View previous topic :: View next topic |
Author |
Message |
ClericLeech n00b
Joined: 06 Jul 2006 Posts: 11
|
Posted: Sat May 10, 2014 7:58 pm Post subject: Kernel panic 'attempted to kill init' |
|
|
Hi,
I am using a custom initramfs on my ~amd64 fully encrypted system. Everything worked as expected until i did an upgrade to sysvinit-2.88-r7.
The initramfs starts properly and all devices get decrypted. The root filesystem is mounted and accessable.
But when the initramfs tries to call "exec switch_root -c /dev/console /newroot /sbin/init" i get a kernel panic:
"attempted to kill init"
After some debugging i noticed that the system starts normally without an initramfs (copied the encrypted root to another partition).
I already tried rebuilding the initramfs many times. Upgrading to a newer version of busybox and so on.
Here is my current init scrypt:
Code: |
# don't edit
global_splash_verbose=0
global_mdev_active=0
# colors
color_black='\x1b[30;01m'
color_red='\x1b[31;01m'
color_green='\x1b[32;01m'
color_yellow='\x1b[33;01m'
color_blue='\x1b[34;01m'
color_off='\x1b[0;0m'
#
# The following variables can(and should) be
# overidden by cryptfs
#
# General
cfg_setup_initramfs=1 # Setup initramfs enviroment.
cfg_install_applets=1 # Install busybox applets at runtime(creates symlinks for all applets
# that are compiled into busybox).
cfg_start_mdev=1 # Start mdev(Busybox's mini-udev implementation)
cfg_shell_checkpoint=0 # Shell checkpoint (initrd_shell)
cfg_tmp_keys_rep=/tmp/keys # Where keys are temporary stored
cfg_tmp_keys_stat=/tmp/keys # Where keys status stored
cfg_kmap= # Load kmap (initrd_kmap)
cfg_font= # Load font (initrd_kmap)
cfg_init=/sbin/init # Init to execute from root device
cfg_newroot=/newroot # Mountpoint for root
cfg_remmnt=/mnt # Mountpoint for removable device
cfg_root_device= # Root device (root)
cfg_root_mode=ro # Root mount mode (ro)
cfg_root_type= # Root filesystem type (rootfstype)
cfg_resume_device= # Resume device.
cfg_hand_root_control=1 # Execute init from root device
cfg_util_type= # Type of utility (gpgfile,pkcs11,passphrase,keyfile) (initrd_util)
cfg_remdev= # Device assigned to removable media for gpgfile utility. (initrd_util=gpgfile)
cfg_remdev_fs= # Device assigned to removable media for gpgfile utility. (initrd_util=gpgfile)
cfg_gpg_files= # Files, one for each loop/device, comma separated (initrd_util=gpgfile)
cfg_gpg_pass= # Static passphrase (initrd_util=gpgfile)
cfg_pkcs11_application= # PKCS#11 data object application name (initrd_util=pkcs11)
cfg_pkcs11_labels= # PKCS#11 data object labels, one for each loop, (initrd_util=pkcs11)
cfg_pkcs11_pass= # PKCS#11 PIN (initrd_util=pkcs11)
cfg_passphrase_id= # Passphrase comma separated ides (initrd_util=passphrase)
cfg_devices= # Devices to decrypt (initrd_devices)
cfg_suspend_mode= # Type of suspend/resume to use
cfg_resume_ui=auto # Type of ui for resume
# loop-AES
cfg_loopaes=0 # 1 == loopAES support enabled (initrd_encmode=loop-aes)
cfg_loopstart=0 # Loop start index (initrd_loopstart)
cfg_cipher="AES256" # Encryption cipher
# dm-crypt
cfg_dmcrypt=0 # 1 == dm-crypt support enabled (initrd_encmode=dm-crypt)
cfg_dmnames= # Logical names of DM crypt
cfg_keyfile_files= # Files(keyfiles), one for each device, comma separated (initrd_util=keyfile)
if [ -e /linuxrc.local ]; then
. /linuxrc.local
fi
f_parse_head() {
local s="${1}"
local d="${2}"
echo "${s%%${d}*}"
}
f_parse_remove_head() {
local s="${1}"
local d="${2}"
local r="${s#*${d}}"
if [ "${r}" = "${s}" ]; then
echo ""
else
echo "${r}"
fi
}
f_echo() {
local type="${1}"
local msg="${2}"
local opts="${3}"
local eopts
local colors_on
local colors_off
if [ "${cfg_color_msg}" != 0 ]; then
colors_off="${color_off}"
case "${type}" in
err)
colors_on="${color_red}"
;;
inf)
colors_on="${color_yellow}"
;;
msg|*)
colors_on="${color_green}"
;;
esac
local o
for o in $(echo "${opts}" | sed 's/,/ /'); do
case "${o}" in
nonl)
eopts="$eopts -n"
;;
esac
done
fi
echo ${eopts} -e " ${colors_on}*${color_off} ${msg}"
}
f_modprobe_group() {
local group="${1}"
local mod
if [ -f "/etc/modules/${group}" ]; then
for mod in $(cat "/etc/modules/${group}"); do
modprobe "${mod}" > /dev/null 2>&1
done
fi
}
f_rmmod_group() {
local group="${1}"
local invert
local mod
if [ -f "/etc/modules/${group}" ]; then
for mod in $(cat "/etc/modules/${group}"); do
invert="${mod} ${invert}"
done
for mod in ${invert}; do
#
# There are some modules that cannot
# be unloaded
#
if [ "${mod}" != "unix" ]; then
rmmod "$(echo "${mod}" | sed 's/-/_/g')"
fi
done
fi
}
f_killallwait() {
local p="${1}"
while killall -q -3 "${p}"; do
sleep 1
done
}
f_die() {
local message="${1}"
f_splash_verbose
f_echo err "${message}"
exec /bin/sh
}
f_shell_checkpoint() {
local level="${1}"
if [ "${cfg_shell_checkpoint}" = "${level}" ]; then
f_splash_verbose
exec /bin/sh
fi
}
f_splash_verbose() {
[ "${global_splash_verbose}" = 0 ] && chvt 1
}
f_splash_silent() {
[ "${global_splash_verbose}" = 0 ] && chvt 2
}
f_splash_message() {
local msg="${1}"
[ "${global_splash_verbose}" = 0 ] && BOOT_MSG="${msg}" fbcondecor_helper 2 'repaint'
}
f_loadkmap() {
if [ -f "${cfg_kmap}" ]; then
# if [ -e "${gv_kmap}" ]; then
loadkmap < "${cfg_kmap}"
# else
# f_die "Error: keymap \"${cfg_kmap}\" does not exist."
# fi
fi
if [ -f "${cfg_font}" ]; then
if [ -e "${cfg_font}" ]; then
loadfont < "${cfg_font}"
else
f_die "Error: font \"${cfg_font}\" does not exist."
fi
fi
}
f_hand_root_control() {
[ -d "${cfg_newroot}" ] || mkdir "${cfg_newroot}"
f_echo msg "${cfg_root_device}"
mount -o "${cfg_root_mode}" ${cfg_root_type:+-t "${cfg_root_type}"} \
"${cfg_root_device}" "${cfg_newroot}" || f_die "Cannot mount root filesystem"
f_stop_mdev
umount /proc
umount /sys
# mountpoints="/usr /var"
# ln -s "${cfg_newroot}"/etc/fstab /etc/fstab
# for m in $mountpoints; do
# check_filesystem $m
# mount $m || f_die "Cannot mount $m"
# mount --move $m "${cfg_newroot}"$m || f_die "Cannot move $m"
# done
#exec switch_root -c "/dev/console" "${cfg_newroot}" "${cfg_init}" ${init_arg}
# exec switch_root /mnt/ro /sbin/init </dev/console >dev/console 2>&1
exec /bin/sh
}
f_setup_mdev() {
if [ -x /sbin/mdev ]; then
/sbin/mdev -s
echo /sbin/mdev > /proc/sys/kernel/hotplug
global_mdev_active=1
fi
# This is solved in busybox-1.6.1
if [ -e /sys/class/misc/snapshot/dev ] && ! [ -e /dev/snapshot ]; then
mknod /dev/snapshot c 10 231
fi
}
f_stop_mdev() {
if [ ${global_mdev_active} != 0 ]; then
echo > /proc/sys/kernel/hotplug
fi
}
f_reset_environment() {
export PATH="${OLDPATH}"
}
f_mount_remdev() {
f_modprobe_group "remdev"
f_shell_checkpoint 102
local first_time=1
#local remdevice=$(/sbin/findfs ${cfg_remdev})
sleep 3
while ! mount -n -o ro "${cfg_remdev}" "${cfg_remmnt}" > /dev/null 2>&1; do
if [ ${first_time} != 0 ]; then
f_echo inf "UUID Mode: Please insert removable device ${cfg_remdev}..."
first_time=0
fi
sleep 2
done
f_shell_checkpoint 103
}
f_umount_remdev() {
umount -n "${cfg_remmnt}"
f_rmmod_group "remdev"
}
f_resume_uswsusp() {
local args
local features="$(resume --version | grep FEATURES)"
[ -n "${cfg_resume_device}" ] && args="${args} --resume_device=${cfg_resume_device}"
echo "${features}" | grep fbsplash > /dev/null && [ -n "${splash_theme}" -a "${global_splash_verbose}" = 0 ] && [ "${cfg_resume_ui}" = "auto" -o "${cfg_resume_ui}" = "fbsplash" ] && args="${args} --parameter=\"splash=y\""
eval resume ${args}
}
f_resume_tuxonice() {
local tuxonice_userui_program="/sys/power/tuxonice/user_interface/program"
local tuxonice_do_resume="/sys/power/tuxonice/do_resume"
local tuxonice_resume="/sys/power/tuxonice/resume"
#
# Backward compatibility
#
if [ -e /proc/suspend2 ]; then
tuxonice_userui_program="/sys/power/suspend2/user_interface/program"
tuxonice_do_resume="/sys/power/suspend2/do_resume"
tuxonice_resume="/sys/power/suspend2/resume2"
elif [ -e /proc/suspend2 ]; then
tuxonice_userui_program="/proc/suspend2/userui_program"
tuxonice_do_resume="/proc/suspend2/do_resume"
tuxonice_resume="/proc/suspend2/resume2"
fi
f_modprobe_group tuxonice
[ -n "${splash_theme}" ] && ln -s "/etc/splash/${splash_theme}" /etc/splash/suspend2
if [ "${cfg_resume_ui}" != "none" -a "${global_splash_verbose}" = 0 ]; then
if [ "${cfg_resume_ui}" = "auto" ]; then
if [ -z "${splash_theme}" ]; then
if which "suspend2ui_text" > /dev/null 2>&1; then
which "suspend2ui_text" > "${tuxonice_userui_program}"
fi
if which "tuxonice_text" > /dev/null 2>&1; then
which "tuxonice_text" > "${tuxonice_userui_program}"
fi
else
if which "suspend2ui_fbsplash" > /dev/null 2>&1; then
which "suspend2ui_fbsplash" > "${tuxonice_userui_program}"
fi
if which "tuxonice_fbsplash" > /dev/null 2>&1; then
which "tuxonice_fbsplash" > "${tuxonice_userui_program}"
fi
fi
else
if which "suspend2ui_${cfg_resume_ui}"; > /dev/null 2>&1; then
which "suspend2ui_${cfg_resume_ui}" > "${tuxonice_userui_program}"
fi
if which "tuxonice_${cfg_resume_ui}"; > /dev/null 2>&1; then
which "tuxonice_${cfg_resume_ui}" > "${tuxonice_userui_program}"
fi
fi
fi
[ -n "${cfg_resume_device}" ] && echo "${cfg_resume_device}" > "${tuxonice_resume}"
echo > "${tuxonice_do_resume}"
f_rmmod_group tuxonice
}
f_resume() {
case "${cfg_suspend_mode}" in
tuxonice) f_resume_tuxonice;;
uswsusp) f_resume_uswsusp;;
esac
}
f_keys_read_pkcs11() {
f_modprobe_group "pkcs11"
mount -n -t usbfs usbfs /proc/bus/usb
pcscd --force-reader-polling
sleep 3
f_shell_checkpoint 102
local labels="${cfg_pkcs11_labels}"
local index=0
local pkcs11_objects
while [ -n "${labels}" ]; do
local label
label=$(f_parse_head "${labels}" ",")
labels=$(f_parse_remove_head "${labels}" ",")
pkcs11_objects="${pkcs11_objects} \"--application=${cfg_pkcs11_application}\" \"--label=${label}\" \"--file=${cfg_tmp_keys_rep}/${index}.raw\""
index=$((${index}+1))
done
while ! eval pkcs11-data $(cat /etc/pkcs11.conf) --cmd=export ${pkcs11_objects}; do
f_echo msg "Please try again."
done
local key
for key in "${cfg_tmp_keys_rep}"/*; do
gunzip -c "${key}" > $(echo ${key} | sed 's/.raw//').key
done
f_shell_checkpoint 103
f_killallwait pcscd
umount -n /proc/bus/usb
f_rmmod_group "pkcs11"
}
f_keys_read_gpg() {
local index=0
local bad_pass=1
while [ ${bad_pass} != 0 ]; do
if [ -z "${cfg_gpg_pass}" ]; then
stty -echo
echo -n "Passphrase: "
read cfg_gpg_pass
echo
stty echo
fi
bad_pass=0
local file
for file in $(echo "${cfg_gpg_files}" | sed 's/,/ /g'); do
if ! [ -f "${cfg_remmnt}/${file}" ]; then
f_die "Cannot access ${cfg_remdev}:${file}"
fi
if ! echo "${cfg_gpg_pass}" | \
gpg --homedir / \
--batch \
--passphrase-fd 0 \
--decrypt "${cfg_remmnt}/${file}" > \
"${cfg_tmp_keys_rep}/${index}.key";
then
ls -lha "${cfg_tmp_keys_rep}"
bad_pass=1
else
index=$((${index}+1))
fi
done
unset cfg_gpg_pass
if [ ${bad_pass} != 0 ]; then
echo "Please try again." >&2
fi
done
}
f_keys_read_keyfile() {
local index=0 file
for file in $(echo "${cfg_keyfile_files}" | sed 's/,/ /g'); do
if ! [ -f "${cfg_remmnt}/${file}" ]; then
f_die "Cannot access ${cfg_remdev}:${file}"
else
cp "${cfg_remmnt}/${file}" "${cfg_tmp_keys_rep}/${index}.key"
fi
index=$((${index}+1))
done
}
f_keys_read_passphrase() {
local first_time=0
local index=0
local id
#
# If no rejects assume first time
#
[ "$(find "${cfg_tmp_keys_stat}")" = "${cfg_tmp_keys_stat}" ] && first_time=1
for id in $(echo "${cfg_passphrase_id}" | sed 's/,/ /g'); do
#
# If first time or rejected
#
if [ "${first_time}" != 0 -o -f "${cfg_tmp_keys_stat}/${index}.rejected" ]; then
rm -f "${cfg_tmp_keys_stat}/${index}.rejected" > /dev/null 2>&1
if [ -f "${cfg_tmp_keys_rep}/passphrase_${id}" ]; then
cp "${cfg_tmp_keys_rep}/passphrase_${id}" "${cfg_tmp_keys_rep}/${index}.key"
else
local password
stty -echo
echo -n "Passphrase (${id}): "
read password
echo
stty echo
echo "${password}" > "${cfg_tmp_keys_rep}/${index}.key"
echo "${password}" > "${cfg_tmp_keys_rep}/passphrase_${id}"
fi
fi
index=$((${index}+1))
done
}
f_keys_clean() {
if [ -d "${cfg_tmp_keys_rep}" ]; then
local i
for i in "${cfg_tmp_keys_rep}"/*; do
dd if=/dev/zero "of=${i}" conv=notrunc bs=1024 count=10 > /dev/null 2>&1
done
rm -fr "${cfg_tmp_keys_rep}"
fi
}
f_keys_read() {
[ -d "${cfg_tmp_keys_rep}" ] || mkdir -p "${cfg_tmp_keys_rep}"
[ -d "${cfg_tmp_keys_stat}" ] || mkdir -p "${cfg_tmp_keys_stat}"
f_shell_checkpoint 101
case "${cfg_util_type}" in
pkcs11)
f_keys_read_pkcs11
;;
gpgfile)
f_mount_remdev
f_keys_read_gpg
f_umount_remdev
;;
passphrase)
f_keys_read_passphrase
;;
keyfile)
f_mount_remdev
f_keys_read_keyfile
f_umount_remdev
;;
esac
f_shell_checkpoint 102
}
f_opendevices_loopaes() {
local error=0
#
# map loop devices
#
local index=0
local device
for device in $(echo "${cfg_devices}" | sed 's/,/ /g'); do
local keyfile="${cfg_tmp_keys_rep}/${index}.key"
if [ -f "${keyfile}" ]; then
if ! losetup.crypt -p 0 -e "${cfg_cipher}" \
"/dev/loop$((${cfg_loopstart}+${index}))" \
"${device}" < "${keyfile}"; then
touch "${cfg_tmp_keys_stat}/${index}.rejected"
f_echo err "Cannot loop ${device}"
error=1
fi
fi
index="$((${index}+1))"
done
return "${error}"
}
f_opendevices_dmcrypt() {
local error=0
#
# map loop devices
#
local index=0
local names="${cfg_dmnames}"
local device
for device in $(echo "${cfg_devices}" | sed 's/,/ /g'); do
local name=$(f_parse_head "${names}" ",")
names=$(f_parse_remove_head "${names}" ",")
#[ "${device}" == "${cfg_root_device}" ] && cfg_root_device="/dev/mapper/${name}"
local keyfile="${cfg_tmp_keys_rep}/${index}.key"
if [ -f "${keyfile}" ]; then
f_echo msg "Opening ${name}..."
f_echo msg "Opening ${device}..."
local device_type=$(echo $device | cut -d= -f1)
if [ $device_type == "UUID" ] ; then
device=$(findfs ${device})
fi
local gen_prm
if cryptsetup isLuks "${device}" > /dev/null 2>&1; then
gen_prm="luksOpen \"${device}\" \"${name}\""
else
gen_prm="create \"${name}\" \"${device}\""
fi
local stdin_file
local key_prm
if [ "${cfg_util_type}" = "passphrase" ]; then
stdin_file="${keyfile}"
key_prm=""
elif [ "${cfg_util_type}" = "gpgfile" ]; then
stdin_file="${keyfile}"
key_prm=""
else
stdin_file="/dev/null"
key_prm="-d \"${keyfile}\""
fi
if ! eval cryptsetup ${key_prm} ${gen_prm} < "${stdin_file}"; then
touch "${cfg_tmp_keys_stat}/${index}.rejected"
f_echo err "Failed to decrypt ${device}"
error=1
fi
fi
index="$((${index}+1))"
done
return "${error}"
}
f_opendevices() {
local error=0
if [ "${cfg_dmcrypt}" != 0 ]; then
f_opendevices_dmcrypt || error=1
elif [ "${cfg_loopaes}" != 0 ]; then
f_opendevices_loopaes || error=1
fi
return "${error}"
}
f_setup_initramfs() {
umask 0077
#
# basic mounts
#
if ! [ -f /proc/cmdline ]; then
mount -t proc none /proc
fi
mount -t sysfs /sys /sys
mount -o remount,rw /
#
# create utilities
#
if [ "${cfg_install_applets}" != 0 ]; then
/bin/busybox --install -s
fi
[ "$0" != "/init" ] && f_die "initrd is not supported"
[ -e /linuxrc -a "$0" = "/init" ] && rm /linuxrc
[ ! -d /tmp ] && mkdir /tmp
[ ! -d "${cfg_remmnt}" ] && mkdir -p "${cfg_remmnt}"
[ -e /dev/tty ] && rm /dev/tty
[ -e /dev/tty0 ] && rm /dev/tty0
ln -s "$(tty)" /dev/tty
ln -s "$(tty)" /dev/tty0
}
f_setup_environment() {
#
# setup path
#
OLDPATH="${PATH}"
export PATH="${PATH}:/sbin:/bin:/usr/sbin:/usr/bin"
#
# parse command line
#
local x
for x in $(cat /proc/cmdline); do
local v="${x#*=}"
case "${x}" in
initrd_suspend_mode=*)
cfg_suspend_mode="${v}"
;;
initrd_util=*)
local t
t=$(f_parse_head "${v}" ":")
v=$(f_parse_remove_head "${v}" ":")
[ -n "${t}" ] && cfg_util_type="${t}"
case "${cfg_util_type}" in
"");;
pkcs11)
t=$(f_parse_head "${v}" ":")
v=$(f_parse_remove_head "${v}" ":")
[ -n "${t}" ] && cfg_pkcs11_application="${t}"
t=$(f_parse_head "${v}" ":")
v=$(f_parse_remove_head "${v}" ":")
[ -n "${t}" ] && cfg_pkcs11_labels="${t}"
t=$(f_parse_head "${v}" ":")
v=$(f_parse_remove_head "${v}" ":")
[ -n "${t}" ] && cfg_pkcs11_pass="${t}"
;;
gpgfile)
t=$(f_parse_head "${v}" ":")
v=$(f_parse_remove_head "${v}" ":")
[ -n "${t}" ] && cfg_remdev="${t}"
t=$(f_parse_head "${v}" ":")
v=$(f_parse_remove_head "${v}" ":")
[ -n "${t}" ] && cfg_remdev_fs="${t}"
t=$(f_parse_head "${v}" ":")
v=$(f_parse_remove_head "${v}" ":")
[ -n "${t}" ] && cfg_gpg_files="${t}"
t=$(f_parse_head "${v}" ":")
v=$(f_parse_remove_head "${v}" ":")
[ -n "${t}" ] && cfg_gpg_pass="${t}"
;;
passphrase)
t=$(f_parse_head "${v}" ":")
v=$(f_parse_remove_head "${v}" ":")
[ -n "${t}" ] && cfg_passphrase_id="${t}"
;;
keyfile)
t=$(f_parse_head "${v}" ":")
v=$(f_parse_remove_head "${v}" ":")
[ -n "${t}" ] && cfg_remdev="${t}"
t=$(f_parse_head "${v}" ":")
v=$(f_parse_remove_head "${v}" ":")
[ -n "${t}" ] && cfg_remdev_fs="${t}"
t=$(f_parse_head "${v}" ":")
v=$(f_parse_remove_head "${v}" ":")
[ -n "${t}" ] && cfg_keyfile_files="${t}"
;;
*)
f_die "Error: Invalid util argument ${v}"
;;
esac
;;
initrd_devices=*)
cfg_devices="${v}"
;;
initrd_loopstart=*)
cfg_loopstart="${v}"
;;
initrd_dmnames=*)
cfg_dmnames="${v}"
;;
initrd_shell=*)
case "${v}" in
rescue) v=3;;
install) v=5;;
repair) v=10;;
esac
cfg_shell_checkpoint="${v}"
;;
initrd_kmap=*)
cfg_kmap=$(f_parse_head "${v}" ":")
local m=$(f_parse_remove_head "${v}" ":")
[ -n "${m}" ] && cfg_font="${m}"
;;
initrd_encmode=*)
case "${v}" in
loopaes) cfg_loopaes=1;;
loop-aes) cfg_loopaes=1;;
dmcrypt) cfg_dmcrypt=1;;
dm-crypt) cfg_dmcrypt=1;;
esac
;;
initrd_resume_ui)
cfg_resume_ui="${v}"
;;
splash=*)
splash_theme=$(echo "${x}" | sed 's/.*theme://' | sed 's/,.*//')
[ -n "$(echo ${x} | grep verbose)" ] && global_splash_verbose=1
;;
root=*)
cfg_root_device="${v}"
;;
rootfstype=*)
cfg_root_type="${v}"
;;
ro)
cfg_root_mode=ro
;;
resume=*)
cfg_resume_device="${v}"
;;
[0123456Ss])
init_arg="${x}"
;;
esac
done
}
check_filesystem() {
# most of code coming from /etc/init.d/fsck
local fsck_opts= check_extra= RC_UNAME=$(uname -s)
# FIXME : get_bootparam forcefsck
if [ -e /forcefsck ]; then
fsck_opts="$fsck_opts -f"
check_extra="(check forced)"
fi
echo "Checking local filesystem $check_extra : $1"
if [ "$RC_UNAME" = Linux ]; then
fsck_opts="$fsck_opts -C0 -T"
fi
trap : INT QUIT
# using our own fsck, not the builtin one from busybox
/sbin/fsck -p $fsck_opts $1
case $? in
0) return 0;;
1) echo "Filesystem repaired"; return 0;;
2|3) if [ "$RC_UNAME" = Linux ]; then
echo "Filesystem repaired, but reboot needed"
reboot -f
else
f_die "Filesystem still have errors; manual fsck required"
fi;;
4) if [ "$RC_UNAME" = Linux ]; then
f_die "Fileystem errors left uncorrected, aborting"
else
echo "Filesystem repaired, but reboot needed"
reboot
fi;;
8) echo "Operational error"; return 0;;
12) echo "fsck interrupted";;
*) echo "Filesystem couldn't be fixed";;
esac
f_die "Rescue Shell"
}
main() {
[ ${cfg_setup_initramfs} != 0 ] && f_setup_initramfs
f_setup_environment
f_shell_checkpoint 1
f_modprobe_group boot
f_shell_checkpoint 2
[ ${cfg_start_mdev} != 0 ] && f_setup_mdev
f_loadkmap
f_shell_checkpoint 3 # rescue point
if [ -z "${cfg_root_device}" ]; then
f_die "Error: Please specify root kernel parameter at next reboot."
fi
if [ -z "${cfg_util_type}" -a -n "${cfg_devices}" ]; then
f_die "Error: Please specify initrd_util kernel parameter at next reboot."
fi
if [ "${cfg_dmcrypt}" != 0 ]; then
if [ -e "/dev/device-mapper" -a ! -e "/dev/mapper/control" ]; then
[ -d /dev/mapper ] || mkdir /dev/mapper
ln -s /dev/device-mapper /dev/mapper/control
fi
fi
f_shell_checkpoint 5 # install point
if [ -n "${cfg_devices}" ]; then
local success="0"
while [ "${success}" = 0 ]; do
f_shell_checkpoint 6
#f_splash_verbose
f_shell_checkpoint 7
f_keys_read
#f_splash_silent
f_shell_checkpoint 8
f_opendevices && success="1"
f_shell_checkpoint 9
f_keys_clean
if [ "${cfg_util_type}" != "passphrase" -a "${success}" = 0 ]; then
f_die "Cannot open/decrypt devices"
fi
done
fi
f_shell_checkpoint 10 # repair point
#f_splash_message "Trying to resume..."
f_shell_checkpoint 11
f_resume
f_shell_checkpoint 12
#f_splash_message "Booting the system..."
f_shell_checkpoint 13
f_reset_environment
f_shell_checkpoint 14
[ ${cfg_hand_root_control} != 0 ] && f_hand_root_control
f_shell_checkpoint 15
}
main
|
Code: |
Portage 2.2.10 (default/linux/amd64/13.0, gcc-4.8.2, glibc-2.19, 3.14.2-aufs x86_64)
=================================================================
System uname: Linux-3.14.2-aufs-x86_64-Intel-R-_Core-TM-_i7-4770K_CPU_@_3.50GHz-with-gentoo-2.2
KiB Mem: 16345088 total, 6011972 free
KiB Swap: 0 total, 0 free
Timestamp of tree: Sat, 10 May 2014 11:15:01 +0000
ld GNU ld (GNU Binutils) 2.24
distcc 3.1 x86_64-pc-linux-gnu [disabled]
ccache version 3.1.9 [enabled]
app-shells/bash: 4.2_p47
dev-java/java-config: 2.2.0
dev-lang/python: 2.7.6-r1, 3.2.5-r4, 3.4.0
dev-util/ccache: 3.1.9-r3
dev-util/cmake: 2.8.12.2-r1
dev-util/pkgconfig: 0.28-r1
sys-apps/baselayout: 2.2
sys-apps/openrc: 0.12.4
sys-apps/sandbox: 2.6-r1
sys-devel/autoconf: 2.13, 2.69
sys-devel/automake: 1.11.6, 1.14.1
sys-devel/binutils: 2.24-r2
sys-devel/gcc: 4.8.2
sys-devel/gcc-config: 1.8
sys-devel/libtool: 2.4.2
sys-devel/make: 4.0-r1
sys-kernel/linux-headers: 3.14 (virtual/os-headers)
sys-libs/glibc: 2.19
Repositories: gentoo multimedia stuff yarik-overlay sunrise mv bar fangornsrealm-eu
ACCEPT_KEYWORDS="amd64 ~amd64"
ACCEPT_LICENSE="*"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=native -O2 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/config /usr/share/gnupg/qualified.txt /usr/share/themes/oxygen-gtk/gtk-2.0"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.5/ext-active/ /etc/php/cgi-php5.5/ext-active/ /etc/php/cli-php5.5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/splash /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c"
CXXFLAGS="-march=native -O2 -pipe"
DISTDIR="/usr/portage-distfiles"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-logs ccache config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync"
FFLAGS="-O2 -pipe"
GENTOO_MIRRORS="http://distfiles.gentoo.org"
LANG="de_DE.UTF-8@euro"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
MAKEOPTS="-j8"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/var/lib/layman/multimedia /var/lib/layman/stuff /var/lib/layman/yarik-overlay /var/lib/layman/sunrise /var/lib/layman/mv /var/lib/layman/bar /usr/local/portage"
SYNC="rsync://rsync.de.gentoo.org/gentoo-portage"
USE="3dnow 3dnowext X a52 aac aalib acl acpi alsa amd64 apache apache2 audiofile avahi bash_completion berkdb bzip2 cairo cdr cli compiz consolekit cracklib crypt cups curl cxx dbus device-mapper dga dri dts dv dvd dvdr dvdread examples fat ffmpeg firefox flac fortran gd gdbm glitz gnutls gstreamer howl httpd iconv icu idn ieee1394 ipv6 jack java joystick jpeg jpeg2k kde kerberors lcms libcaca mmx mmxext mng modules moonlight multilib mysql mysqli ncurses network nls nptl ntfs nvidia odbc openal opengl openmp pam pcre png policykit ppds pulseaudio python qt3support qt4 readline redland samba scanner secure-delete session slp sndfile speex sql sse sse2 sse3 ssl svg tcltk tcpd tetex theora threads tidy tiff udev unicode usb utf8 vdpau win32codecs wmf wxwidgets xcb xcomposite xine xinerama xml xosd xulrunner xvid zlib" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LINGUAS="de" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-5" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_2" RUBY_TARGETS="ruby19" USERLAND="GNU" VIDEO_CARDS="nvidia" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, USE_PYTHON
|
|
|
Back to top |
|
|
windex n00b
Joined: 09 Dec 2012 Posts: 70
|
Posted: Fri Jun 06, 2014 5:01 pm Post subject: |
|
|
I'm curious, what process did you use to fully encrypt yr system? |
|
Back to top |
|
|
ClericLeech n00b
Joined: 06 Jul 2006 Posts: 11
|
Posted: Sat Jun 07, 2014 9:03 am Post subject: |
|
|
I initially followed this approach: http://www.gentoo-wiki.info/SECURITY_System_Encryption_DM-Crypt_with_LUKS
It is somewhat outdated by now, at least the recommended encryption algorithms.
But from time to time I have updated the initramfs and of course the encryption algorithms.
But basically it is still the same setup as the one describes above. |
|
Back to top |
|
|
regatus n00b
Joined: 04 Dec 2005 Posts: 6 Location: Germany
|
Posted: Sun Jul 20, 2014 7:28 pm Post subject: |
|
|
i've tried building a new custom initramfs for a couple of hours now (as a longtime full-crypto user). a common problem seems to be gcc:4.8 (hardened and also non-hardened). using the older gcc:4.7 (hardened) it works just fine.
although my busybox resigned early on with:
[ 1.147957] traps: init[1] general protection ip:524e5e sp:3ad014902c0 error:0 in busybox[400000+206000] |
|
Back to top |
|
|
Irom Tux's lil' helper
Joined: 07 Oct 2003 Posts: 95 Location: am arsch..
|
Posted: Wed Jul 23, 2014 5:21 pm Post subject: |
|
|
Just throwing some ideas in:
Attempted to kill init is the kernel message for when PID 1 exits. So either switch_root exits or the init process started by switch_root
- is switch_root in $PATH?
- does /sbin/init exist?
- "dev/console" is missing the slash for root
_________________ http://ftp.fukt.bsnet.se/pub/movies/stallman/ (Please watch this before you form an opinion about GNU)
https://apfelboymchen.net/gnu/ |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|