[arch-projects] [mkinitcpio] systemd in initramfs
The Arch testing/systemd package recently added support for systemd in initramfs. This obsoletes the base, usr, udev and timestamp hooks. So, what about the rest? 0) autodetect, block, filesystems, fsck, keyboard and modconf work exactly as before. 1) mdadm: I see no hope for this hook working on systemd, however the mdadm_udev hook works out of the box. 2) lvm2: This is much simpler now. I created the sd-lvm2 hook, find it here: https://paste.xinu.at/3vezU/ - this works great, although it could be simplified a bit if one uses add_systemd_unit and add_udev_rule. 3) encrypt: I created the sd-encrypt hook, you can find it here: https://paste.xinu.at/8xUYPI/. This changes the command line syntax, the new syntax can be found in the manpage for systemd-cryptsetup-generator. However, the syntax is less powerful than before - for that reason, I added /etc/crypttab.initrd as /etc/crypttab to the initrd, which should support almost everything. There were some problems with adding the same crypttab for initrd and the main system, but that may be my stupiditiy - I hope the separate crypttab is something we can get rid of. 4) shutdown: I removed this from initramfs entirely - I now generate the shutdown ramfs on the fly during shutdown instead of generating one in the initrd. I'll post something when I polished it more. 5) consolefont/keymap: I tried by putting systemd-vconsole-setup to initramfs. Since keymaps are now loaded by loadkeys instead of busybox's setkmap, this had a few problems and I couldn't get it to work yet.
Am 17.08.2013 17:08, schrieb Thomas Bächler:
5) consolefont/keymap: I tried by putting systemd-vconsole-setup to initramfs. Since keymaps are now loaded by loadkeys instead of busybox's setkmap, this had a few problems and I couldn't get it to work yet.
Okay, this seems to work: https://paste.xinu.at/HUJk3/ It only supports KEYMAP, KEYMAP_TOGGLE and FONT, the latter untested. I didn't bother to look at FONT_MAP and FONT_UNIMAP whatsoever.
Am 17.08.2013 18:29, schrieb Thomas Bächler:
Am 17.08.2013 17:08, schrieb Thomas Bächler:
5) consolefont/keymap: I tried by putting systemd-vconsole-setup to initramfs. Since keymaps are now loaded by loadkeys instead of busybox's setkmap, this had a few problems and I couldn't get it to work yet.
Okay, this seems to work: https://paste.xinu.at/HUJk3/
It only supports KEYMAP, KEYMAP_TOGGLE and FONT, the latter untested. I didn't bother to look at FONT_MAP and FONT_UNIMAP whatsoever.
New version, Dave had some criticism: https://paste.xinu.at/7uf6/
Am 17.08.2013 19:21, schrieb Thomas Bächler:
Am 17.08.2013 18:29, schrieb Thomas Bächler:
Am 17.08.2013 17:08, schrieb Thomas Bächler:
5) consolefont/keymap: I tried by putting systemd-vconsole-setup to initramfs. Since keymaps are now loaded by loadkeys instead of busybox's setkmap, this had a few problems and I couldn't get it to work yet.
Okay, this seems to work: https://paste.xinu.at/HUJk3/
It only supports KEYMAP, KEYMAP_TOGGLE and FONT, the latter untested. I didn't bother to look at FONT_MAP and FONT_UNIMAP whatsoever.
New version, Dave had some criticism: https://paste.xinu.at/7uf6/
Forgot something else, let's use this: https://paste.xinu.at/OYIAN/
Am 17.08.2013 17:08, schrieb Thomas Bächler:
3) encrypt: I created the sd-encrypt hook, you can find it here: https://paste.xinu.at/8xUYPI/. This changes the command line syntax, the new syntax can be found in the manpage for systemd-cryptsetup-generator. However, the syntax is less powerful than before - for that reason, I added /etc/crypttab.initrd as /etc/crypttab to the initrd, which should support almost everything. There were some problems with adding the same crypttab for initrd and the main system, but that may be my stupiditiy - I hope the separate crypttab is something we can get rid of.
Okay, this one has the wrong help, but otherwise it's what I'm going to use now: https://paste.xinu.at/0PXjlV/ It now adds /etc/crypttab to initramfs. You can make sure that only the necessary devices are activated in initramfs by using the rd.luks.uuid= options on the command line. You can also use rd.luks.uuid= without any crypttab entries, but then you can't set extra options (for me: allow_discards).
Hi Thomas,
Thanks for your work on all this, I was hoping someone would pick this up.
On Sun, Aug 18, 2013 at 12:45 AM, Thomas Bächler
Am 17.08.2013 17:08, schrieb Thomas Bächler:
3) encrypt: I created the sd-encrypt hook, you can find it here: https://paste.xinu.at/8xUYPI/. This changes the command line syntax, the new syntax can be found in the manpage for systemd-cryptsetup-generator. However, the syntax is less powerful than before - for that reason, I added /etc/crypttab.initrd as /etc/crypttab to the initrd, which should support almost everything. There were some problems with adding the same crypttab for initrd and the main system, but that may be my stupiditiy - I hope the separate crypttab is something we can get rid of.
Okay, this one has the wrong help, but otherwise it's what I'm going to use now: https://paste.xinu.at/0PXjlV/
It now adds /etc/crypttab to initramfs. You can make sure that only the necessary devices are activated in initramfs by using the rd.luks.uuid= options on the command line. You can also use rd.luks.uuid= without any crypttab entries, but then you can't set extra options (for me: allow_discards).
We should make it possible to do this without having to put /etc/crypttab in the initramfs. I guess we basically want to mimic what the fstab generator does: 1) allow options to be specified on the kernel commandline and, optionally, 2) allow further options to be read from /sysroot/etc/cryttab once that has been mounted. For the first, we would need to extend the syntax, perhaps to {rd.,}luks.uuid.options= or something like that. The second could obviously not be used for partitions used to mount the rootfs (but only /usr), so maybe not that useful, but I guess it makes sense to be consistent. What do you think? Tom
On Sun, Aug 18, 2013 at 8:48 AM, Tom Gundersen
Hi Thomas,
Thanks for your work on all this, I was hoping someone would pick this up.
On Sun, Aug 18, 2013 at 12:45 AM, Thomas Bächler
wrote: Am 17.08.2013 17:08, schrieb Thomas Bächler:
3) encrypt: I created the sd-encrypt hook, you can find it here: https://paste.xinu.at/8xUYPI/. This changes the command line syntax, the new syntax can be found in the manpage for systemd-cryptsetup-generator. However, the syntax is less powerful than before - for that reason, I added /etc/crypttab.initrd as /etc/crypttab to the initrd, which should support almost everything. There were some problems with adding the same crypttab for initrd and the main system, but that may be my stupiditiy - I hope the separate crypttab is something we can get rid of.
Okay, this one has the wrong help, but otherwise it's what I'm going to use now: https://paste.xinu.at/0PXjlV/
It now adds /etc/crypttab to initramfs. You can make sure that only the necessary devices are activated in initramfs by using the rd.luks.uuid= options on the command line. You can also use rd.luks.uuid= without any crypttab entries, but then you can't set extra options (for me: allow_discards).
We should make it possible to do this without having to put /etc/crypttab in the initramfs.
I guess we basically want to mimic what the fstab generator does: 1) allow options to be specified on the kernel commandline and, optionally, 2) allow further options to be read from /sysroot/etc/cryttab once that has been mounted.
For the first, we would need to extend the syntax, perhaps to {rd.,}luks.uuid.options= or something like that.
Hm, that syntax doesn't make sense. I meant something like "{rd.,}luks.options=${UUID}=${options}".
The second could obviously not be used for partitions used to mount the rootfs (but only /usr), so maybe not that useful, but I guess it makes sense to be consistent.
What do you think?
Tom
On Sun, Aug 18, 2013 at 8:48 AM, Tom Gundersen
Hi Thomas,
Thanks for your work on all this, I was hoping someone would pick this up.
On Sun, Aug 18, 2013 at 12:45 AM, Thomas Bächler
wrote: Am 17.08.2013 17:08, schrieb Thomas Bächler:
3) encrypt: I created the sd-encrypt hook, you can find it here: https://paste.xinu.at/8xUYPI/. This changes the command line syntax, the new syntax can be found in the manpage for systemd-cryptsetup-generator. However, the syntax is less powerful than before - for that reason, I added /etc/crypttab.initrd as /etc/crypttab to the initrd, which should support almost everything. There were some problems with adding the same crypttab for initrd and the main system, but that may be my stupiditiy - I hope the separate crypttab is something we can get rid of.
Okay, this one has the wrong help, but otherwise it's what I'm going to use now: https://paste.xinu.at/0PXjlV/
It now adds /etc/crypttab to initramfs. You can make sure that only the necessary devices are activated in initramfs by using the rd.luks.uuid= options on the command line. You can also use rd.luks.uuid= without any crypttab entries, but then you can't set extra options (for me: allow_discards).
We should make it possible to do this without having to put /etc/crypttab in the initramfs.
What do you think about something like the below (totally untested and
gmail will mess up the linebreaks, but you hopefully get the drift):
commit ff87fedc9b76fc9108eaa9ec1a06c3b0ffac31d4
Author: Tom Gundersen
Am 18.08.2013 10:47, schrieb Tom Gundersen:
What do you think about something like the below (totally untested and gmail will mess up the linebreaks, but you hopefully get the drift):
Looks okay to me, but doesn't seem to work at all.
On Sun, Aug 18, 2013 at 11:08 PM, Thomas Bächler
Am 18.08.2013 10:47, schrieb Tom Gundersen:
What do you think about something like the below (totally untested and gmail will mess up the linebreaks, but you hopefully get the drift):
Looks okay to me, but doesn't seem to work at all.
For anyone else interested, this worked out in the end and the patch was submitted upstream: http://lists.freedesktop.org/archives/systemd-devel/2013-August/012705.html. -t
Am 18.08.2013 02:48, schrieb Tom Gundersen:
On Sun, Aug 18, 2013 at 12:45 AM, Thomas Bächler
wrote: Am 17.08.2013 17:08, schrieb Thomas Bächler:
3) encrypt: I created the sd-encrypt hook, you can find it here: https://paste.xinu.at/8xUYPI/. This changes the command line syntax, the new syntax can be found in the manpage for systemd-cryptsetup-generator. However, the syntax is less powerful than before - for that reason, I added /etc/crypttab.initrd as /etc/crypttab to the initrd, which should support almost everything. There were some problems with adding the same crypttab for initrd and the main system, but that may be my stupiditiy - I hope the separate crypttab is something we can get rid of.
Okay, this one has the wrong help, but otherwise it's what I'm going to use now: https://paste.xinu.at/0PXjlV/
It now adds /etc/crypttab to initramfs. You can make sure that only the necessary devices are activated in initramfs by using the rd.luks.uuid= options on the command line. You can also use rd.luks.uuid= without any crypttab entries, but then you can't set extra options (for me: allow_discards).
We should make it possible to do this without having to put /etc/crypttab in the initramfs.
There's more problems: When using the same crypttab in initrd and system, systemd tries to shut down the volume on shutdown, which leads to a delay of about 2 seconds. Right now, I am running with luks.crypttab=no rd.luks.crypttab=yes to avoid this. So either we need two separate crypttabs or we need to specify all options on the command line.
I guess we basically want to mimic what the fstab generator does: 1) allow options to be specified on the kernel commandline and, optionally, 2) allow further options to be read from /sysroot/etc/cryttab once that has been mounted.
Seems fine to me.
participants (2)
-
Thomas Bächler
-
Tom Gundersen