D4VID
/
Netboot
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Initrd scripts for unionfs

Browse Source
master
D4VID 9 months ago
parent d2a0306bb9
commit 9097e37a66
1 changed files with 92 additions and 15 deletions
Show Stats Download Patch File Download Diff File

107
syslinux.md
Unescape View File

@ -66,6 +66,26 @@ LABEL FIKS OS
## Client system ## Client system
### Image itself
Disable systemd-resolved (requires writable /etc/resolve.conf):
`systemctl mask systemd-resolved.service`
`systemctl mask systemd-hostnamed.service`
`systemctl mask systemd-timesyncd.service`
`systemctl mask systemd-update-utmp.service`
`systemctl mask systemd-update-utmp-runlevel.service`
`systemctl mask ModemManager.service`
`systemctl mask man-db.service`
`systemctl mask logrotate.service`
`systemctl mask grub-initrd-fallback.service`
`systemctl mask grub-common.service`
`systemctl mask snapd`
`systemctl enable tmp.mount`
### Initrd
`mkdir initrd-workdir && cd initrd-workdir` `mkdir initrd-workdir && cd initrd-workdir`
`unmkinitramfs /boot/initrd.img-$(uname -r) .` `unmkinitramfs /boot/initrd.img-$(uname -r) .`
@ -87,28 +107,85 @@ fscache
overlay overlay
``` ```
`find . | cpio -H newc -o | gzip -9 > /srv/tftp/initrd.img`
Disable systemd-resolved (requires writable /etc/resolve.conf): https://www.onlogic.com/blog/how-to-build-a-read-only-linux-system/
`systemctl mask systemd-resolved.service`
`systemctl mask systemd-hostnamed.service`
`systemctl mask systemd-timesyncd.service`
`systemctl mask systemd-update-utmp.service`
`systemctl mask systemd-update-utmp-runlevel.service`
`systemctl mask ModemManager.service` `/etc/initramfs-tools/hooks/ro_root`
`systemctl mask man-db.service`
`systemctl mask logrotate.service`
`systemctl mask grub-initrd-fallback.service`
`systemctl mask grub-common.service`
`systemctl mask snapd`
`systemctl enable tmp.mount` ```bash
#!/bin/sh
`mksquashfs / /opt/fiks-image.squashfs -e /proc /sys /dev /tmp /run /mnt /media /var/cache /var/tmp /opt` PREREQ=''
prereqs() {
echo "$PREREQ"
}
case $1 in
prereqs)
prereqs
exit 0
;;
esac
. /usr/share/initramfs-tools/hook-functions
manual_add_modules aufs
manual_add_modules tmpfs
copy_exec /bin/chmod /bin
```
`/etc/initramfs-tools/scripts/init-bottom/ro_root`
```bash
#!/bin/sh
PREREQ=''
prereqs() {
echo "$PREREQ"
}
case $1 in
prereqs)
prereqs
exit 0
;;
esac
ro_mount_point="${rootmnt%/}.ro"
rw_mount_point="${rootmnt%/}.rw"
# Create mount points for the read-only and read/write layers:
mkdir "${ro_mount_point}" "${rw_mount_point}"
# Move the already-mounted root filesystem to the ro mount point:
mount --move "${rootmnt}" "${ro_mount_point}"
# Mount the read/write filesystem:
mount -t tmpfs root.rw "${rw_mount_point}"
# Mount the union:
mount -t aufs -o "dirs=${rw_mount_point}=rw:${ro_mount_point}=ro" root.union "${rootmnt}"
# Correct the permissions of /:
chmod 755 "${rootmnt}"
# Make sure the individual ro and rw mounts are accessible from within the root
# once the union is assumed as /. This makes it possible to access the
# component filesystems individually.
mkdir "${rootmnt}/ro" "${rootmnt}/rw"
mount --bind "${ro_mount_point}" "${rootmnt}/ro"
mount --bind "${rw_mount_point}" "${rootmnt}/rw"
```
`update-initramfs -u`
`scp initrd.img server@192.168.11.11:/srv/nfs/` `scp initrd.img server@192.168.11.11:/srv/nfs/`
`mksquashfs / /opt/fiks-image.squashfs -e /proc /sys /dev /tmp /run /mnt /media /var/cache /var/tmp /opt`
## Back on the server ## Back on the server

Write Preview
Loading…
Cancel
Save