Debian initramfs: Difference between revisions
(Add a build system category) |
(simple initramfs modifications are easier) |
||
Line 43: | Line 43: | ||
To change the initramfs, modify the source files in <tt>~/olpcrd-rootskel/olpc-src/</tt> then re-run <tt>make di</tt> from <tt>~/olpcrd</tt>. |
To change the initramfs, modify the source files in <tt>~/olpcrd-rootskel/olpc-src/</tt> then re-run <tt>make di</tt> from <tt>~/olpcrd</tt>. |
||
=== Simple initramfs modification === |
|||
To modify an existing initramfs it is often simplest to unpack it into a directory, modify it as suited, and pack it back up: |
|||
mkdir initramfs # make and enter work directory to unpack the initramfs |
|||
cd initramfs |
|||
gunzip -c ../olpcrd.img | cpio -i # unpack the image |
|||
### make your changes here ### |
|||
find . -print | cpio -H newc -o | gzip -9 >../olpcrd.img # and repack it |
|||
[[Category:Build system]] |
[[Category:Build system]] |
Revision as of 15:26, 30 July 2008
Because of our firmware security model, we regularly use signed initramfsen such as olpcrd/olpcrd-rootskel to handle deployment and security related tasks on laptops which may be unactivated, activated but not individuated, or fully indivduated (i.e. configured for a specific user). This article describes the method we use for constructing these initramfsen.
Our initramfsen are current constructed with debian-installer on a lenny or sid. Since I happen to be working from an F-7 machine located at MIT, I built an appropriate Debian chroot by running
sudo su - yum install debootstrap mkdir sid-root debootstrap --arch i386 sid sid-root/ http://debian.lcs.mit.edu/debian/
as root. NB: debootstrap requires that lots of things from /sbin and /usr/sbin be accessible on $PATH. Be careful if you're using sudo to exercise root privilege.
(If you're making your own chroot, please choose a suitable Debian mirror)
Once we've got the chroot up, we need to do some configuration inside the chroot:
chroot sid-root /bin/su - mount -t proc proc /proc mount -t sysfs sys /sys mount -t devpts devpts /dev/pts echo 'deb-src http://debian.lcs.mit.edu/debian sid main' >> /etc/apt/sources.list apt-get update
Then we'll install the build-dependencies of the initramfs:
apt-get install git-core pbuilder yaird debhelper python-pyrex netpbm apt-get build-dep debian-installer
Next, we'll check out the source code of the initramfs:
git clone git://dev.laptop.org/users/cscott/olpcrd git clone git://dev.laptop.org/users/cscott/olpcrd-rootskel cd olpcrd-rootskel git submodule init git submodule update
Finally, we'll fill in appropriate paths and run make:
cd ../olpcrd $EDITOR Makefile # patch up the paths in the first three environment variables. All we need are the paths to /root/olpcrd and /root/olpcrd-rootskel # In particular, set OLPC=$(HOME), ROOTSKEL=$(HOME)/olpcrd-rootskel, and DI=$(HOME)/olpcrd make di
To change the initramfs, modify the source files in ~/olpcrd-rootskel/olpc-src/ then re-run make di from ~/olpcrd.
Simple initramfs modification
To modify an existing initramfs it is often simplest to unpack it into a directory, modify it as suited, and pack it back up:
mkdir initramfs # make and enter work directory to unpack the initramfs cd initramfs gunzip -c ../olpcrd.img | cpio -i # unpack the image ### make your changes here ### find . -print | cpio -H newc -o | gzip -9 >../olpcrd.img # and repack it