| View previous topic :: View next topic |
| Author |
Message |
HammerFall
n00b
Joined: 04 Jul 2005
Posts: 10
Location: Contwig, Germany
|
 Posted: Fri Jul 21, 2006 1:20 pm Post subject: [SOLVED] Problem switching from initramfs to crypt system |
 |
|
Hi everyone,
my partner and me are currently setting up a gentoo root-server on an amd64 machine.
To improve security a little bit, we decided to encrypt the main partition of the server with LUKS.
Now, to be able to use that part, it must be decrypted at boot time. Therefore we are using an initramfs image, which boots the kernel, decrypts the main partition, mounts and chroots into it.
To completely switch into the sys, we run the command:
| Code: |
exec /sbin/init "$@"
|
And here the whole thing is screwed up. That command works fine on a local 32bit system here - it initializes the main system, but on the server it just reboots the whole machine.
We don't have any clue, what happens here, but definitly until that command everything works fine 
Anyone an idea, please?
Greets
HF
Last edited by HammerFall on Sun Jun 10, 2007 11:06 am; edited 1 time in total |
|
| Back to top |
|
 |
troymc
Guru
Joined: 22 Mar 2006
Posts: 553
|
| Posted: Fri Jul 21, 2006 10:46 pm Post subject: |
|
|
You're doing that after you pivotroot, right?
Can you post the whole script?
What messages does it display before the reboot?
troymc |
|
| Back to top |
|
|
HammerFall
n00b
Joined: 04 Jul 2005
Posts: 10
Location: Contwig, Germany
|
| Posted: Sat Jul 22, 2006 12:20 pm Post subject: |
|
|
| troymc wrote: | | You're doing that after you pivotroot, right? |
pivot_root is deprecated in initramfs. It was only needed in initrd, with initramfs this causes in best case a system hangup 
| Quote: | | Can you post the whole script? |
Attached below.
| Quote: | | What messages does it display before the reboot? |
We only manually catch the output of ifconfig and that stuff, no errors - like I've written above, everthing works fine until the init code. We cannot see the real kernel msgs, because we don't have any serial console or anything similar.
--------------snip-------init-script goes here-----------
#!/bin/bash
export PATH=/bin
# Initialisation
ROOT_DECRYPTED=0
SWAP_DECRYPTED=0
DEBUG=0
# Configuration
ROOT_DEV=/dev/sda3
SWAP_DEV=/dev/sda1
DEFAULT_IP=217.x.x.x
DEFAULT_ROUTE=217.x.x.x
# Filter kernel messages on boot
dmesg -n 1
# REBOOT ON HANG
echo "System reboots in 30 minutes!"
( sleep 1800 ; reboot -f ) &
# MOUNT SYSTEM FSes
mount -nt proc none /proc
mount -nt sysfs sysfs /sys
mount -nt devpts none /dev/pts
# REBOOT ON PANIC
echo '60' > /proc/sys/kernel/panic
# FILTER COMMAND LINE
if [ -e /proc/cmdline ]
then
CMDLINE=`cat /proc/cmdline`
DEBUG=`grep -c initrd_shell /proc/cmdline`
else
DEBUG=1
fi
# SETUP NETWORK ENVIRONMENT
RD_IP=`echo $CMDLINE | grep initrd_ip | sed 's/.*initrd_ip=\([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+\).*/\1/'`
if [ ! $RD_IP ]
then
RD_IP=$DEFAULT_IP
fi
RD_ROUTE=`echo $CMDLINE | grep initrd_route | sed 's/.*initrd_route=\([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+\).*/\1/'`
if [ ! $RD_ROUTE ]
then
RD_ROUTE=$DEFAULT_ROUTE
fi
ifconfig eth0 $RD_IP up
if [ $? != 0 ]
then
DEBUG=1
fi
if [ $RD_ROUTE ]
then
route add default gw $RD_ROUTE
fi
if [ $? != 0 ]
then
DEBUG=1
fi
dropbear -s -j -k
# RUN DEBUG SHELL
kill_shell()
{
shell_pid=`ps auxc | grep '\<sh\>' | awk '{ print $2 }'`
if [ $shell_pid ]
then
kill $shell_pid
fi
}
if [ ${DEBUG} != 0 ]
then
echo "Running debug shell (stays open for fifteen minutes) ..."
( sleep 900 ; kill_shell ) &
/bin/sh
fi
# RIDICULOUSLY UNSAFE: USE FIXED KEY
KEY='no-key'
# DECRYPT ROOT
echo $KEY | cryptsetup luksOpen $ROOT_DEV rootfs && ROOT_DECRYPTED=1
if [ $ROOT_DECRYPTED == 0 ]
then
echo 'Failed decrypting root filesystem!'
if [ $SWAP_DECRYPTED == 1 ]
then
cryptsetup luksClose swapfs
fi
DEBUG=1
fi
# DEINITIALISE NETWORK ENVIRONMENT
db_pid=`ps auxc | grep 'dropbear' | awk '{ print $2 }'`
kill $db_pid
route del default gw $RD_ROUTE
ifconfig eth0 down
# UNMOUNT SYSTEM FSes
umount /proc
umount /sys
umount /dev/pts
mount /dev/mapper/rootfs /mnt
# SWITCH TO PREPARED SYSTEM
echo "Switching ..."
exec chroot /mnt <<- EOF >/dev/console 2>&1
mount -t proc none /proc
mount -t sysfs sysfs /sys
mount -t devpts none /dev/pts
exec /sbin/init "$@"
EOF
--------------snap------init-script ends here-----------
Greets
HF |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Gentoo on AMD64
