mirrors/meta-secure-core
1
0
Fork 0
mirror of https://github.com/jiazhang0/meta-secure-core.git synced 2026-04-20 18:08:17 +00:00
Code Issues Projects Releases Wiki Activity

init: clean up

Browse Source 
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
This commit is contained in:
Lans Zhang
2017-07-04 17:22:12 +08:00
parent a9e266c481
commit 6ace7c99ba
1 changed files with 37 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

114
meta/recipes-core/initrdscripts/files/init
View File

@@ -1,89 +1,52 @@
#!/bin/sh
PATH="/sbin:/bin:/usr/sbin:/usr/bin"
ROOTFS_MOUNT="/rootfs"
INIT="/sbin/init"
ROOT_MOUNT="/rootfs"
MOUNT="/bin/mount"
UMOUNT="/bin/umount"
mkdir /proc /sys /run
mount -t proc none /proc
mount -t sysfs none /sys
mount -t devtmpfs none /dev
mount -t tmpfs none /run
# Copied from initramfs-framework. The core of this script probably should be
# turned into initramfs-framework modules to reduce duplication.
udev_daemon() {
PROGS="/sbin/udev/udevd /sbin/udevd /lib/udev/udevd /lib/systemd/systemd-udevd"
cmdline="`cat /proc/cmdline`"
for arg in $cmdline; do
optarg=`expr "x$arg" : 'x[^=]*=\(.*\)'`
for o in $PROGS; do
if [ -x "$o" ]; then
echo "$o"
return 0
fi
done
case "$arg" in
root=*)
ROOTFS_DEV="$optarg"
;;
init=*)
INIT="$optarg"
;;
esac
done
return 1
[ -z "$ROOTFS_DEV" ] && {
echo "exiting on missing the kernel parameter root= ..."
exit 1
}
_UDEV_DAEMON="`udev_daemon`"
early_setup() {
mount -t proc proc /proc
mount -t sysfs sysfs /sys
mount -t devtmpfs none /dev
mount -t tmpfs none /run
$_UDEV_DAEMON --daemon
udevadm trigger --action=add
}
read_args() {
[ -z "$CMDLINE" ] && CMDLINE="`cat /proc/cmdline`"
for arg in $CMDLINE; do
optarg=`expr "x$arg" : 'x[^=]*=\(.*\)'`
case "$arg" in
root=*)
ROOT_DEVICE="$optarg"
;;
rootdelay=*)
ROOT_DELAY="$optarg"
;;
init=*)
INIT="$optarg"
;;
esac
done
}
fatal() {
echo $1 >$CONSOLE
echo >$CONSOLE
exec sh
}
early_setup
read_args
[ -z "$CONSOLE" ] && CONSOLE="/dev/console"
[ -z "$INIT" ] && INIT="/sbin/init"
udevadm settle --timeout=3
killall "${_UDEV_DAEMON##*/}" 2>/dev/null
mkdir -p "$ROOT_MOUNT"
mkdir -p "$ROOTFS_MOUNT"
try_to_mount_rootfs() {
local mount_flags="rw,noatime,iversion"
mount -o "$mount_flags" "$ROOT_DEVICE" "$ROOT_MOUNT" \
mount -o "$mount_flags" "$ROOTFS_DEV" "$ROOTFS_MOUNT" \
2>/dev/null && return 0
[ -x /init.cryptfs ] &&
/init.cryptfs "$ROOT_MOUNT" "$ROOT_DEVICE" \
/init.cryptfs "$ROOTFS_MOUNT" "$ROOTFS_DEV" \
"$mount_flags" OVERCROOTFS && return 0
return 1
}
echo "Waiting for root device to be ready..."
while [ 1 ] ; do
echo "Waiting for root device to be ready ..."
while [ 1 ]; do
try_to_mount_rootfs && break
sleep 0.1
done
@@ -91,24 +54,18 @@ done
# Move the mount points of some filesystems over to
# the corresponding directories under the real root filesystem.
for dir in `cat /proc/mounts | grep -v rootfs | awk '{ print $2 }'` ; do
mkdir -p $ROOT_MOUNT/${dir##*/}
mount -nv --move "$dir" $ROOT_MOUNT/${dir##*/}
mkdir -p "$ROOTFS_MOUNT"/${dir##*/}
mount -nv --move "$dir" "$ROOTFS_MOUNT"/${dir##*/}
done
cd "$ROOT_MOUNT"
# If we pass args to bash, it will assume they are text files
# to source and run.
if [ "$INIT" == "/bin/bash" ] || [ "$INIT" == "/bin/sh" ]; then
CMDLINE=""
fi
cd "$ROOTFS_MOUNT"
# !!! The Big Fat Warnings !!!
#
# The IMA policy may enforce appraising the executable and verifying the
# signature stored in xattr. However, ramfs doesn't support xattr, and all
# other initializations must *NOT* be placed after IMA initialization!
[ -x /init.ima ] && /init.ima "$ROOT_MOUNT" && {
[ -x /init.ima ] && /init.ima "$ROOTFS_MOUNT" && {
# switch_root is an exception. We call it in the real rootfs and it
# should be already signed properly.
switch_root="usr/sbin/switch_root.static"
@@ -116,5 +73,8 @@ fi
switch_root="switch_root"
}
exec "$switch_root" "$ROOT_MOUNT" "$INIT" "$CMDLINE" ||
fatal "Couldn't switch_root, dropping to shell"
exec "$switch_root" "$ROOTFS_MOUNT" "$INIT" || {
"$ROOTFS_MOUNT/bin/echo.coreutils" "Couldn't switch to the real rootfs"
# Cause kernel panic.
exit 2
}