initramfs-tools conf.d at boot-time and initramfs creation time [was: Bug#381677: initramfs-tools: Temporary files and initramfs world-readable]

Lionel Elie Mamane lionel at mamane.lu
Sat Dec 16 08:04:02 CET 2006 

On Tue, Sep 12, 2006 at 04:06:20PM +0200, maximilian attems wrote:
> On Tue, 12 Sep 2006, Lionel Elie Mamane wrote:
>> On Mon, Aug 14, 2006 at 03:11:39PM +0200, maximilian attems wrote:

>>> so we need for your loop-aes pleasure a specific config dir for
>>> mkinitramfs UMASK setting, other packages may want to set
>>> BUSYBOX=yes there or whatever.

>> Aren't /usr/share/initramfs-tools/conf.d/ and/or
>> /etc/initramfs-tools/conf.d/ already such "specific config dir"?

> no they got source inside the initramfs on boot time, what you want
> is a conf dir for build specific package specific settings.

It seems to me they get sourced by _both_ mkinitramfs at initramfs
creation _and_ inside the initramfs at boot time. They thus play two
different roles, which we want to separate:

 - At initramfs creation time, we want to put there code that
   determines whether UMASK should be tightened, and that then does
   it.

 - At boot time, we want to have there the settings we extracted from
   the /etc/fstab of the machine.

Two completely different files. So I think we need separate
directories with separate names for the two different roles in
general.

(We currently emulate that by simply removing the symlink to the
/usr/share/initramfs-tools/conf.d/loopaes that mkinitrd installs in
the initramfs and then writing our file there.)

These changes should probably happen in experimental now that etch is
frozen (and arguably should even if etch were not frozen).

On Wed, Sep 20, 2006 at 12:03:57AM +0200, maximilian attems wrote:
>> On Tue, 12 Sep 2006 16:33:07 +0200, Lionel Elie Mamane wrote:

>> A configuration directory like the mkinitramfs.d maks described
>> would still be very useful for setting up encrypted root on
>> loop-AES from inside d-i (partman-crypto) though, as we will need
>> to take care of configuration there and set UMASK=077 before the
>> first initrd gets created.

> rethinking it conf.d is appropriate, you want to have also the
> EXTRA_CONF variable in initramfs, just for checking that it was
> build that way.

I don't understand what you mean here.

-- 
Lionel

More information about the Pkg-loop-aes-maint mailing list