-
Notifications
You must be signed in to change notification settings - Fork 8
/
README
76 lines (55 loc) · 3.04 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
Simons debian Initramfs hooks.
Put them in your debian based system to /etc/initramfs-tools/hooks/, and
activate the scripts you want with 'chmod +x' or deactivate them with 'chmod -x'.
When finished, recreate initrd with 'update-initramfs -k <kernel_release> -u'.
If you want to put this repo directly in your hooks directory, best deactivate the
tracking of chmod +/-x with 'git config core.fileMode false'.
Scripts:
> network.sh - Configurable network and dropbear support
> cryptoroot.sh - Decrypt luks root-filesystems on remote maschines
> sleep.sh - blocking boot procedure for a specific time
> openvpn.sh - OpenVPN support
if you need support or have cool improvements, don't hesitate to write a short mail:
###################
network.sh
###################
This hook gives you configurable network settings and dropbear support for your initramfs.
In any case, have a look at the config settings in the head of the file, that you might want
to edit first. Also, if you want to use the dropbear, you need some kind of blocker script or
you wouldn't have a chance to login before initramfs is finished. sleep.sh or cryptoroot.sh
would do the trick.
If you want to use this, deactivate the native debian way by setting "DROPBEAR=n"
and "DEVICE=" (empty value) in /etc/initramfs-tools/initramfs.conf.
###################
cryptoroot.sh
###################
Depends: network.sh
This script allows you to build an initrd that stops boot-procedure to let you
type in passphrases to uncrypt your crypto devices.
To make my life easier it brings a little menu, a script to unlock entrys from crypttab
and maybe someday a remote-control-friendly tool to unlock my mediacenter.
This script has a few config settings in the head that you might want to edit first.
Debian has a native feature in initramfs to decrypt root partitions and swap from crypttab.
This will be triggered after our hook. If you already decrypted root via this hook, the debian
initramfs step will be skipped automatically. It also detects that (random crpyted) swap is not
used yet, and sets it up for us.
Also there are a few kernel parameters to overwrite configured values on the fly:
nethook_mode=<dhcp|static> - Force dhcp
nethook_interface=<eth0|eth1|...> - Use given interface for network configuration
###################
openvpn.sh
###################
Depends: network.sh
Copies OpenVPN to the initramfs. Have a look at the config inside the script and change the
paths to your config and certs.
If you want to combine this with the network.sh hook, please set "openvpn=true" in the config
part of the network.sh script.
###################
sleep.sh
###################
Simple script that blocks initramfs from continue booting for a specific time. The default
time the script will use is 300 seconds.
You can change that sleep time via the kernel-parameter "initramfs-sleep". The Value is given
in seconds. Like "initramfs-sleep=1800" for half an hour or "initramfs-sleep=0" for no sleep at
all.