From 31d486e6e0e40193a02e28dc2867d5a2cb324e00 Mon Sep 17 00:00:00 2001 From: "A. Wilcox" Date: Sat, 25 Aug 2018 22:10:19 +0000 Subject: user/dracut: fix /run mounting, add -crypt subpackage --- user/dracut/APKBUILD | 15 ++++++++++++--- user/dracut/mount-run-without-noexec.patch | 17 +++++++++++++++++ 2 files changed, 29 insertions(+), 3 deletions(-) create mode 100644 user/dracut/mount-run-without-noexec.patch (limited to 'user/dracut') diff --git a/user/dracut/APKBUILD b/user/dracut/APKBUILD index d06f9dd6a..40b26d94f 100644 --- a/user/dracut/APKBUILD +++ b/user/dracut/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: A. Wilcox pkgname=dracut pkgver=048 -pkgrel=0 +pkgrel=1 pkgdesc="Event-driven initramfs infrastructure" url="https://dracut.wiki.kernel.org/" arch="all" @@ -10,9 +10,11 @@ options="!check" # Test suite is for kernel developers only, requires ext3 root license="GPL-2.0+" depends="libarchive-tools musl-utils xz" makedepends="fts-dev kmod-dev" -subpackages="$pkgname-doc $pkgname-bash-completion:bashcomp:noarch $pkgname-lvm::noarch" +subpackages="$pkgname-doc $pkgname-bash-completion:bashcomp:noarch + $pkgname-crypt::noarch $pkgname-lvm::noarch" source="https://www.kernel.org/pub/linux/utils/boot/$pkgname/$pkgname-$pkgver.tar.xz header-fix.patch + mount-run-without-noexec.patch " build() { @@ -50,6 +52,12 @@ bashcomp() { "$subpkgdir"/usr/share } +crypt() { + deepnds="cryptsetup device-mapper dracut" + pkgdesc="$pkgname - LUKS / disk encryption support (crypt) module" + mkdir -p "$subpkgdir" +} + lvm() { depends="device-mapper dracut lvm2" pkgdesc="$pkgname - LVM2 module" @@ -57,4 +65,5 @@ lvm() { } sha512sums="97fcfd5d314ef40687c245d95d2f1d0f3f9ff0472e66b6e6324bf9bd6b98186104f9d71fd9af344126d6ea9fa47b744d52831a374225633225f6f17fb15c04e0 dracut-048.tar.xz -988f03a3fd2e7ee62409d3c57e8029403513dcec5efb37e64633d989728e4c7b619ce5b8775a04c5a0b654f7f093777d94fe6e4098a99a690c353a94f537e24c header-fix.patch" +988f03a3fd2e7ee62409d3c57e8029403513dcec5efb37e64633d989728e4c7b619ce5b8775a04c5a0b654f7f093777d94fe6e4098a99a690c353a94f537e24c header-fix.patch +d7aa2b35def975ec2a9620d3e8c94da5fad5be51e81ac913b9f3497b3ca62beefb9d4cf8e4ba3b292f89b936373486d0e3184f65eb1eaed972f38d17424a32b1 mount-run-without-noexec.patch" diff --git a/user/dracut/mount-run-without-noexec.patch b/user/dracut/mount-run-without-noexec.patch new file mode 100644 index 000000000..2bb9f2ad4 --- /dev/null +++ b/user/dracut/mount-run-without-noexec.patch @@ -0,0 +1,17 @@ +--- dracut-048/modules.d/99base/init.sh.old 2018-07-06 08:37:51.000000000 +0000 ++++ dracut-048/modules.d/99base/init.sh 2018-08-25 21:55:39.830000000 +0000 +@@ -64,12 +64,8 @@ + + if ! ismounted /run; then + mkdir -m 0755 /newrun +- if ! str_starts "$(readlink -f /bin/sh)" "/run/"; then +- mount -t tmpfs -o mode=0755,noexec,nosuid,nodev,strictatime tmpfs /newrun >/dev/null +- else +- # the initramfs binaries are located in /run, so don't mount it with noexec +- mount -t tmpfs -o mode=0755,nosuid,nodev,strictatime tmpfs /newrun >/dev/null +- fi ++ # s6 runscripts live in /run, so don't mount it with noexec ++ mount -t tmpfs -o mode=0755,nosuid,nodev,strictatime tmpfs /newrun >/dev/null + cp -a /run/* /newrun >/dev/null 2>&1 + mount --move /newrun /run + rm -fr -- /newrun -- cgit v1.2.3-60-g2f50