If the kernel command line has 'ro' then the init system must
remount /usr read-write, but systemd did not do this until
version 186.

Related-to: #763157
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>

initscripts doesn't work with /usr already mounted.  Other init
systems might not either.

Closes: #763157
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>

This is limited to a single level of symlinks, but that should be
good enough.

Remove the use of chroot - that makes no difference to reading a
symlink; it would only be useful if applied to the [ -x ].

Related-to: #763157
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>

If /sbin/init is executable then we would ignore that $init was
invalid, without actually setting init=/sbin/init.

$init is initialised to /sbin/init, so don't skip the error
message if it's empty.

Related-to: #763157
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>

Unfortunately, it appears we will need to know this to decide
whether or not to mount /usr.

Related-to: #763157
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>

Replacing $DEV with the output of readlink (no -f) doesn't work for
relative symlinks or non-symlinks.  udev generates relative symlinks
in /dev/disk, so this just makes things worse.

This reverts commit 9274e84f.

Currently sys_walk_modalias only looks for a modalias in the
grandparent of the given device path.  This doesn't match what the
name 'walk' implies.

sys_walk_mod_add calls it for each level of the device hierarchy, but
since it only looks at the grandparent it will miss some modaliases,
e.g. sd_mod or virtio_blk.  We explicitly add sd_mod when we see any
SCSI device, so we usually get away with this.  However, virtio_blk is
currently not added to a MODULES=dep initramfs if it is modular for
the target kernel but built into the running kernel.

Related-to: #760127
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>

When a current kernel boots without an initramfs provided, it creates
/dev/root on an empty initramfs and mounts that.  There is no
/dev/root on the running system, so we fail to find the real device.
In that case, look up the root device in /proc/cmdline.

Related-to: #760127
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>

Check that readlink succeeds and that the block device exists,
after eliminating the ubifs case.

Related-to: #760127
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>

Look for uncompressed cpio headers and padding at the start of the
initramfs image.  If present, pass the initramfs directly to cpio
and then try to decompress a second cpio archive after the padding.

Closes: #717805
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Thanks: Brett Parker <iDunno@sommitrealweird.co.uk>
Thanks: Olivier Berger <olivier.berger@telecom-sudparis.eu>

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>

Currently we don't tell modinfo which kernel version to look at
when checking which firmware files a module may need.  It will
default to the running kernel, not the one we're building the
initramfs for.  So we may not copy all the necessary firmware
or we may provoke warnings in case a module doesn't exist in
the running kernel.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>

Just remove the canonicalise for now.

Signed-off-by: maximilian attems <maks@debian.org>

If /etc/fstab contains "auto" for the file system we can't
copy /sbin/fsck.auto since this doesn't exist. Instead
rely on blkid reporting the according file system, or if
that doesn't work keep setting to "auto" and don't
copy the fsck binary but warn instead.

In git commit 488d898e usage of /sbin/sulogin was introduced,
accordingly install the binary in the initramfs.

When trying to copy the according fsck binary, make sure the
binary exists, otherwise the hook fails hard (e.g. during
package install/upgrade). While at it fix usage of
copy_exec "$link" vs copy_exec "$prog".

- Add empty /etc/fstab and symlink /etc/mtab to /proc/mounts;
  not essential, but quell a number of fsck warnings
- Copy fsck and needed fsck helpers, plus logsave
- Add checkfs function, based on the initscripts checkroot
  script
- local mount functions will call checkfs prior to mounting
  the filesystem

Rebased and dropped ETC support by Michael Prokop <mika@debian.org>

Canonicalise device names to match util-linux mount behaviour.
This ensures that "mount -a" in mountall does not try to mount
/usr a second time (which it will attempt if the mounted device
does not match the canonical device name).  This also fixes a
longstanding annoyance with the output of mount and df using long
UUIDs rather than short device names.

Note that resolve_device may be called more than one; it's done
during options parsing for ROOT, and again immediately
prior to mounting.  This is because during options parsing the
device node does not exist, but we still need to construct a
path into /dev from the LABEL or UUID.

Rebased and ETC handling dropped by Michael Prokop <mika@debian.org>

Rebased by Michael Prokop <mika@debian.org>

This is generalising the root-specific functionality in init.

Based upon the initscript equivalent.

Rebased by Michael Prokop <mika@debian.org>

Thanks: Javier Barroso <javibarroso@gmail.com> for the initial patch
Related-to: #717805

Otherwise fails with:

| mkinitramfs: for root /dev/nbd0p2 missing nbd /sys/block/ entry

Closes: #697368
Thanks: Ian Campbell <ijc@hellion.org.uk> for the patch

Closes: #689558
Thanks: Stephen Powell <zlinuxman@wowway.com> for the patch

This adds knowledge of the "drop_capabilities=..." option that kinit
supports. When set, it gets passed to run-init's new "-d" option.

This lets a system owner drop capabilities (like CAP_SYS_MODULE and
CAP_SYS_RAWIO) before the system init starts.

Closes: #679436
Thanks: Kees Cook <kees@debian.org> for the patch

E.g. mandos needs to use files which must be unreadable by any
other non-root process. Quoting from #633582:

| These files are therefore mode 0600 and owned by its own non-root
| user. When mkinitramfs changes the files to be owned by root,
| the unprivileged process can no longer read the files.

Using the same approach as dracut introduced as of
http://git.kernel.org/cgit/boot/dracut/dracut.git/commit/?id=c8a9a6b4a7dff76c66e84f65b2717632e1bb4505

Closes: #633582
Thanks: Harald Hoyer <harald@redhat.com> for providing the patch in dracut

Quoting Lukas Anzinger in #751488:

| I've set panic=0 as a kernel cmdline argument which should trigger a
| reboot instead of spawning a shell. However, the reboot seems to be
| uneffective and a shell is spawned nevertheless. This is unpleasing
| since spawn=0 is "marketed" as a security feature in
| initramfs-tools(8):
|
|     panic sets an timeout on panic.  panic=<sec> is a documented
|     security feature: it disables the debug shell.
|
| [...]
|
| The commands halt, reboot, etc. don't work either.
|
| To fix the security impact of an open shell I propose to at least add a
| return after the reboot command so that if the reboot is effectively a
| NOP still no shell is spawned.

Thanks: Lukas Anzinger <l.anzinger@gmail.com> for the analysis and patch
Closes: #751488