# [gelöst] initramfs wird nicht ausgeführt

## die4me

Hallo,

ich habe heute angefangen meine HDD nach folgendem Vorbild zu verschlüsseln. http://en.gentoo-wiki.com/wiki/DM-Crypt_with_LUKS

Nur ist es irgendwie komisch, dass das init-script nicht ausgeführt wird.

Ich habe das initramfs noch ein bisschen erweitert. Zum einen ist v86d(static) mit enthalten, ebenso mein splashscreen (powered_by_gentoo)

Am bessten ein mal hier die Übersicht über alle Dateien in dem initramfs

http://paste.pocoo.org/show/395099/

Das Verzeichnis habe ich dann später in den Kernel mit integriert. Jedoch ist auch ein Versuch fehlgeschlagen das initramfs selber zu bauen und dann mittels initrd aus der Grub zu laden. Es gab dabei jeweils das gleiche Ergebnis. Weiterhin möchte ich euch meine Kernelconfig nicht vorenthalten, webensowenig wie die grub.conf.

kernelconf

http://paste.pocoo.org/show/395097/

grub.conf

 *Quote:*   

> # This is a sample grub.conf for use with Genkernel, per the Gentoo handbook
> 
> # http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=1&chap=10#doc_chap2
> 
> # If you are not using Genkernel and you need help creating this file, you
> ...

 

Das init-Script sieht dann wie folgt aus:

http://paste.pocoo.org/show/395101/

Wenn ich nun mit dieser Konfiguration starte, dann wird mir der FBSplash angezeigt und ich sehe die Kernel Parameter. Eine weitere Ausgabe gibt es nicht. Wenn ich in der Kernel-Zeile von grub das Quiet raus nehme ist ebenso kein Fehler zu sehen. Dort sind die letzte Zeilen:

 *Quote:*   

> [     0.674820] Console: switching to colour frame buffer device 160x50
> 
> [     0.735345] fbcondecor: console 0 using theme 'powered_by_gentoo'
> 
> [     0.766434] fbcondecor: switched decor state to 'on' on console 0

 

Also eigentlich scheint meiner Meinung nach alles laut den Meldungen in Ordnung zu sein. Nur kommt danach nichts mehr. Was nicht in Ordnung ist. Ich hoffe ihr könnt mir da helfen.Last edited by die4me on Tue May 31, 2011 11:36 am; edited 1 time in total

----------

## firefly

Wie hast du das initramfs image erstellt? Ist es eine separate Datei oder fest im kernel integriert?

----------

## Max Steel

 *firefly wrote:*   

> Wie hast du das initramfs image erstellt? Ist es eine separate Datei oder fest im kernel integriert?

 

Schrieb er, er hat beides ausprobiert.

----------

## firefly

 *Max Steel wrote:*   

>  *firefly wrote:*   Wie hast du das initramfs image erstellt? Ist es eine separate Datei oder fest im kernel integriert? 
> 
> Schrieb er, er hat beides ausprobiert.

 

stimmt überlesen.

@die4me : als du die initramfs als separate datei hattest, hattest du in der grub.conf eine initrd zeile drinnstehen?

----------

## die4me

 *firefly wrote:*   

> @die4me : als du die initramfs als separate datei hattest, hattest du in der grub.conf eine initrd zeile drinnstehen?

 

Jo, das hatte ich. Ich habe mir nun mal ein kleines eigenes initramfs geschrieben. Auch mit gpg und so weiter und so fort. Dort sieht die Struktur ähnlich aus. 

http://pastebin.com/1qCs2Pgi

Das init-Script ist dort klein und murkelig. Aber erst einmal um wieder ohne Livecd zu starten geht das.

```
#!/bin/sh -x

rescue_active=0

parse_cmdl_args() {

        local x

        CMDLINE=`cat /proc/cmdline`

        for param in ${CMDLINE}; do

                case "${param}" in

                        rescue)

                                rescue_active=1

                                ;;

                        ikmap=*)

                                keymap="`echo "${param}" | cut -d'=' -f2`"

                                ;;

                esac

        done

}

load_keymap() {

        if [ -n "${keymap}" ]; then

                if [ -e "/etc/keymaps/${keymap}.bin" ]; then

                        loadkmap < "/etc/keymaps/${keymap}.bin"

                else 

                        die "Error: keymap "${keymap}" does not exist on /etc/keymaps"

                fi

        fi

}

main() {

        export PATH=/bin:/sbin:/usr/bin:/usr/sbin

        umask 0077

        mount -t proc proc /proc -n

        mount -t sysfs sysfs /sys -n

        busybox --install -s

        parse_cmdl_args

        load_keymap

        exec /bin/sh

}

main
```

Dies kann ich auch in den Kernel, bzw beim Grub mit angeben, dort startet er immer hin.

Jedoch mag das große init-Script noch nicht.

Ich habe nun mal insgesamt durch geschaut was für befehle dort benötigt werden und habe diese mal alle zusammen gesucht. Ein teuil war schon mit gnupg kurios. Dieser brauchte (obwohl static) gpg-agent und pinentry. Nachdem ich dort lange probiert habe, hab ich mich dann entschlossen die 1.4.11er Version zu nehmen. Ich geb euch noch mal eine Übersicht.

http://pastebin.com/Wxmgqr3X

An dem langen init-Script hat sich jedoch nichts geändert. Aber ich bekomme ohne Splash und quiet nun einen Kernel-Panic.

 *Quote:*   

> Kernel panic: no init found. Try passing init= option to kernel

 

Bauen tue ich das initramfs mit:

 *Quote:*   

> # mount /boot
> 
> # cd /usr/src/initramfs/
> 
> # find . -print0 | cpio --null -ov --format=newc | gzip -9 > /boot/kernel/initramfs-gentoo-crypt.new
> ...

 

Die Grub sieht wie folgt aus.

 *Quote:*   

> # cat /boot/grub/grub.conf 
> 
> # This is a sample grub.conf for use with Genkernel, per the Gentoo handbook
> 
> # http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=1&chap=10#doc_chap2
> ...

 

Der erste Eintrag ist der wo das kleine init-Script drin ist und welches funktioniert.

----------

## die4me

Hey,

ich habe nun zwischenzeitlich das Problem gelöst. Es lag an dem init-Script. Dort gab es ein Fehler.

Die korrigierte Version stelle ich natürlich gerne zur Verfügung. Gleichzeitig sind noch ein paar kleine Änderungen eingeflossen. Bsp dass der Schlüssel auf einem RAM-Laufwerk ausgelagert werden kann. Somit kann ich dann ein weiteres Laufwerk mit dem gleichen Schlüssel via dm-crypt entschlüsseln. Dazu habe ich auch das dm-crypt-start.sh erweitert. Denn nach dem erfolgreichen entschlüsseln mache ich das RAM-Laufwerk wieder leer. Also, hier das init-Script:

```
#!/bin/sh

# revision of 2011-05-22

#

# WARNING: USE AT YOUR OWN RISK!

#

# Arguments:

#   init script supports the following:

#     init specific: 

#       * iroot=<device|VG_name-LV_name>        root device (required).

#       * imtopt=[<ro,inode64,...>]             mount options args for root e.g. something like: 

#                                               imtopt=barrier,inode64,logdev=/dev/<vg>/loga or imtopt=ro,inode64,barrier

#      * ikmap=<kmap>[:<font>]                  Load kmap and font(optional).

#      * rescue                                 Drops you into a minimal shell

#      * iswap=<type>:<device|vg_name-lv_name>[:swapfile signature]     

#                                               swap device (eg: file:sda2:0x4400).

#      * iresume=<type>:<device|vg_name-lv_name>[:swapfile signature] 

#      * ichkpt=<n>                             Interrupts init and drops to shell.

#      * ikey_root=<mode>:<device>:</path/to/file>  

#      * ikey_swap=<mode>:<device>:</path/to/file>

#      * ikey_resume=<mode>:<device>:</path/to/key/file>

#      * isqfsd=<y|n>,<y|n|a>,<dir 1>:<dir 2>   Mount squashed (squashfs+aufs2) directories, see below for more info.    

#      * ilvm=<vgU-sdaZ:vgX-sdbY:vgX-sdcX>,<vgV-sdaX:vgU-sddX:vgU-sdbX>,<vgW-sdbZ:vgW-sdh>

#

#       NOTE on ilvm args: Actually a PV in a group, respectively root, swap, resume is given by <mapping-sd<xy>, 

#               the mmapping being a mapping for cryptsetup, and sd<xy> being a block device without the `/dev/' prefix.

#

#       == About mount options ==

#       imtopt=<root mount options>

#       Say, you have a rootfs=xfs|jsf|reiser|ext* and want to mount your root specific opts. In case of xfs, for exemple, 

#       just create your log LV on a different PV than what you're logging from. 

#

#       == About key files ==

#       For partitions that are encrypted with a key, you must set 'ikey_root' and/or 'ikey_swap' properly,

#       otherwise you'll be asked for a passphrase as fall back.

#       This information is then used to obtain each key file from the specified removable media. 

#

#       <mode>                          - defines how the init script shall treat the supplied keyfile(see below). 

#       Supported modes:

#       * gpg      -> indicates keyfile is gpg-protected

#       * ldk      -> indicates keyfile is luks encrypted, via loop back device.

#       * reg      -> indicates keyfile is regular file

#       * pwd      -> indicates root is encrypted on regular passphrase, if no argumenti in ikey_root=, fallback will be luks+passwd.

#       * none     -> indicates root will be mounted on unencrypted fs, this argument should be explicitely set.

#       <device>                        - the device that will be assigned to the removable media e.g. sda, sdb or the likes.

#

#       NOTE on '/dev/' prefix: And there's no need to provide the '/dev/' prefix for root|swap|resume. In fact, if you do

#               provide a '/dev/' prefix for any of those init args, processing those args may fail. cryptsetup_exec() check for that, 

#               and if there's not '/dev/' prefix, append it. This was done to limit the length of the init args.

#

#       </path/to/file>                 - full path to file inside the removable media.

#       </path/to/host/dev/key/file>    - fulpathh to the host partition key file inside the the removable device.

#       </path/to/swap|resume/file>     - fulpath to the swap and/or resume file inside the host partition.

#       <vgZYX-sdYX>                    - each device or partition of a given VG is given with <cryptsetup mapping>-<device|partition>. 

#                                       the mapping scheme is up to you, I decided not to use fixed mapping in the script, 

#                                       however you're free to modify the script to do so.

#

#       == About squashed directories or rootfs ==

#       You can use squashfs+aufs2 to 'squash' your root partition or preferably directories like usr/portage, var/lib/layamn, 

#       system related directories like usr lib{32,64} and bin/sbin. The benefit will be a really fast system.

#

#               o isqfsd=n,y,/sqfsdir[,<dir 1>:<dir n>] - here you're using uv_sqfsd but not uv_sqfsdir, so you have to provide a sqfsdir,

#                                                       hence the required sqfsdir.

#               o isqfsd=/sqfsdir,<dir 1>:<dir n>       - you're not using neither uv_sqfsdir nor uv_sqfsd, so you can threw away the n,n.

#               o isqfsd=y,y                            - of course using uv_sqfsd and uv_sqfsdir so no additional argument is riquired. 

#               o isqfsd=y,a,<dir 1>[:<dir n>]          - same as above, however, <dir 1> is  appended to sqfsd.

#

#        The leading '/' slash is only required for [uv_]sqfsdir, else mounting squashed dirs will fail. But it's not for squashed dirs

#        i.e. you provide the value like this: [uv_]sqfsdir=/sqfsd and [uv_]sqfsd=usr:opt:bin:sbin or isqfsd=/sqfsd,usr:opt or the likes.

#

#        == Notes on keys ==

#        o gpg encrypted key-file -->   This mode doesn't work anymore or I can't get it working with gnupg-2.x or 1.4.x. 

#                                       I don't know what is happening but, the gpg fail to even ask for a password to begin with. 

#                                       I leave the very few lines if somebody can get it working. 

#        o ldk encrypted key-file -->   will be passed to cryptsetup as /dev/mapper/<name of your key file> (key-file) after being decrypted

#                                       via a loop back device+LUKS. 

#                                       Now, there's a warning `Warning: exhausting read requested, but key file is not a regular file, 

#                                       function might never return.' that I can't figure out the source after googling. However, decryption

#                                       goes as expected, it seems. No issue atm.

#        o regular key-file       -->   will be passed to cryptsetup as --key-file <file>.

#        o pwd                    -->   now, you can, because it's not a mandatory, you don't even have to put any ikey_root=* 

#                                       argument to be prompted for a password as a fallback, set ikey_root=pwd for... However...

#        o none                   -->   it should be explicitely appended to mount an unencrypted root partition. 

#                                       I added this mode for testing purpose for those, like me, 

#                                       who have a working system before encrypting root with LUKS.

#

#        WARNING: Back up your data! else... you may lost a few of 'em.

# 

#        == Kernel parameters example ==

#        o) Root--no key--unencrypted partion: iroot=sda3 ikey_root=none ikmap=es-cp850_i686.bin    

#        o) Root--key regular passphrase--plus fbsplash: iroot=sda3 ikey_root=pwd vga=0x318 \

#           video=vesafb:mtrr,ywrap splash=verbose,theme:livecd-2006.0 quiet CONSOLE=/dev/tty1

#        o) Root--regular keyfile on usb stick: iroot=sda3 ikey_root=reg:sdb1:/path/to/keyfile

#        o) Root--gpg encrypted key on usb stick: iroot=sda3 ikey_root=gpg:sdb1:/path/to/file

#        o) Swap and root--ldk encrypted keyfiles: iroot=sda3 iswap=swap[|file]:sda2[:sign] \

#           ikey_root=ldk:sdb1:/path/to/rootkey ikey_swap=ldk:sdb1:/path/to/swapkey

#        o) Regular swap--AND TuxOnIce resume on a different partion--regular passphrase: 

#           iswap=swap:sda2 iresume=swap:sda3:0x4400 ikey_swap=pwd ikey_resume=pwd

#        o) Swap file--resuming from hibernation [from swap file]--ldk protected keyfile on usb stick:

#           iswap=file:sda3:0x4400 iresume=toi[or any CHAR or WORD] ikey_swap=ldk:sdb1:/path/to/swapkey

#           

#       NOTE for ldk mode: now I use a single LUKS encrypted file to decrypt root, swapfile and then the host partion. You can use 

#                              multiple LUKS encrypted keyfile if you want to, however, this will take some time. Now LVM2...

#

#        o) Crypted LVs [root,swap] using LVM2--ldk crypted keyfile and--plus mount options for rootfs:

#           iroot=vg0-lv1 iswap=file:vg1-lv0:0x4400 ilvm=vg0a1-sda1:vg0b2-sdb2,vg1c1-sdc1 ikey_root=ldk:sdg1:/path/to/keyfile

#           ikey_swap=ldk:sdg1:/path/to/keyfile imtopt=logdev=/dev/vg1/lv1,inode64,barrier

#

#        == Modules == 

#       If you need to load modules, create the groups you need in /etc/modules/ (inside initramfs / ),

#       each file should be a list of the modules, and each file name denotes the step in the init where

#       they should be loaded.

#       Supported groups:

#                * boot           -  boot time modules loaded but not removed. If you squash some dirs, aufs module is required here.

#                * tuxonice       -  tuxonice module, wich aren't removed if you don't comment in a line.

#                * remdev         -  modules required to access removable device

#                * gpg            -  modules required to access gpg protected file.

#                * sqfsd          -  modules required for squashfs+aufs2, you can still build in squashfs modules in the kernel,

#                                 it's not the same case with aufs2, which aren't removed, although you can comment in a line for that.

#

#       o The modules should exist on /lib/modules/`uname -r`/ , like in your system.

#       o Your kernel has to support module unloading for rmmod to work.

#

# BUGS/KNOWN ISSUES:

#     (b0) fbsplash: when setting the splash mode from silent to verbose,

#                 verbose image is not painted and text is not visible.

#                 WORKAROUND: boot with verbose instead.

#

#     (b1) I don't manage to get gnupg-2.x nor 1.4.x working... I'm not really sure if it's a bug or it's only related to gnupg.

#     (b2) This rather a known issue: DO NOT SQUASH LIB64 with openrc-0.8 and baselayout2. If lib64 is squashed rc will behave... well, 

#           it seems fine, there's nothing wrong apparently, but normal users cannot log in. The thread in forum might be helpful, maybe. 

#           Nobody seems to care anyway.

#

#     (ki0) The length of init arguments should be reduced. With kernel 2.6.38 the length is 512 caracters, with root, swap and resume file

#     250 caharacters or so remains. There's plenty of room.

#     (ki1) The aforementionned warning with loop back encrypted key file.

#     (ki2) When /newroot fails to be mounted, even if manually mounting usr [squashed dir], rc fails to start badly. I don't know what

#     is happening since usr is not available and log are created. It's weird, because: 1st--sqfsdmount init script is effecient at that 

#     and it always worked on unencrypted rootfs, plus, looking at rc.log, I can't believe it fails to mount usr since aufs.ko is available;

#     2nd--manually mounting usr in the limited environement should do the tricks isn't it? it does not. 

#

# ToDo:

#  ? Done. However, if somebody want anything else... feel free to do it of course. And now I added LVM2. Done I'm saying.

#

# Contact:

#   o) Bugs, critics, feedback, improvements --> reikinio at gmail dot com

#   o) Flames                                --> /dev/null

#

# History: (y/m/d)

# ------------------

# 2011.05.20 - by the same ... now +LVM2+mnt opt for rootfs [something like logdev=/dev/<VG>/<LV> works! 

#    actually put this /dev/mapper/<VG-LV> insted as /dev<VGs> are not available in the limited environement]

#    Major update/fix for swap[file]-resume. I did not test for swap dev [PV|LV] so... it should work... as a swap|resume-file.

#    Gave up the idea for an encrypted swapfile, it's a bit complicated since all mounted fs shall be in ro mode. 

# 2011.05.06 - by the same [some]body who... 

#    script clean up [over 30 lines less]; and fix for a major error [line 442-445] and a minor fix.

# 2011.05.05 - by somebody who wanted LUKS+AUFS2+SQUASHFS+ENCRYPTED KEY FILE and... 

#    hibernation to a swap file now and then. It seems, I'm the only one who's interested in...

# 2006.08.24 - Federico Zagarzazu

#    Fix: call splash_setup() if fbsplash args exist   

# 2006.08.06 - Federico Zagarzazu

#    Released.

# 2006.08.06 - Federico Zagarzazu

#    Fixed: /dev/device-mapper /dev/mapper/control issue 

#           otherwise it fails on my amd64 system

# 2006.08.04 - Federico Zagarzazu

#    Bug fixes, several improvements.

#    Test phase finished.

# 2006.06.20 - Federico Zagarzazu

#    Written.

# 

# Thanks to 

# ---------------------------------------------------------------

# o Alon Bar-Lev [http://wiki.tuxonice.net/EncryptedSwapAndRoot]

#         I stole ideas, general structure and entire functions from his init script.

# o nix

# o Andreas Steinmetz [kernel doc: power/swsusp-dmcrypt.txt]

# ---------------------------------------------------------------

# user defined variables

uv_init=/sbin/init                      # init to execute after switching to real root

uv_root_map=root                        # self descriptive

uv_check_env=1                          # test if busybox applets exist 

uv_sqfsdir=/sqfsd                       # squashed source dir related variable

uv_sqfsd=usr:opt:bin:sbin:lib32         # squashed dirs variable

# there's no particular swap mapping setted here, you'll have /dev/mapper/swap[|resume][file] for your swap[file]

# and /dev/mapper/swap[|resume]dev for the hosting partition, you can change 'em in do_swap_work function.

# default values(don't edit)          

gv_splash_silent=0

gv_shell_checkpoint=0

gv_delay=0

# functions

die() {

        local lv_msg="${1}"

        umount -n /mnt/tok 2>/dev/null

        [ ${gv_splash_silent} -eq 1 ] && splash_verbose

        echo "${lv_msg}"

        echo 

        echo "Dropping you into a minimal shell..."

        exec /bin/sh

}

bin_exist() {

        [ -e "/bin/${1}" ] || [ -e "/sbin/${1}" ] || [ -e "/usr/bin/${1}" ] || \

        [ -e "/usr/sbin/${1}" ] || die "Error: ${2} ${1} not found."

}

check_busybox_applets() {

        [ -e "/etc/applets" ] || die "Warning: Cannot check if BusyBox's applets exist(/etc/applets missing)" || \

                for i in `cat /etc/applets`; do bin_exist ${i} "BusyBox applet"; done

}

rmmod_group() {

        local lv_group="${1}" local lv_invert local lv_mod

        [ -f "/etc/modules/${lv_group}" ] && { 

                for mod in `cat "/etc/modules/${lv_group}"`; do

                        invert="${lv_mod} ${lv_invert}"; done

                for mod in ${lv_invert}; do

                        # There are some modules that cannot be unloaded

                        [ "${lv_mod}" != "unix" ] && rmmod "`echo "${lv_mod}" | sed 's/-/_/g'`"; done; }

}

modprobe_group() {

        local lv_group="${1}" local lv_mod

        [ -f "/etc/modules/${lv_group}" ] && { 

                for mod in `cat "/etc/modules/${lv_group}"`; do

                        modprobe "${lv_mod}" > /dev/null 2>&1

                done; }

}

splash_command() {

        local lv_cmd="${1}"

        [ -f /var/run/fbsplashd.pid ] && echo "${lv_cmd}" > /lib64/splash/cache/.splash

}

splash_verbose() {

        chvt 1

}

splash_silent() {

        splash_command "set mode silent"

}

splash_message() {

        local lv_msg="${1}"

        splash_command "set message ${lv_msg}"

        splash_command "repaint"

}

splash_setup() {

        [ ${uv_check_env} ] || bin_exist "fbsplashd.static" "--"

        [ -n "${gv_splash_console}" ] && exec < "${gv_splash_console}" > "${gv_splash_console}" 2>&1

        [ -e /lib64/splash/cache ] || mkdir -p /lib64/splash/cache

        # generate fifo like splash-functions.sh

        rm -f /lib64/splash/cache/.splash

        mkfifo /lib64/splash/cache/.splash

        # splash_utils.static generates a segfault --> fbsplashd.static is right

        [ -f /var/run/fbsplashd.pid ] || fbsplashd.static "--theme=${gv_splash_theme}" --pidfile=/var/run/fbsplashd.pid

}

splash_daemon_stop() {

        [ -f /var/run/fbsplashd.pid ] && {

                local gv_fb_pid="`cat /var/run/fbsplashd.pid`"

                kill ${gv_fb_pid}

                rm -f /var/run/fbsplashd.pid

        }

}

shell_checkpoint() {

        local lv_level=${1}

        [ "${gv_shell_checkpoint}" -eq "${lv_level}" ] && { splash_verbose

                echo "Checkpoint ${lv_level}" 

                exec /bin/sh; }

}

loopdev_setup() {

        lv_ldev="`losetup -f`" || die "Error[L]: no loop dev available, create or append max_loop=<int> to the cmdline."

        losetup ${lv_ldev} ${1} || die "Error[LF]: losetup failed."

        echo ${lv_ldev}

}

do_loopdev_key() {

        local lv_ldev="`loopdev_setup ${1}`"

        gv_ldev="${gv_ldev} ${lv_ldev}"; gv_ldev_key="${gv_ldev_key} ${2}"

        exec_cryptsetup "${lv_ldev}" "${2}" && gv_key_file=/dev/mapper/${2} 

}

get_key() {

        splash_message "Waiting for key-device... Press F2 for verbose mode."

        local lv_mode="${1}" local lv_dev="${2}" 

        gv_filepath="${3}"

        local lv_devname="`echo "${lv_dev}"|tr -d '0-9'`" # for use with /sys/block/ 

        gv_filename="`basename ${gv_filepath}`"

        modprobe_group remdev

        [ -n "`mount|grep /mnt/tok`" ] || { 

        [ -b "/dev/${lv_dev}" ] || { echo "Insert removable device and press Enter."

                        splash_message "No key-device was found... Press F2 for verbose mode."

                        read local lv_d && echo "Please wait a few seconds...."

                        sleep 3

                [ -b "/dev/${lv_dev}" ] || {

                        echo "${lv_dev} does not exist, input a valid dev name e.g. sdb1:"

                        read lv_dev  && echo "Please wait a few seconds...."

                        sleep 3; }

                [ -b "/dev/${lv_dev}" ] || die "Info[KD]: ${lv_dev} does not exist."; }

        mount -n -o ro "/dev/${lv_dev}" /mnt/tok 2>/dev/null || die "Error[KFM]: failed to mount ${lv_dev}."

        echo "Info: remdev mounted."

        }

        [ -f "/mnt/tok/${gv_filepath}" ] || die "Error[F]: ${gv_filepath} does not exist in ${lv_dev}."

        case "${lv_mode}" in

                gpg) 

                        [ "$uv_check_env" -eq 1 ] && bin_exist "gpg" "--"

                        gv_key_file="/mnt/tok/${gv_filepath}"

                        gv_key_gpg=0;;

                reg)

                        gv_key_file="/mnt/tok/${gv_filepath}"

                        gv_key_ldk=1;;

                ldk)

                        [ -e "/dev/mapper/${gv_filename}" ] && gv_key_file=/dev/mapper/${gv_filename} || { 

                                do_loopdev_key "/mnt/tok/${gv_filepath}" "${gv_filename}"; }

                        gv_key_ldk=0;;

                *)

                        die "Error[K]: ${lv_mode} is not valid.";; 

        esac

}

test_key() {

        if [ "${1}" = "ldk" ] || [ "${1}" = "gpg" ] || [ "${1}" = "reg" ]; then

                [ -n "${2}" ] || die "Error: ikey_${4}: device field empty."

                [ -n "${3}" ] || die "Error: ikey_${4}: filepath field empty."

                get_key "${1}" "${2}" "${3}"; fi

}

close_cryptsetup() {

        cryptsetup luksClose ${1} || cryptsetup remove ${1} || die "${2}"

}

exec_cryptsetup() {  # 1 is device, 2 is mapping

        local lv_arg1="create" local lv_arg2="${2}" local lv_arg3="${1}"

        [ `echo ${1}|grep /dev/` ] || lv_arg3="/dev/${1}"

        cryptsetup isLuks "${lv_arg3}" 2>/dev/null && lv_arg1="luksOpen" lv_arg2=${lv_arg3} lv_arg3="${2}"

        [ ${gv_key_gpg} ] && { # Fixup gpg tty requirement

                mv /dev/tty /dev/tty.org && cp -a /dev/console /dev/tty

                        # no -o /dev/null --> you have no input for the password

                        splash_message "Waiting for password... Press F2 for verbose mode."

                        if [ -e ${gv_store_key_dev} ]; then

                                gpg -q -d /mnt/tok/${gv_filepath} 2>/dev/null | \

                                cryptsetup "${lv_arg1}" "${lv_arg2}" "${lv_arg3}" 2>/dev/null

                                [ "$?" ] || die "Error[E0]: failed to decrypt ${1}."

                        else

                                mount "/dev/${gv_store_key_dev}" "/mnt/rd"

                                gpg -q -d /mnt/tok/${gv_filepath} 2>/dev/null | \

                                tee "/mnt/rd/${lv_arg3}.key" | \

                                cryptsetup "${lv_arg1}" "${lv_arg2}" "${lv_arg3}" 2>/dev/null

                                [ "$?" ] || die "Error[E0]: failed to decrypt ${1}."

                                umount "/dev/${gv_store_key_dev}"

                                unset gv_store_key_dev

                        fi

                rm /dev/tty && mv /dev/tty.org /dev/tty

        } || { [ ${gv_key_ldk} ] && { 

                        cryptsetup "${lv_arg1}" "${lv_arg2}" "${lv_arg3}" -d "${gv_key_file}"  >/dev/null

                        [ "$?" ] || [ -e "/dev/mapper/${lv_arg3}" ] || die "Error[E1]: failed to decrypt ${1}."

                } || {  cryptsetup "${lv_arg1}" "${lv_arg2}" "${lv_arg3}" 

                        [ "$?" ] || die "Error[E2]: failed to decrypt ${1}."; }

        }

        gv_key_gpg= gv_key_ldk=

}

do_lvm_work() {

        local lv_vg="`echo ${2}|cut -d'-' -f1`" local lv_lv="`echo ${2}|cut -d'-' -f2`"

        lvchange -ay ${lv_vg}/${lv_lv} >/dev/null || {

        local lv_pv="`echo ${1}|tr ':' ' '`"

        for i in ${lv_pv}; do

                local lv_lvm_map="`echo ${i}|cut -d'-' -f1`" local lv_lvm_dev="`echo ${i}|cut -d'-' -f2`"

                exec_cryptsetup ${lv_lvm_dev} ${lv_lvm_map}; done

        vgchange -ay ${lv_vg} >/dev/null || { 

                for i in ${lv_pv}; do

                local lv_lvm_map="`echo ${i}|cut -d'-' -f1`" && close_cryptsetup "${lv_lvm_map}"; done

                close_cryptsetup "${gv_filename}"

                die "Error[VG]: failed to activate ${3}... encrypted PVs and KF closed."; }

        }

        [ -b "/dev/mapper/${2}" ] && lv_dev="/dev/mapper/${2}" || \

        [ -b "/dev/${lv_vg}/${lv_lv}" ] && lv_dev="/dev/${lv_vg}/${lv_lv}" \

        || die "${3} VG and/or LV ${2} doesn't exist."

        echo ${lv_dev}

}

do_sqfsd_work() {

        [ -n "${sqfsdir}" ] || die "Error: uv_sqfsdir wasn't set and sqfsdir is empty."

        [ -n "${sqfsd}" ] || die "Error: uv_sqfsd wasn't set and sqfsd is empty."

        [ -d /newroot/"${sqfsdir}" ] || die "Error: sqfsdir=${sqfsdir} dir doesn't exist."

        sqfsd="`echo "${sqfsd}"|tr ':' ' '`"

        modprobe_group sqfsd

for s in ${sqfsd}; do

        cd /newroot

        [ -e .${sqfsdir}/${s}.sfs ] || die "${s}.sfs image doesn't exist."

        mkdir -p .${sqfsdir}/${s}/{rw,ro}

        mount -t squashfs .${sqfsdir}/${s}.sfs .${sqfsdir}/${s}/ro -o noatime,nodev,loop,ro 2>/dev/null

        [ "$?" ] || die "Error: failed to mount squashed ${s} image."

        mount -t aufs ${s} ./${s} -o udba=reval,br:.${sqfsdir}/${s}/rw:.${sqfsdir}/${s}/ro 2>/dev/null

        [ "$?" ] || die "Error: failed to mount squashed ${s} aufs branch."

done

        #rmmod_group sqfsd

}

do_root_work() {

        local lv_kmod="`echo ${gv_key_root}|cut -d':' -f1`"

        local lv_kdev="`echo ${gv_key_root}|cut -d':' -f2`"

        local lv_kfpt="`echo ${gv_key_root}|cut -d':' -f3`"

        gv_store_key_dev="`echo ${gv_key_root}|cut -d':' -f4`"

        [ -e ${gv_store_key_dev} ] || {

                mkfs.ext2 "/dev/${gv_store_key_dev}" > /dev/null

        }

        local ${lv_mtopt:=$gv_mtopt} 

        local ${lv_lvm:=`echo "${gv_lvm}"|cut -d',' -s -f1`} 

        [ -n "${lv_mtopt}" ] && local lv_mtopt="-o ${lv_mtopt}"

        [ -n "${gv_root}" ] || die "Error: iroot=* args [dev|VG-LV] are missing."

        [ "${lv_kmod}" != "none" ] && test_key "${lv_kmod}" "${lv_kdev}" "${lv_kfpt}" "root" && local lv_crypt=0

        shell_checkpoint 4

        echo "Partition: root"

        splash_message "Decrypt root..."

        if [ "${lv_crypt}" ]; then 

                if [ -n "${lv_lvm}" ]; then 

                        echo $lv_lvm

                        local lv_dev="`do_lvm_work "${lv_lvm}" "${gv_root}" "root"`"

                        local lv_map="`basename ${lv_dev}`" 

                else    exec_cryptsetup "${gv_root}" "${uv_root_map}" 

                        local lv_dev=/dev/mapper/${uv_root_map} && local lv_map=${gv_root_map}

                fi

                mount ${lv_dev} /newroot ${lv_mtopt} 2>/dev/null

                [ "$?" -eq 0 ] || { close_cryptsetup "${lv_map}"; close_cryptsetup ${gv_filename} 

                        die "Error: mount root failed, dm-crypt mapping closed."; }

        else    echo "mounting unencrypted root"

                mount /dev/${gv_root} /newroot ${lv_mtopt} 2>/dev/null 

                [ "$?" -eq 0 ] || die "Error: mount unencrypted root failed."

        fi

        # squashfs+aufs2 aka squashed dir

        [ -n "${sqfsd}" ] && do_sqfsd_work

        lv_lvm= lv_mtopt= 

        shell_checkpoint 5

}

do_swap_work() {

        local lv_dev="`echo ${2}|cut -d':' -s -f2`" 

        local lv_type="`echo ${2}|cut -d':' -s -f1`"

        local lv_sign="`echo ${2}|cut -d':' -s -f3`"

        local lv_kmod="`echo ${3}|cut -d':' -s -f1`"

        local lv_kdev="`echo ${3}|cut -d':' -s -f2`"

        local lv_kfpt="`echo ${3}|cut -d':' -s -f3`"

        [ -n "${lv_dev}" ] || die "Error: ${1} dev|VG-LV is missing."

        [ -n "${lv_type}" ] || die "Error: ${1}-type [file,swap] is missing."

        [ -n "${lv_sign}" ] && lv_sign=:$lv_sign

        shell_checkpoint 2

        echo "Partition: swap"

        test_key "${lv_kmod}" "${lv_kdev}" "${lv_kfpt}" "${1}"

        [ -n "${lv_lvm}" ] && gv_hdev=${lv_type}:"`do_lvm_work "${lv_lvm}" "${lv_dev}" "${1}"`"${lv_sign} || \

                exec_cryptsetup "${lv_dev}" "${1}" && gv_hdev=${lv_type}:/dev/mapper/${1}${lv_sign}

        lv_lvm=

        shell_checkpoint 3

}

tuxonice_resume() {

        [ ${gv_splash_silent} -eq 1 ] && splash_message "Resuming..."

        splash_daemon_stop

        [ -n "`echo ${gv_resume}|cut -d':' -s -f2`" ] && {

:               local ${lv_lvm:=`echo "${gv_lvm}"|cut -d',' -f2`}        

                do_swap_work "resume"  "${gv_resume}" "${gv_key_resume}"; }

        modprobe_group tuxonice

        echo $gv_hdev > /sys/power/tuxonice/resume

        local lv_img="`cat /sys/power/tuxonice/image_exists | head -n 1`"

        [ ${lv_img} -eq 1 ] || die "Error: no image exist at location pointed by iresume=" || { echo

                echo "WARNING: there is no recognizable signature at location pointed by iresume="

                echo -n "Do you want to proceed(type:yes)? "

                read local lv_answer

                [ "${lv_answer}" != "yes" ] && die "resume aborted by user"; }

        [ -n "${gv_splash_theme}" ] && ln -sf "/etc/splash/${gv_splash_theme}" /etc/splash/tuxonice

        [ -n "`which tuxoniceui_text`" ] && echo `which tuxoniceui_text` >/sys/power/tuxonice/user_interface/program

        [ -z "`cat /sys/power/tuxonice/user_interface/program`" ] && \

                echo `which tuxoniceui_fbsplash` >/sys/power/tuxonice/user_interface/program

        mount -n -o remount,ro / 2>/dev/null 

        echo > /sys/power/tuxonice/do_resume

        mount -n -o remount,rw / 2>/dev/null 

        rmmod_group tuxonice

        die "Error: resume from hibernation failed."

}

do_switch() {

        echo > /proc/sys/kernel/hotplug

        [ "${gv_splash_silent}" -eq 1 ] && {

                splash_silent

                splash_message "Switching / ..."

        }

        echo "Switching / ..."

        sleep 0.1

        splash_daemon_stop

        clear

        /bin/umount -l /proc

        /bin/umount -l /sys

        /bin/umount -l /dev

        shell_checkpoint 6

        exec switch_root /newroot "${uv_init}"

}

print_msg() {

        clear

        echo

        cat /etc/msg 2>/dev/null

        echo

}

do_work() {

        sleep "${gv_delay}s"

        [ -n "${gv_kmap}" ] && [ -e "/etc/keymaps/${gv_kmap}.bin" ] && { 

                loadkmap < "/etc/keymaps/${gv_kmap}.bin" || die "Error: keymap $gv_kmap does not exist on /etc/keymaps"; }

        [ -n "${gv_font}" ] && [ -e "/etc/fonts/${gv_font}.bin" ] && { 

                loadfont < "/etc/fonts/${gv_font}.bin" || die "Error: font $gv_font does not exist on /etc/fonts"; }

#       [ "${gv_splash_silent}" -eq 1 ] && splash_verbose

        print_msg

        shell_checkpoint 1

        modprobe_group gpg

        modprobe_group remdev

        [ -n "${gv_swap}" ] && {

                local ${lv_lvm:=`echo "${gv_lvm}"|cut -d',' -s -f2`}        

                do_swap_work "swap" "${gv_swap}" "${gv_key_swap}"; }

        [ -n "${gv_resume}" ] && tuxonice_resume

        do_root_work

        [ -e ${gv_ldev_key} ] || for lk in "${gv_ldev_key}"; do cryptsetup luksClose $lk; done

        [ -e ${gv_ldev} ] || for ld in "${gv_ldev}"; do losetup -d $ld; done

        rmmod_group gpg

        umount -n -l /mnt/tok

        rmmod_group remdev

        do_switch

}

parse_cmdl_args() {

        local y

        CMDLINE=`cat /proc/cmdline`

        for cmd in $CMDLINE; do

                case "${cmd}" in

                        rescue)

                                gv_shell_checkpoint=1;;

                        isqfsd=*)

                                y="`echo "${cmd}"|cut -b8-`"

                                [ "`echo "${y}"|cut -d',' -f1`" = "y" ] && { 

                                gv_sqfsdir=0 sqfsdir="${uv_sqfsdir}"; } || sqfsdir="`echo "${y}"|cut -d',' -f3`"

                                [ "`echo "${y}"|cut -d',' -f2`" = "y" ] && sqfsd="${uv_sqfsd}"

                                [ "`echo "${y}"|cut -d',' -f2`" = "a" ] && { 

                                        [ ${gv_sqfsdir} ] && sqfsd=${uv_sqfsd}:"`echo "${y}"|cut -d',' -s -f3`" || \

                                        sqfsd=${uv_sqfsd}:"`echo "${y}"|cut -d',' -s -f4`"; }    

                                [ -z "${sqfsdir}" ] && sqfsdir="`echo "${y}"|cut -d',' -s -f1`"

                                [ -z "${sqfsd}" ] && sqfsd="`echo "${y}"|cut -d',' -s -f2`";;

                        iroot=*)

                                gv_root="`echo "${cmd}"|cut -b7-`";;

                        ilvm=*)

                                gv_lvm="`echo "${cmd}"|cut -b6-`";;

                        imtopt=*)

                                gv_mtopt="`echo "${cmd}"|cut -b8-`";;

                        splash=*)

                                gv_splash_theme="`echo "${cmd}"|sed 's/.*theme://'|sed 's/,.*//'`"

                                [ -n "`echo ${cmd}|grep silent`" ] && gv_splash_silent=1;;

                        CONSOLE=*)

                                gv_splash_console="`echo "${cmd}"|cut -b9-`";;

                        iresume=*)

                                gv_resume="`echo "${cmd}"|cut -b9-`";;

                        ikmap=*)

                                gv_kmap="`echo "${cmd}"|cut -b7-|cut -d':' -f1`"

                                gv_font="`echo "${cmd}"|cut -d':' -s -f2`";;

                        ichkpt=*)

                                gv_shell_checkpoint=`echo "${cmd}"|cut -b8-`;;

                        iswap=*)

                                gv_swap="`echo "${cmd}"|cut -b7-`";;

                        ikey_root=*)

                                gv_key_root="`echo "${cmd}"|cut -b11-`";;

                        ikey_swap=*)

                                gv_key_swap="`echo "${cmd}"|cut -b11-`";;

                        ikey_resume=*)

                                gv_key_resume="`echo "${cmd}"|cut -b13`";;

                        idelay=*)

                                gv_delay="`echo "${cmd}"|cut -b8-`"

                 esac

        done

}

main() {

        export PATH=/sbin:/bin:/usr/bin:/usr/sbin

        umask 0077

        mkdir -p /proc && mkdir -p /tmp

        mkdir -p /mnt/tok && mkdir -p /mnt/rd

        mkdir -p /newroot && mkdir -p /var/run

        /bin/mount -t proc proc /proc

        [ $uv_check_env ] || check_busybox_applets

        [ $uv_check_env ] || bin_exist "cryptsetup" "--"

        /bin/mount -t sysfs sysfs /sys

        # to disable kernel messages

        echo 0 > /proc/sys/kernel/printk

        parse_cmdl_args

        modprobe_group boot

        # populate /dev from /sys

        /bin/mount -t tmpfs tmpfs /dev

        /sbin/mdev -s

        # handle hotplug events

        echo /sbin/mdev > /proc/sys/kernel/hotplug

        [ -n "${gv_splash_theme}" ] && splash_setup

        # fix: /dev/device-mapper should be /dev/mapper/control

        # otherwise it fails on my amd64 system(busybox v1.2.1), weird that it works

        # on my laptop(i686, /dev/mapper/control gets created on luksOpen).

        [ -e "/dev/mapper/control" ] || { # see: /proc/misc, /sys/class/misc/device-mapper/dev 

                mkdir -p /dev/mapper && mv /dev/device-mapper /dev/mapper/control

                echo "device-mapper mapper/control issue fixed.." >> /.initlog

        }

        do_work

}

main

```

Meine Verzeichnisstruktur:

 *Quote:*   

> $ ls -lR /usr/src/initramfs/
> 
> /usr/src/initramfs/:
> 
> insgesamt 60
> ...

 

Und der Patch für die dm-crypt-start.sh:

```
$ cat ~/patches/dm-crypt-start.patch 

--- /lib/rcscripts/addons/dm-crypt-start.sh.orig        2011-05-29 23:25:19.080444999 +0200

+++ /lib/rcscripts/addons/dm-crypt-start.sh     2011-05-29 23:25:55.112445002 +0200

@@ -180,6 +180,12 @@

                umount -n ${mntrem} 2>/dev/null >/dev/null

                rmdir ${mntrem} 2>/dev/null >/dev/null

        fi

+

+       if [[ -n ${post_decrypt} ]] ; then

+               ebegin "  Running post_decrypt commands for ${target}"

+               eval "${post_decrypt}" > /dev/null

+       fi

+

        splash svc_input_end ${SVCNAME} >/dev/null 2>&1

 

        if [[ ${ret} != 0 ]] ; then
```

Zu sagen ist noch, dass ich erstens gpg in der Version 1.4 für das initrd nutze. Da es mir nicht möglich war gpg, gpg-agent und pinentry zum laufen zu bringen. Weiterhin habe ich den Autor des init-Scriptes schon kontaktiert und über die Fehler informiert. Jedoch habe ich noch keine Rückmeldung. Meine grub.conf sieht nun wie folgt aus.

 *Quote:*   

> # cat /boot/grub/grub.conf 
> 
> # This is a sample grub.conf for use with Genkernel, per the Gentoo handbook
> 
> # http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=1&chap=10#doc_chap2
> ...

 

----------

