem to need.
The other thing you have to do is make sure that dmsetup, cryptsetup, busybox, and lvm executables (and attached libraries) are included in the initramfs. IIRC there are two ways of doing it: 1. creating an initramfs source directory which has all the dirs initramfs needs (/etc, /bin, etc.) and copying all the files and nodes you need over; 2. using a script that does the same things automatically. I did 2 and provide it below.
You can create one initramfs which is used forever (as NeddySeagoon does) or you can supply the kernel config with the script or source dir and it will build it when you build your kernel. I'm a bit ocd about running "up-to-date" executables so I went with the latter.
Here is the scrip that is used to build the initramfs automatically:
| Code: |
# dirs
dir /bin 755 0 0
dir /dev 755 0 0
dir /etc 755 0 0
dir /lib 755 0 0
dir /lib64 755 0 0
dir /mnt 755 0 0
dir /proc 755 0 0
dir /root 700 0 0
dir /run 755 0 0
dir /sbin 755 0 0
dir /sys 755 0 0
dir /tmp 755 0 0
dir /usr 755 0 0
dir /usr/lib 755 0 0
dir /usr/lib64 755 0 0
dir /usr/sbin 755 0 0
dir /var 755 0 0
# console node
nod /dev/console 600 0 0 c 5 1
nod /dev/tty 666 0 0 c 5 1
# busybox
file /bin/busybox /bin/busybox 755 0 0
# dmsetup
file /sbin/dmsetup /sbin/dmsetup 755 0 0
file /lib64/libdevmapper.so.1.02 /lib64/libdevmapper.so.1.02 755 0 0
file /lib64/libudev.so.1 /lib64/libudev.so.1 755 0 0
file /lib64/libcap.so.2 /lib64/libcap.so.2 755 0 0
file /lib64/libm.so.6 /lib64/libm.so.6 755 0 0
file /lib64/libc.so.6 /lib64/libc.so.6 755 0 0
file /lib64/ld-linux-x86-64.so.2 /lib64/ld-linux-x86-64.so.2 755 0 0
# LUKS cryptsetup
file /sbin/cryptsetup /sbin/cryptsetup 755 0 0
file /usr/lib64/libcryptsetup.so.12 /usr/lib64/libcryptsetup.so.12 755 0 0
file /usr/lib64/libssl.so.3 /usr/lib64/libssl.so.3 755 0 0
file /usr/lib64/libcrypto.so.3 /usr/lib64/libcrypto.so.3 755 0 0
file /usr/lib64/libargon2.so.1 /usr/lib64/libargon2.so.1 755 0 0
file /usr/lib64/libjson-c.so.5 /usr/lib64/libjson-c.so.5 755 0 0
file /usr/lib64/libpopt.so.0 /usr/lib64/libpopt.so.0 755 0 0
file /lib64/libuuid.so.1 /lib64/libuuid.so.1 755 0 0
file /lib64/libblkid.so.1 /lib64/libblkid.so.1 755 0 0
# lvm
file /sbin/lvm /sbin/lvm 755 0 0
file /lib64/libdevmapper-event.so.1.02 /lib64/libdevmapper-event.so.1.02 755 0 0
file /lib64/libreadline.so.8 /lib64/libreadline.so.8 755 0 0
file /lib64/libtinfow.so.6 /lib64/libtinfow.so.6 755 0 0
file /lib64/libaio.so.1 /lib64/libaio.so.1 755 0 0
# random gcc file
file /lib64/libgcc_s.so.1 /usr/lib/gcc/x86_64-pc-linux-gnu/13/libgcc_s.so.1 755 0 0
# init
file /init /usr/src/initramfs/init 755 0 0
|
Busybox is compiled with the 'static' use flag so including it is easy; the rest are just regular packages that were already on my system.
Kernel command options you can provide in the kernel config. |
|
| Back to top |
|
|
mark4
n00b
Joined: 26 Feb 2011
Posts: 46
|
| Posted: Mon Jan 01, 2024 7:20 pm Post subject: |
|
|
| Hu wrote: | | mark4 wrote: | | I have NO IDEA how to make the initramfs that supports crypto luks and i will never disable that on any of my machines. |
I do not see where anyone asked you to disable that. | mark4 wrote: | | I have read the grub wiki, i have read the dracut wiki, i see nothing in there that helps me. what exactly is the procedure to build a kernel that will boot on an encrypted / partition using dracut to create the initramfs? |
I have never used Dracut, but an Internet search for dracut luks root returns as its first hit https://wiki.gentoo.org/wiki/Dracut. I see in that page a section titled LVM on LUKS. Is that not what you wanted? |
Yes and no and it didnt help. I am using Luks, i am not using LVM. This tells me to add things to the kernel command line but does not specify WHERE to add them. to the configs specified for grub? to the configs specified for dracut? directly into the kernel configs using menuconfig? |
|
| Back to top |
|
|
mark4
n00b
Joined: 26 Feb 2011
Posts: 46
|
| Posted: Mon Jan 01, 2024 7:21 pm Post subject: |
|
|
This entire post is orders of magnitude above my pay grade, I doubt I would ever be able to get something like this up and running in under a month. I have skills... this is not one of them :)
ty :)
| sunox wrote: | Slightly off-topic, but I have the exact same requirements for initramfs as you and just went through the process of writing my own, and thought I would share so you can see what is involved. The whole process ended up being a lot easier than I would have assumed writing your own initramfs would be, however there is a bit of trial and error involved and it helps if you find this stuff 'fun' and/or interesting. Before starting this I tried dracut once, got a kernel panic and decided I would rather spend my efforts learning the ground-up approach.
This is the init script I use to unlock my luks-encrypted root partition. There is very little to it.
| Code: |
#!/bin/busybox sh
# mount here
mount -t proc none /proc
mount -t sysfs none /sys
mount -t devtmpfs none /dev
rescue_shell() {
busybox --install -s
exec /bin/sh
}
# Password
cryptsetup luksOpen --allow-discards /dev/nvme0n1p5 root || {
echo "Failed to open the encrypted device"
rescue_shell
}
# activate LVM stuff
lvm vgchange -ay -v || rescue_shell
lvm vgscan --mknodes -v || rescue_shell
# mount root
mount -o ro /dev/mapper/gentoo-root /mnt || {
echo "Root mount failed"
rescue_shell
}
# unmount here
umount /proc
umount /sys
umount /dev
#switch root
echo "Switching to the root filesystem"
exec switch_root /mnt /sbin/init || rescue_shell
|
Note that "--allow-discards" enables trim on the luks-encrypted device, which is another feature you seem to need.
The other thing you have to do is make sure that dmsetup, cryptsetup, busybox, and lvm executables (and attached libraries) are included in the initramfs. IIRC there are two ways of doing it: 1. creating an initramfs source directory which has all the dirs initramfs needs (/etc, /bin, etc.) and copying all the files and nodes you need over; 2. using a script that does the same things automatically. I did 2 and provide it below.
You can create one initramfs which is used forever (as NeddySeagoon does) or you can supply the kernel config with the script or source dir and it will build it when you build your kernel. I'm a bit ocd about running "up-to-date" executables so I went with the latter.
Here is the scrip that is used to build the initramfs automatically:
| Code: |
# dirs
dir /bin 755 0 0
dir /dev 755 0 0
dir /etc 755 0 0
dir /lib 755 0 0
dir /lib64 755 0 0
dir /mnt 755 0 0
dir /proc 755 0 0
dir /root 700 0 0
dir /run 755 0 0
dir /sbin 755 0 0
dir /sys 755 0 0
dir /tmp 755 0 0
dir /usr 755 0 0
dir /usr/lib 755 0 0
dir /usr/lib64 755 0 0
dir /usr/sbin 755 0 0
dir /var 755 0 0
# console node
nod /dev/console 600 0 0 c 5 1
nod /dev/tty 666 0 0 c 5 1
# busybox
file /bin/busybox /bin/busybox 755 0 0
# dmsetup
file /sbin/dmsetup /sbin/dmsetup 755 0 0
file /lib64/libdevmapper.so.1.02 /lib64/libdevmapper.so.1.02 755 0 0
file /lib64/libudev.so.1 /lib64/libudev.so.1 755 0 0
file /lib64/libcap.so.2 /lib64/libcap.so.2 755 0 0
file /lib64/libm.so.6 /lib64/libm.so.6 755 0 0
file /lib64/libc.so.6 /lib64/libc.so.6 755 0 0
file /lib64/ld-linux-x86-64.so.2 /lib64/ld-linux-x86-64.so.2 755 0 0
# LUKS cryptsetup
file /sbin/cryptsetup /sbin/cryptsetup 755 0 0
file /usr/lib64/libcryptsetup.so.12 /usr/lib64/libcryptsetup.so.12 755 0 0
file /usr/lib64/libssl.so.3 /usr/lib64/libssl.so.3 755 0 0
file /usr/lib64/libcrypto.so.3 /usr/lib64/libcrypto.so.3 755 0 0
file /usr/lib64/libargon2.so.1 /usr/lib64/libargon2.so.1 755 0 0
file /usr/lib64/libjson-c.so.5 /usr/lib64/libjson-c.so.5 755 0 0
file /usr/lib64/libpopt.so.0 /usr/lib64/libpopt.so.0 755 0 0
file /lib64/libuuid.so.1 /lib64/libuuid.so.1 755 0 0
file /lib64/libblkid.so.1 /lib64/libblkid.so.1 755 0 0
# lvm
file /sbin/lvm /sbin/lvm 755 0 0
file /lib64/libdevmapper-event.so.1.02 /lib64/libdevmapper-event.so.1.02 755 0 0
file /lib64/libreadline.so.8 /lib64/libreadline.so.8 755 0 0
file /lib64/libtinfow.so.6 /lib64/libtinfow.so.6 755 0 0
file /lib64/libaio.so.1 /lib64/libaio.so.1 755 0 0
# random gcc file
file /lib64/libgcc_s.so.1 /usr/lib/gcc/x86_64-pc-linux-gnu/13/libgcc_s.so.1 755 0 0
# init
file /init /usr/src/initramfs/init 755 0 0
|
Busybox is compiled with the 'static' use flag so including it is easy; the rest are just regular packages that were already on my system.
Kernel command options you can provide in the kernel config. |
|
|
| Back to top |
|
|
sunox
Tux's lil' helper
Joined: 26 Jan 2022
Posts: 136
|
| Posted: Mon Jan 01, 2024 7:27 pm Post subject: |
|
|
| One thing I will say about genkernel is that it did work nicely 'out of the box' for creating an initramfs that unlocked my root partition, whereas dracut did not - at least not for me. |
|
| Back to top |
|
|
Hu
Moderator
Joined: 06 Mar 2007
Posts: 21635
|
| Posted: Mon Jan 01, 2024 8:12 pm Post subject: |
|
|
| mark4 wrote: | | Yes and no and it didnt help. I am using Luks, i am not using LVM. |
Your earlier post says you are: | mark4 wrote: | genkernel all --menuconfig --no-module-rebuild --luks --lvm --microcode-initramfs --microcode=intel
my GRUB_CMDLINE_LINUX is...
GRUB_CMDLINE_LINUX="dolvm crypt_root=UUID=xxxxxxx root=/dev/mapper/YYYYY root_trim=yes" |
This says you both asked genkernel for LVM and told grub to pass dolvm on the kernel command line. | mark4 wrote: | | This tells me to add things to the kernel command line but does not specify WHERE to add them. |
You should be able to put them anywhere on the kernel command line: beginning, middle, or end. The parser is context-free, as far as I know. How to modify the kernel command line depends on your bootloader. You seem to be using GRUB2, so probably modifying GRUB_CMDLINE_LINUX will work. |
|
| Back to top |
|
|
mark4
n00b
Joined: 26 Feb 2011
Posts: 46
|
| Posted: Mon Jan 01, 2024 8:38 pm Post subject: |
|
|
| Hu wrote: | | mark4 wrote: | | Yes and no and it didnt help. I am using Luks, i am not using LVM. |
Your earlier post says you are: | mark4 wrote: | genkernel all --menuconfig --no-module-rebuild --luks --lvm --microcode-initramfs --microcode=intel
my GRUB_CMDLINE_LINUX is...
GRUB_CMDLINE_LINUX="dolvm crypt_root=UUID=xxxxxxx root=/dev/mapper/YYYYY root_trim=yes" |
This says you both asked genkernel for LVM and told grub to pass dolvm on the kernel command line. | mark4 wrote: | | This tells me to add things to the kernel command line but does not specify WHERE to add them. |
You should be able to put them anywhere on the kernel command line: beginning, middle, or end. The parser is context-free, as far as I know. How to modify the kernel command line depends on your bootloader. You seem to be using GRUB2, so probably modifying GRUB_CMDLINE_LINUX will work. |
yea I can probably remove the --lvm from my kernel build script, i luks encrypted /dev/nvme0n1p3 and then opened that device and formatted /dev/mapper/xyzzy as ext4. I did not create any logical volumes within that encrypted device, I see absolutely no point in doing so myself because I am not encrypting /boot or /efi . i also do not have a swap partition, i will create a swap file on / later.
[edit] the dolvm seems to be required from my testing whether I am using logical volumes or not. without it I cant seem to get luks decryption to even work... probably doing something wrong. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Kernel & Hardware
