1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
|
From 64be7028a529d940f81fda31a8e1dfa2281e4989 Mon Sep 17 00:00:00 2001
From: "Tuan M. Hoang" <tmhoang@flatglobe.org>
Date: Mon, 21 May 2018 11:54:44 +0000
Subject: [PATCH 3/3] initramfs-init: add support for ssh installer
This commit allows starting 'firstboot' service (see aports/openrc),
which will setup installation through SSH if specified in kernel
parameters.
Real wget is used instead since busybox's wget is broken without
openssl binary #8917. Credits to clandmeter.
- Allow adding DNS server in configure_ip()
- Prefix kernel parameters with KOPT_
---
initramfs-init.in | 37 ++++++++++++++++++++++++++++++++-----
1 file changed, 32 insertions(+), 5 deletions(-)
diff --git a/initramfs-init.in b/initramfs-init.in
index 933c8c1..f33f010 100755
--- a/initramfs-init.in
+++ b/initramfs-init.in
@@ -183,6 +183,8 @@ configure_ip() {
local netmask="$4"
local device="$6"
local autoconf="$7"
+ local dns1="$8"
+ local dns2="$9"
case "$client_ip" in
off|none|'') return;;
dhcp) autoconf="dhcp";;
@@ -209,6 +211,8 @@ configure_ip() {
ebegin "Setting IP ($device)..."
ip_set "$device" "$client_ip" "$netmask" "$gw_ip"
eend $?
+ [ -n "$dns1" ] && echo "nameserver $dns1" >> /etc/resolv.conf
+ [ -n "$dns2" ] && echo "nameserver $dns2" >> /etc/resolv.conf
fi
MAC_ADDRESS=$(cat /sys/class/net/$device/address)
}
@@ -262,6 +266,19 @@ setup_nbd() {
[ "$n" != 0 ] || return 1
}
+# possible cmdline options which could have secure urls.
+# this does not include apkovl as it need to be fetched inside of initramfs
+need_wget() {
+ local opt= ret=1
+ for opt in modloop ssh_key; do
+ eval "opt=\$KOPT_$opt"
+ case "$opt" in
+ https://*|ftps://*) ret=0;;
+ esac
+ done
+ return $ret
+}
+
# read the kernel options. we need surve things like:
# acpi_osi="!Windows 2006" xen-pciback.hide=(01:00.0)
set -- $(cat /proc/cmdline)
@@ -269,7 +286,7 @@ set -- $(cat /proc/cmdline)
myopts="alpine_dev autodetect autoraid chart cryptroot cryptdm cryptheader cryptoffset
cryptdiscards debug_init dma init_args keep_apk_new modules ovl_dev pkgs quiet
root_size root usbdelay ip alpine_repo apkovl alpine_start splash blacklist
- overlaytmpfs rootfstype rootflags nbd resume s390x_net dasd"
+ overlaytmpfs rootfstype rootflags nbd resume s390x_net dasd ssh_key ssh_pass"
for opt; do
case "$opt" in
@@ -345,20 +362,20 @@ mount -t devpts -o gid=5,mode=0620,noexec,nosuid devpts /dev/pts
[ -d /dev/shm ] || mkdir /dev/shm
mount -t tmpfs -o nodev,nosuid,noexec shm /dev/shm
-if [ -n "$dasd" ]; then
+if [ -n "$KOPT_dasd" ]; then
for mod in dasd_mod dasd_eckd_mod dasd_fba_mod; do
modprobe $mod
done
- for _dasd in $(echo "$dasd" | tr ',' ' ' ); do
+ for _dasd in $(echo "$KOPT_dasd" | tr ',' ' ' ); do
echo 1 > /sys/bus/ccw/devices/"${_dasd%%:*}"/online
done
fi
-if [ "${s390x_net%%,*}" = "qeth_l2" ]; then
+if [ "${KOPT_s390x_net%%,*}" = "qeth_l2" ]; then
for mod in qeth qeth_l2 qeth_l3; do
modprobe $mod
done
- _channel="${s390x_net#*,}"
+ _channel="${KOPT_s390x_net#*,}"
echo "$_channel" > /sys/bus/ccwgroup/drivers/qeth/group
echo 1 > /sys/bus/ccwgroup/drivers/qeth/"${_channel%%,*}"/layer2
echo 1 > /sys/bus/ccwgroup/drivers/qeth/"${_channel%%,*}"/online
@@ -540,6 +557,8 @@ if [ -f "$sysroot/etc/.default_boot_services" -o ! -f "$ovl" ]; then
rc_add killprocs shutdown
rc_add savecache shutdown
+ rc_add firstboot default
+
rm -f "$sysroot/etc/.default_boot_services"
fi
@@ -622,6 +641,14 @@ if [ "$KOPT_chart" = yes ]; then
pkgs="$pkgs acct"
fi
+# add openssh
+if [ -n "$KOPT_ssh_key" ] || [ -n "$KOPT_ssh_pass" ]; then
+ pkgs="$pkgs openssh"
+fi
+
+# add wget if using secure urls in cmdline
+need_wget && pkgs="$pkgs wget"
+
apkflags="--initramfs-diskless-boot --progress"
if [ -z "$ALPINE_REPO" ]; then
apkflags="$apkflags --no-network"
--
2.17.0
|
