diff options
Diffstat (limited to 'mkosi.images/system/initrd')
5 files changed, 62 insertions, 0 deletions
diff --git a/mkosi.images/system/initrd/mkosi.conf b/mkosi.images/system/initrd/mkosi.conf new file mode 100644 index 0000000..ed9bfdc --- /dev/null +++ b/mkosi.images/system/initrd/mkosi.conf @@ -0,0 +1,7 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Content] +PostInstallationScripts=../mkosi.sanitizers.chroot +ExtraTrees= + ../leak-sanitizer-suppressions:/usr/lib/systemd/leak-sanitizer-suppressions + ../coredump-journal-storage.conf:/usr/lib/systemd/coredump.conf.d/10-coredump-journal-storage.conf diff --git a/mkosi.images/system/initrd/mkosi.extra/usr/lib/encrypted-var.repart.d/00-root.conf b/mkosi.images/system/initrd/mkosi.extra/usr/lib/encrypted-var.repart.d/00-root.conf new file mode 100644 index 0000000..b252491 --- /dev/null +++ b/mkosi.images/system/initrd/mkosi.extra/usr/lib/encrypted-var.repart.d/00-root.conf @@ -0,0 +1,15 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Partition] +Type=var +# This label is the partition's label. The filesystem inside may have its own label. +Label=varcrypt +# This UUID is the decrypted partition UUID, there are also filesystem and luks UUIDs. +# The original test finds the partition by this UUID, but it doesn't appear +# since the luks UUID, which is derived by hash of this UUID, is different +# and the luks UUID is needed before the decrypted partition UUID. +# The resulting luks UUID is 0d318174-56b0-4d6e-a324-ac1e7e7d235d. +UUID=deadbeef-dead-dead-beef-000000000000 +Format=ext4 +Encrypt=key-file +SizeMinBytes=1G diff --git a/mkosi.images/system/initrd/mkosi.extra/usr/lib/systemd/system/encrypted-var.service b/mkosi.images/system/initrd/mkosi.extra/usr/lib/systemd/system/encrypted-var.service new file mode 100644 index 0000000..54a9b8a --- /dev/null +++ b/mkosi.images/system/initrd/mkosi.extra/usr/lib/systemd/system/encrypted-var.service @@ -0,0 +1,20 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Unit] +Description=Add encrypted var partition to root disk +Documentation=man:systemd-repart.service(8) + +ConditionVirtualization=!container + +DefaultDependencies=no +Wants=modprobe@loop.service modprobe@dm_mod.service +After=modprobe@loop.service modprobe@dm_mod.service sysroot.mount +Before=initrd-root-fs.target +Conflicts=shutdown.target initrd-switch-root.target +Before=shutdown.target initrd-switch-root.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=systemd-repart --definitions /usr/lib/encrypted-var.repart.d --key-file %d/keyfile --dry-run=no /sysroot +ImportCredential=keyfile diff --git a/mkosi.images/system/initrd/mkosi.extra/usr/lib/systemd/system/initrd-run-mount.service b/mkosi.images/system/initrd/mkosi.extra/usr/lib/systemd/system/initrd-run-mount.service new file mode 100644 index 0000000..845ac57 --- /dev/null +++ b/mkosi.images/system/initrd/mkosi.extra/usr/lib/systemd/system/initrd-run-mount.service @@ -0,0 +1,11 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Unit] +Description=Create a mount in /run that should survive the transition from initrd + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=mkdir /run/initrd-mount-source /run/initrd-mount-target +ExecStart=mount -v --bind /run/initrd-mount-source /run/initrd-mount-target +ExecStart=cp -v /etc/initrd-release /run/initrd-mount-target/hello-world diff --git a/mkosi.images/system/initrd/mkosi.extra/usr/lib/systemd/system/initrdcred.service b/mkosi.images/system/initrd/mkosi.extra/usr/lib/systemd/system/initrdcred.service new file mode 100644 index 0000000..2c709bc --- /dev/null +++ b/mkosi.images/system/initrd/mkosi.extra/usr/lib/systemd/system/initrdcred.service @@ -0,0 +1,9 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Unit] +Description=populate initrd credential dir for TEST-54-CREDS + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=sh -c "mkdir -m 0755 -p /run/credentials && mkdir -m 0700 /run/credentials/@initrd && umask 0077 && echo guatemala > /run/credentials/@initrd/myinitrdcred" |