alpine-initramfs: add ipv6
This commit is contained in:
parent
5b47a9c476
commit
f292e26333
@ -15,12 +15,27 @@ significant changes:
|
|||||||
|
|
||||||
* After unlocked, kill all remainings dropbear and nlplug-findfs process, so no struck process reached the system.
|
* After unlocked, kill all remainings dropbear and nlplug-findfs process, so no struck process reached the system.
|
||||||
|
|
||||||
|
* optional support IPv6 unlock
|
||||||
|
|
||||||
|
## Fileinfo:
|
||||||
|
|
||||||
|
`alpine-initramfs-base` : normal alpine initramfs file which the code is based on
|
||||||
|
|
||||||
|
`initramfs-dropbear` : normal dropbear version
|
||||||
|
|
||||||
|
`initramfs-dropbear-ipv6`: dropbear with IPv6 support
|
||||||
|
|
||||||
|
`*.patch` : patch file version of the code
|
||||||
|
|
||||||
|
## Install
|
||||||
|
|
||||||
Please install `dropbear` before continuing
|
Please install `dropbear` before continuing
|
||||||
|
|
||||||
1. copy `dropbear/unlock_disk` to `/etc/dropbear/unlock_disk`
|
1. copy `dropbear/unlock_disk` to `/etc/dropbear/unlock_disk`
|
||||||
* Also Make sure `/etc/dropbear/unlock_disk` is executable! else dropbear will exit with "failed child"W
|
* Also Make sure `/etc/dropbear/unlock_disk` is executable! else dropbear will exit with "failed child"W
|
||||||
2. copy `authorized_keys` to `/etc/dropbear/authorized_keys`
|
2. copy `authorized_keys` to `/etc/dropbear/authorized_keys`
|
||||||
3. copy `features.d` to /`etc/mkinitfs/features.d`
|
3. copy `features.d` to /`etc/mkinitfs/features.d`
|
||||||
|
* If using IPv6 mode, don't forget to also include `features.d` from `alpine-initramfs-ipv6` folder.
|
||||||
|
|
||||||
Note:
|
Note:
|
||||||
* if you're using Deeplerg/mk-f scripts before don't forget to change `unlock_disk` as i modified that one too.
|
* if you're using Deeplerg/mk-f scripts before don't forget to change `unlock_disk` as i modified that one too.
|
||||||
@ -32,6 +47,8 @@ features="ata base ide scsi usb virtio ext4 cryptsetup keymap dropbear network"
|
|||||||
```
|
```
|
||||||
* features+= `dropbear` `network`
|
* features+= `dropbear` `network`
|
||||||
|
|
||||||
|
* add `ip` if using in ipv6 mode
|
||||||
|
|
||||||
### /etc/update-extlinux.conf
|
### /etc/update-extlinux.conf
|
||||||
```
|
```
|
||||||
modules=sd-mod,usb-storage,ext4,ata_piix,virtio_net,e1000e,virtio_pci
|
modules=sd-mod,usb-storage,ext4,ata_piix,virtio_net,e1000e,virtio_pci
|
||||||
@ -39,10 +56,13 @@ modules=sd-mod,usb-storage,ext4,ata_piix,virtio_net,e1000e,virtio_pci
|
|||||||
* if network is not working (/sys/class/net/*/address not found etc.) try adding `e1000e` or `virtio_net` `virtio_pci`
|
* if network is not working (/sys/class/net/*/address not found etc.) try adding `e1000e` or `virtio_net` `virtio_pci`
|
||||||
|
|
||||||
```
|
```
|
||||||
default_kernel_opts="cryptroot=UUID=xxx cryptdm=root quiet rootfstype=ext4 dropbear=<dropbear_port> ip=<ip>>"
|
default_kernel_opts="cryptroot=UUID=xxx cryptdm=root quiet rootfstype=ext4 dropbear=<dropbear_port> ip=<ip> ip6=<ip6>"
|
||||||
```
|
```
|
||||||
* ip= can be both static and dhcp(if supported) `ip=<ip>::<gw>:<mask>::<interface>` `ip=dhcp`
|
* ip= can be both static and dhcp(if supported) `ip=<ip>::<gw>:<mask>::<interface>` `ip=dhcp`
|
||||||
|
|
||||||
|
* ip6= only static is supported `ip6=client-ip/gateway-ip/interface/dns1/dns2`
|
||||||
|
|
||||||
|
* `ip` and `ip6` is not compatible with each others! only use one.
|
||||||
|
|
||||||
```
|
```
|
||||||
update-extlinux
|
update-extlinux
|
||||||
@ -51,47 +71,3 @@ update-extlinux
|
|||||||
```
|
```
|
||||||
mkinitfs -i path/to/initramfs-dropbear <Kernel Version(from /lib/modules) incase in emergency CD>
|
mkinitfs -i path/to/initramfs-dropbear <Kernel Version(from /lib/modules) incase in emergency CD>
|
||||||
```
|
```
|
||||||
|
|
||||||
## Full Diff:
|
|
||||||
```diff
|
|
||||||
325a326,340
|
|
||||||
> setup_dropbear() {
|
|
||||||
> local port="${KOPT_dropbear}"
|
|
||||||
> local keys=""
|
|
||||||
>
|
|
||||||
> # set the unlock_disc script as shell for root
|
|
||||||
> sed -i 's|\(root:x:0:0:root:/root:\).*$|\1/etc/dropbear/unlock_disk|' /etc/passwd
|
|
||||||
> echo '/etc/dropbear/unlock_disk' > /etc/shells
|
|
||||||
>
|
|
||||||
> # transfer authorized_keys
|
|
||||||
> mkdir /root/.ssh
|
|
||||||
> cp /etc/dropbear/authorized_keys /root/.ssh/authorized_keys
|
|
||||||
>
|
|
||||||
> dropbear -R -E -s -j -k -p $port
|
|
||||||
> }
|
|
||||||
>
|
|
||||||
512a528
|
|
||||||
> dropbear
|
|
||||||
641c657,665
|
|
||||||
< if [ -n "$KOPT_cryptroot" ]; then
|
|
||||||
---
|
|
||||||
> if [ -n "$KOPT_dropbear" ]; then
|
|
||||||
> if [ -n "$KOPT_cryptroot" ]; then
|
|
||||||
> configure_ip
|
|
||||||
> setup_dropbear
|
|
||||||
> fi
|
|
||||||
> fi
|
|
||||||
>
|
|
||||||
> # Add Workaround for dropbear
|
|
||||||
> if [ -n "$KOPT_cryptroot" ] && [ ! -b /dev/mapper/"${KOPT_cryptdm}" ]; then
|
|
||||||
705a730,733
|
|
||||||
> # Kill all struck nlplug-findfs jobs and dropbear
|
|
||||||
> killall -9 nlplug-findfs
|
|
||||||
> killall -9 dropbear
|
|
||||||
>
|
|
||||||
781a810,813
|
|
||||||
>
|
|
||||||
> # Kill all struck nlplug-findfs jobs and dropbear
|
|
||||||
> killall -9 nlplug-findfs
|
|
||||||
> killall -9 dropbear
|
|
||||||
```
|
|
1059
alpine-initramfs-dropbear/alpine-initramfs-base
Normal file
1059
alpine-initramfs-dropbear/alpine-initramfs-base
Normal file
File diff suppressed because it is too large
Load Diff
@ -523,6 +523,7 @@ myopts="BOOTIF
|
|||||||
tinycloud
|
tinycloud
|
||||||
uevent_buf_size
|
uevent_buf_size
|
||||||
usbdelay
|
usbdelay
|
||||||
|
usrflags
|
||||||
wireguard
|
wireguard
|
||||||
zfcp
|
zfcp
|
||||||
dropbear
|
dropbear
|
||||||
@ -770,19 +771,26 @@ if [ -n "$KOPT_root" ]; then
|
|||||||
|
|
||||||
eend $?
|
eend $?
|
||||||
|
|
||||||
if [ -r "$sysroot/etc/fstab" ]; then
|
if [ -r "$sysroot/etc/fstab" ] && [ "$KOPT_usrflags" != "disable" ]; then
|
||||||
while read dev mnt fs mntopts chk; do
|
while read dev mnt fs mntopts chk; do
|
||||||
if [ "$mnt" = "/usr" ]; then
|
if [ "$mnt" = "/usr" ]; then
|
||||||
ebegin "Mounting /usr"
|
ebegin "Mounting /usr"
|
||||||
$MOCK modprobe -a $fs 2> /dev/null
|
$MOCK modprobe -a $fs 2> /dev/null
|
||||||
$MOCK mount -t $fs -o $mntopts $dev $sysroot/usr
|
$MOCK nlplug-findfs \
|
||||||
|
-p /sbin/mdev \
|
||||||
|
${KOPT_debug_init:+-d} \
|
||||||
|
${KOPT_uevent_buf_size:+-U $KOPT_uevent_buf_size} \
|
||||||
|
$dev
|
||||||
|
$MOCK mount -t $fs \
|
||||||
|
-o ${KOPT_usrflags:-ro} \
|
||||||
|
$dev $sysroot/usr
|
||||||
eend $?
|
eend $?
|
||||||
fi
|
fi
|
||||||
done < $sysroot/etc/fstab
|
done < $sysroot/etc/fstab
|
||||||
fi
|
fi
|
||||||
|
|
||||||
cat "$ROOT"/proc/mounts 2>/dev/null | while read DEV DIR TYPE OPTS ; do
|
cat "$ROOT"/proc/mounts 2>/dev/null | while read DEV DIR TYPE OPTS ; do
|
||||||
if [ "$DIR" != "/" -a "$DIR" != "$sysroot" -a -d "$DIR" ]; then
|
if [ "$DIR" != "/" -a "$DIR" != "$sysroot" -a "$DIR" != "$sysroot/usr" -a -d "$DIR" ]; then
|
||||||
mkdir -p $sysroot/$DIR
|
mkdir -p $sysroot/$DIR
|
||||||
$MOCK mount -o move $DIR $sysroot/$DIR
|
$MOCK mount -o move $DIR $sysroot/$DIR
|
||||||
fi
|
fi
|
||||||
@ -808,7 +816,7 @@ $MOCK nlplug-findfs $cryptopts -p /sbin/mdev ${KOPT_debug_init:+-d} \
|
|||||||
${KOPT_uevent_buf_size:+-U $KOPT_uevent_buf_size} \
|
${KOPT_uevent_buf_size:+-U $KOPT_uevent_buf_size} \
|
||||||
$repoopts -a "$ROOT"/tmp/apkovls
|
$repoopts -a "$ROOT"/tmp/apkovls
|
||||||
|
|
||||||
# Kill all struck nlplug-findfs jobs and dropbear
|
# Kill all struck nlplug-findfs jobs and dropbear
|
||||||
killall -9 nlplug-findfs
|
killall -9 nlplug-findfs
|
||||||
killall -9 dropbear
|
killall -9 dropbear
|
||||||
eend $?
|
eend $?
|
||||||
|
1168
alpine-initramfs-dropbear/initramfs-dropbear-ipv6
Normal file
1168
alpine-initramfs-dropbear/initramfs-dropbear-ipv6
Normal file
File diff suppressed because it is too large
Load Diff
118
alpine-initramfs-dropbear/initramfs-dropbear-ipv6.patch
Normal file
118
alpine-initramfs-dropbear/initramfs-dropbear-ipv6.patch
Normal file
File diff suppressed because it is too large
Load Diff
40
alpine-initramfs-dropbear/initramfs-dropbear.patch
Normal file
40
alpine-initramfs-dropbear/initramfs-dropbear.patch
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
325a326,340
|
||||||
|
> setup_dropbear() {
|
||||||
|
> local port="${KOPT_dropbear}"
|
||||||
|
> local keys=""
|
||||||
|
>
|
||||||
|
> # set the unlock_disc script as shell for root
|
||||||
|
> sed -i 's|\(root:x:0:0:root:/root:\).*$|\1/etc/dropbear/unlock_disk|' /etc/passwd
|
||||||
|
> echo '/etc/dropbear/unlock_disk' > /etc/shells
|
||||||
|
>
|
||||||
|
> # transfer authorized_keys
|
||||||
|
> mkdir /root/.ssh
|
||||||
|
> cp /etc/dropbear/authorized_keys /root/.ssh/authorized_keys
|
||||||
|
>
|
||||||
|
> dropbear -R -E -s -j -k -p $port
|
||||||
|
> }
|
||||||
|
>
|
||||||
|
513a529
|
||||||
|
> dropbear
|
||||||
|
642c658,666
|
||||||
|
< if [ -n "$KOPT_cryptroot" ]; then
|
||||||
|
---
|
||||||
|
> if [ -n "$KOPT_dropbear" ]; then
|
||||||
|
> if [ -n "$KOPT_cryptroot" ]; then
|
||||||
|
> configure_ip
|
||||||
|
> setup_dropbear
|
||||||
|
> fi
|
||||||
|
> fi
|
||||||
|
>
|
||||||
|
> # Add Workaround for dropbear
|
||||||
|
> if [ -n "$KOPT_cryptroot" ] && [ ! -b /dev/mapper/"${KOPT_cryptdm}" ]; then
|
||||||
|
706a731,734
|
||||||
|
> # Kill all struck nlplug-findfs jobs and dropbear
|
||||||
|
> killall -9 nlplug-findfs
|
||||||
|
> killall -9 dropbear
|
||||||
|
>
|
||||||
|
789a818,821
|
||||||
|
>
|
||||||
|
> # Kill all struck nlplug-findfs jobs and dropbear
|
||||||
|
> killall -9 nlplug-findfs
|
||||||
|
> killall -9 dropbear
|
9
alpine-initramfs-ipv6/README.md
Normal file
9
alpine-initramfs-ipv6/README.md
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
# alpine-initramfs-ipv6
|
||||||
|
|
||||||
|
ipv6 on alpinelinux initramfs
|
||||||
|
|
||||||
|
# /etc/mkinitfs/mkinitfs.conf
|
||||||
|
```
|
||||||
|
features+= ip
|
||||||
|
```
|
||||||
|
copy `features.d` `/etc/mkinitfs/features.d`
|
1059
alpine-initramfs-ipv6/alpine-initramfs-base
Normal file
1059
alpine-initramfs-ipv6/alpine-initramfs-base
Normal file
File diff suppressed because it is too large
Load Diff
1136
alpine-initramfs-ipv6/alpine-initramfs-ipv6
Normal file
1136
alpine-initramfs-ipv6/alpine-initramfs-ipv6
Normal file
File diff suppressed because it is too large
Load Diff
79
alpine-initramfs-ipv6/alpine-initramfs-ipv6.patch
Normal file
79
alpine-initramfs-ipv6/alpine-initramfs-ipv6.patch
Normal file
@ -0,0 +1,79 @@
|
|||||||
|
271a272,347
|
||||||
|
> # configure ipv6 on initramfs
|
||||||
|
> # Valid syntaxes:
|
||||||
|
> # ip6=client-ip/gateway-ip/interface/dns1/dns2
|
||||||
|
> #
|
||||||
|
> configure_ip6() {
|
||||||
|
> [ -n "$MAC_ADDRESS" ] && return
|
||||||
|
>
|
||||||
|
> $MOCK modprobe -a ipv6
|
||||||
|
>
|
||||||
|
> local IFS='/'
|
||||||
|
> # shellcheck disable=SC2086
|
||||||
|
> set -- ${KOPT_ip6}
|
||||||
|
> unset IFS
|
||||||
|
>
|
||||||
|
> local client6_ip="$1"
|
||||||
|
> local gw6_ip="$2"
|
||||||
|
> local iface="$3"
|
||||||
|
> local dns1="$4"
|
||||||
|
> local dns2="$5"
|
||||||
|
>
|
||||||
|
> if [ -e "$ROOT"/etc/mactab ]; then
|
||||||
|
> $MOCK nameif -s
|
||||||
|
> fi
|
||||||
|
>
|
||||||
|
> if [ -z "$iface" ] && [ -n "$KOPT_BOOTIF" ]; then
|
||||||
|
> mac=$(printf "%s\n" "$KOPT_BOOTIF"|sed 's/^01-//;s/-/:/g')
|
||||||
|
> iface=$(grep -l "$mac" "$ROOT"/sys/class/net/*/address | awk -F/ '{print $(NF-1); exit}')
|
||||||
|
> fi
|
||||||
|
>
|
||||||
|
> # Bring interface up
|
||||||
|
> if [ -n "$iface" ]; then
|
||||||
|
> $MOCK ip link set dev "$iface" up
|
||||||
|
> sleep 3 # wait for interface to fully up.
|
||||||
|
> fi
|
||||||
|
>
|
||||||
|
> if [ -z "$iface" ]; then
|
||||||
|
> # shellcheck disable=SC2046
|
||||||
|
> set -- $(ethernets)
|
||||||
|
> for i in "$@"; do
|
||||||
|
> $MOCK ip link set dev "$i" up
|
||||||
|
> done
|
||||||
|
> iface=$(find_first_interface_up "$@") || iface="$1"
|
||||||
|
>
|
||||||
|
> # we will use the found interface later so lets keep it up
|
||||||
|
> for i in "$@"; do
|
||||||
|
> if [ "$i" != "$iface" ]; then
|
||||||
|
> $MOCK ip link set dev "$i" down
|
||||||
|
> fi
|
||||||
|
> done
|
||||||
|
> fi
|
||||||
|
>
|
||||||
|
> if [ -z "$iface" ]; then
|
||||||
|
> echo "ERROR: IP requested but no network interface was found"
|
||||||
|
> return 1
|
||||||
|
> fi
|
||||||
|
>
|
||||||
|
> if [ -z "$client6_ip" ] && [ -z "$netmask" ]; then
|
||||||
|
> return
|
||||||
|
> fi
|
||||||
|
> ebegin "Setting IP ($iface)"
|
||||||
|
>
|
||||||
|
> if ip -6 addr add $client6_ip dev $iface; then
|
||||||
|
> # this is definitely not required by all ipv6 implementation
|
||||||
|
> # but it's better to keep working imo for.
|
||||||
|
> [ -z "$gw6_ip" ] || ip route add "$client6_ip" via "$gw6_ip" dev "$iface"
|
||||||
|
> fi
|
||||||
|
> eend $?
|
||||||
|
>
|
||||||
|
> # Never executes if variables are empty
|
||||||
|
> for i in $dns1 $dns2; do
|
||||||
|
> echo "nameserver $i" >> /etc/resolv.conf
|
||||||
|
> done
|
||||||
|
>
|
||||||
|
> MAC_ADDRESS=$(cat "$ROOT/sys/class/net/$iface/address")
|
||||||
|
> }
|
||||||
|
>
|
||||||
|
513a590
|
||||||
|
> ip6
|
1
alpine-initramfs-ipv6/features.d/ip.files
Normal file
1
alpine-initramfs-ipv6/features.d/ip.files
Normal file
@ -0,0 +1 @@
|
|||||||
|
/sbin/ip
|
2
alpine-initramfs-ipv6/features.d/ip.modules
Normal file
2
alpine-initramfs-ipv6/features.d/ip.modules
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
kernel/net/ipv4
|
||||||
|
kernel/net/ipv6
|
Loading…
Reference in New Issue
Block a user