alpine-initramfs: add ipv6

2024-12-10 16:30:44 +07:00 · 2024-12-10 16:30:44 +07:00 · f292e26333
commit f292e26333
parent 5b47a9c476
12 changed files with 4705 additions and 50 deletions
--- a/alpine-initramfs-dropbear/README.md
+++ b/alpine-initramfs-dropbear/README.md
@ -15,12 +15,27 @@ significant changes:

 * After unlocked, kill all remainings dropbear and nlplug-findfs process, so no struck process reached the system.

+* optional support IPv6 unlock
+
+## Fileinfo:
+
+`alpine-initramfs-base`  : normal alpine initramfs file which the code is based on
+
+`initramfs-dropbear`     : normal dropbear version
+
+`initramfs-dropbear-ipv6`: dropbear with IPv6 support
+
+`*.patch` : patch file version of the code
+
+## Install
+
 Please install `dropbear` before continuing

 1. copy `dropbear/unlock_disk` to `/etc/dropbear/unlock_disk`
    * Also Make sure `/etc/dropbear/unlock_disk` is executable! else dropbear will exit with "failed child"W
 2. copy `authorized_keys` to `/etc/dropbear/authorized_keys`
 3. copy `features.d` to /`etc/mkinitfs/features.d`
+    * If using IPv6 mode, don't forget to also include `features.d` from `alpine-initramfs-ipv6` folder.

 Note: 
 * if you're using Deeplerg/mk-f scripts before don't forget to change `unlock_disk` as i modified that one too.
@ -32,6 +47,8 @@ features="ata base ide scsi usb virtio ext4 cryptsetup keymap dropbear network"
 ```
 * features+= `dropbear` `network`

+* add `ip` if using in ipv6 mode
+
 ### /etc/update-extlinux.conf
 ```
 modules=sd-mod,usb-storage,ext4,ata_piix,virtio_net,e1000e,virtio_pci
@ -39,10 +56,13 @@ modules=sd-mod,usb-storage,ext4,ata_piix,virtio_net,e1000e,virtio_pci
 * if network is not working (/sys/class/net/*/address not found etc.) try adding `e1000e` or `virtio_net` `virtio_pci`

 ```
-default_kernel_opts="cryptroot=UUID=xxx cryptdm=root quiet rootfstype=ext4 dropbear=<dropbear_port> ip=<ip>>"
+default_kernel_opts="cryptroot=UUID=xxx cryptdm=root quiet rootfstype=ext4 dropbear=<dropbear_port> ip=<ip> ip6=<ip6>"
 ```
 * ip= can be both static and dhcp(if supported) `ip=<ip>::<gw>:<mask>::<interface>` `ip=dhcp`

+* ip6= only static is supported `ip6=client-ip/gateway-ip/interface/dns1/dns2`
+
+* `ip` and `ip6` is not compatible with each others! only use one.

 ```
 update-extlinux
@ -50,48 +70,4 @@ update-extlinux

 ```
 mkinitfs -i path/to/initramfs-dropbear <Kernel Version(from /lib/modules) incase in emergency CD>
-```
-
-## Full Diff:
-```diff
-325a326,340
-> setup_dropbear() {
->       local port="${KOPT_dropbear}"
->       local keys=""
-> 
->       # set the unlock_disc script as shell for root
->       sed -i 's|\(root:x:0:0:root:/root:\).*$|\1/etc/dropbear/unlock_disk|' /etc/passwd
->       echo '/etc/dropbear/unlock_disk' > /etc/shells
-> 
->       # transfer authorized_keys
->       mkdir /root/.ssh
->       cp /etc/dropbear/authorized_keys /root/.ssh/authorized_keys
-> 
->       dropbear -R -E -s -j -k -p $port
-> }
-> 
-512a528
->       dropbear
-641c657,665
-< if [ -n "$KOPT_cryptroot" ]; then
---
-> if [ -n "$KOPT_dropbear" ]; then
->       if [ -n "$KOPT_cryptroot" ]; then
->               configure_ip
->               setup_dropbear
->       fi
-> fi
-> 
-> # Add Workaround for dropbear
-> if [ -n "$KOPT_cryptroot" ] && [ ! -b /dev/mapper/"${KOPT_cryptdm}" ]; then
-705a730,733
->       # Kill all struck nlplug-findfs jobs and dropbear
->       killall -9 nlplug-findfs
->       killall -9 dropbear
-> 
-781a810,813
-> 
->       # Kill all struck nlplug-findfs jobs and dropbear
->       killall -9 nlplug-findfs
->       killall -9 dropbear
 ```
--- a/alpine-initramfs-dropbear/alpine-initramfs-base
+++ b/alpine-initramfs-dropbear/alpine-initramfs-base
--- a/alpine-initramfs-dropbear/initramfs-dropbear
+++ b/alpine-initramfs-dropbear/initramfs-dropbear
@ -523,6 +523,7 @@ myopts="BOOTIF
 	tinycloud
 	uevent_buf_size
 	usbdelay
+	usrflags
 	wireguard
 	zfcp
 	dropbear
@ -770,19 +771,26 @@ if [ -n "$KOPT_root" ]; then

 	eend $?

-	if [ -r "$sysroot/etc/fstab" ]; then
+	if [ -r "$sysroot/etc/fstab" ] && [ "$KOPT_usrflags" != "disable" ]; then
 		while read dev mnt fs mntopts chk; do
 			if [ "$mnt" = "/usr" ]; then
 				ebegin "Mounting /usr"
 				$MOCK modprobe -a $fs 2> /dev/null
-				$MOCK mount -t $fs -o $mntopts $dev $sysroot/usr
+				$MOCK nlplug-findfs \
+				      -p /sbin/mdev \
+				      ${KOPT_debug_init:+-d} \
+				      ${KOPT_uevent_buf_size:+-U $KOPT_uevent_buf_size} \
+				      $dev
+				$MOCK mount -t $fs \
+					-o ${KOPT_usrflags:-ro} \
+					$dev $sysroot/usr
 				eend $?
 			fi
 		done < $sysroot/etc/fstab
 	fi

 	cat "$ROOT"/proc/mounts 2>/dev/null | while read DEV DIR TYPE OPTS ; do
-		if [ "$DIR" != "/" -a "$DIR" != "$sysroot" -a -d "$DIR" ]; then
+		if [ "$DIR" != "/" -a "$DIR" != "$sysroot" -a "$DIR" != "$sysroot/usr" -a -d "$DIR" ]; then
 			mkdir -p $sysroot/$DIR
 			$MOCK mount -o move $DIR $sysroot/$DIR
 		fi
@ -807,8 +815,8 @@ $MOCK nlplug-findfs $cryptopts -p /sbin/mdev ${KOPT_debug_init:+-d} \
 	${KOPT_usbdelay:+-t $(( $KOPT_usbdelay * 1000 ))} \
 	${KOPT_uevent_buf_size:+-U $KOPT_uevent_buf_size} \
 	$repoopts -a "$ROOT"/tmp/apkovls
-
-	# Kill all struck nlplug-findfs jobs and dropbear
+	
+    # Kill all struck nlplug-findfs jobs and dropbear
 	killall -9 nlplug-findfs
 	killall -9 dropbear
 eend $?
--- a/alpine-initramfs-dropbear/initramfs-dropbear-ipv6
+++ b/alpine-initramfs-dropbear/initramfs-dropbear-ipv6
--- a/alpine-initramfs-dropbear/initramfs-dropbear-ipv6.patch
+++ b/alpine-initramfs-dropbear/initramfs-dropbear-ipv6.patch
--- a/alpine-initramfs-dropbear/initramfs-dropbear.patch
+++ b/alpine-initramfs-dropbear/initramfs-dropbear.patch
@ -0,0 +1,40 @@
+325a326,340
+> setup_dropbear() {
+> 	local port="${KOPT_dropbear}"
+> 	local keys=""
+> 
+> 	# set the unlock_disc script as shell for root
+> 	sed -i 's|\(root:x:0:0:root:/root:\).*$|\1/etc/dropbear/unlock_disk|' /etc/passwd
+> 	echo '/etc/dropbear/unlock_disk' > /etc/shells
+> 
+> 	# transfer authorized_keys
+> 	mkdir /root/.ssh
+> 	cp /etc/dropbear/authorized_keys /root/.ssh/authorized_keys
+> 
+> 	dropbear -R -E -s -j -k -p $port
+> }
+> 
+513a529
+> 	dropbear
+642c658,666
+< if [ -n "$KOPT_cryptroot" ]; then
+---
+> if [ -n "$KOPT_dropbear" ]; then
+>  	if [ -n "$KOPT_cryptroot" ]; then
+> 		configure_ip
+>  		setup_dropbear
+>  	fi
+> fi
+> 
+> # Add Workaround for dropbear
+> if [ -n "$KOPT_cryptroot" ] && [ ! -b /dev/mapper/"${KOPT_cryptdm}" ]; then
+706a731,734
+> 	# Kill all struck nlplug-findfs jobs and dropbear
+> 	killall -9 nlplug-findfs
+> 	killall -9 dropbear
+> 
+789a818,821
+> 	
+>     # Kill all struck nlplug-findfs jobs and dropbear
+> 	killall -9 nlplug-findfs
+> 	killall -9 dropbear
--- a/alpine-initramfs-ipv6/README.md
+++ b/alpine-initramfs-ipv6/README.md
@ -0,0 +1,9 @@
+# alpine-initramfs-ipv6
+
+ipv6 on alpinelinux initramfs
+
+# /etc/mkinitfs/mkinitfs.conf
+```
+features+= ip
+```
+copy `features.d` `/etc/mkinitfs/features.d`
--- a/alpine-initramfs-ipv6/alpine-initramfs-base
+++ b/alpine-initramfs-ipv6/alpine-initramfs-base
--- a/alpine-initramfs-ipv6/alpine-initramfs-ipv6
+++ b/alpine-initramfs-ipv6/alpine-initramfs-ipv6
--- a/alpine-initramfs-ipv6/alpine-initramfs-ipv6.patch
+++ b/alpine-initramfs-ipv6/alpine-initramfs-ipv6.patch
@ -0,0 +1,79 @@
+271a272,347
+> # configure ipv6 on initramfs
+> # Valid syntaxes:
+> #   ip6=client-ip/gateway-ip/interface/dns1/dns2
+> #
+> configure_ip6() {
+> 	[ -n "$MAC_ADDRESS" ] && return
+> 
+> 	$MOCK modprobe -a ipv6
+> 
+> 	local IFS='/'
+> 	# shellcheck disable=SC2086
+> 	set -- ${KOPT_ip6}
+> 	unset IFS
+> 
+> 	local client6_ip="$1"
+> 	local gw6_ip="$2"
+> 	local iface="$3"
+>     local dns1="$4"
+>     local dns2="$5"
+> 
+> 	if [ -e "$ROOT"/etc/mactab ]; then
+> 		$MOCK nameif -s
+> 	fi
+> 
+> 	if [ -z "$iface" ] && [ -n "$KOPT_BOOTIF" ]; then
+> 		mac=$(printf "%s\n" "$KOPT_BOOTIF"|sed 's/^01-//;s/-/:/g')
+> 		iface=$(grep -l "$mac" "$ROOT"/sys/class/net/*/address | awk -F/ '{print $(NF-1); exit}')
+> 	fi
+> 
+> 	# Bring interface up
+> 	if [ -n "$iface" ]; then
+> 		$MOCK ip link set dev "$iface" up
+> 		sleep 3 # wait for interface to fully up.
+> 	fi
+> 
+> 	if [ -z "$iface" ]; then
+> 		# shellcheck disable=SC2046
+> 		set -- $(ethernets)
+> 		for i in "$@"; do
+> 			$MOCK ip link set dev "$i" up
+> 		done
+> 		iface=$(find_first_interface_up "$@") || iface="$1"
+> 
+> 		# we will use the found interface later so lets keep it up
+> 		for i in "$@"; do
+> 			if [ "$i" != "$iface" ]; then
+> 				$MOCK ip link set dev "$i" down
+> 			fi
+> 		done
+> 	fi
+> 	
+> 	if [ -z "$iface" ]; then
+> 		echo "ERROR: IP requested but no network interface was found"
+> 		return 1
+> 	fi
+> 
+> 	if [ -z "$client6_ip" ] && [ -z "$netmask" ]; then
+> 		return
+> 	fi
+> 	ebegin "Setting IP ($iface)"
+> 
+> 	if ip -6 addr add $client6_ip dev $iface; then
+> 		# this is definitely not required by all ipv6 implementation
+> 		# but it's better to keep working imo for.
+> 		[ -z "$gw6_ip" ] || ip route add "$client6_ip" via "$gw6_ip" dev "$iface"
+> 	fi
+> 	eend $?
+> 
+> 	# Never executes if variables are empty
+> 	for i in $dns1 $dns2; do
+> 		echo "nameserver $i" >> /etc/resolv.conf
+> 	done
+> 
+> 	MAC_ADDRESS=$(cat "$ROOT/sys/class/net/$iface/address")
+> }
+> 
+513a590
+>     ip6
--- a/alpine-initramfs-ipv6/features.d/ip.files
+++ b/alpine-initramfs-ipv6/features.d/ip.files
@ -0,0 +1 @@
+/sbin/ip
--- a/alpine-initramfs-ipv6/features.d/ip.modules
+++ b/alpine-initramfs-ipv6/features.d/ip.modules
@ -0,0 +1,2 @@
+kernel/net/ipv4
+kernel/net/ipv6