ref: 7f538f1e2f33dd44c66693442e7713ca16e26d8b
parent: 2baa6baf3bbca465f0a5881dedc90e227923a8d2
author: Carlo Landmeter <clandmeter@alpinelinux.org>
date: Wed Jul 4 07:29:28 CDT 2018
Add support for signed modloop images
--- a/initramfs-init.in
+++ b/initramfs-init.in
@@ -656,6 +656,13 @@
rc_add swclock boot
fi
+# enable support for modloop verification
+if [ -f /var/cache/misc/*modloop*.SIGN.RSA.*.pub ]; then
+ mkdir -p "$sysroot"/var/cache/misc
+ cp /var/cache/misc/*modloop*.SIGN.RSA.*.pub "$sysroot"/var/cache/misc
+ pkgs="$pkgs libressl"
+fi
+
apkflags="--initramfs-diskless-boot --progress"
if [ -z "$ALPINE_REPO" ]; then
apkflags="$apkflags --no-network"
--- a/mkinitfs.in
+++ b/mkinitfs.in
@@ -54,6 +54,11 @@
# copy init
cd "$startdir"
install -m755 "$init" "$tmpdir"/init || return 1
+ # copy modloop signature
+ if [ -n "$modloop_sig" ]; then
+ install -Dm644 "$modloop_sig" \
+ "$tmpdir"/var/cache/misc/${modloop_sig##*/}
+ fi
for i in "$fstab" "$passwd" "$group"; do
install -Dm644 "$i" "$tmpdir"/etc/${i##*/} || return 1
done
@@ -181,6 +186,7 @@
-o set another outfile
-P prepend features.d search path
-q Quiet mode
+ -s Include modloop signature
-t use tempdir when creating initramfs image
EOF
@@ -190,7 +196,7 @@
# main
features_dirs=${features_dir:-"${basedir%/:-}/${sysconfdir#/}/features.d"}
-while getopts "b:c:C:f:F:hi:kKLlno:P:qt:" opt; do
+while getopts "b:c:C:f:F:hi:kKLlno:P:qs:t:" opt; do
case "$opt" in
b) basedir="$OPTARG";;
c) config="$OPTARG";;
@@ -207,6 +213,7 @@
o) outfile="$OPTARG";;
P) features_dirs="$OPTARG $features_dirs";;
q) quiet=1;;
+ s) modloop_sig="$OPTARG";;
t) tmpdir="$OPTARG";;
*) usage;;
esac